Reverse Proxy Proxmox with Apache

  • 4

Reverse Proxy Proxmox with Apache

Get Social!

proxmox logo gradThe Proxmox web GUI is accessible on port 8006 by default using SSL encryption. The web GUI is served by the built in Proxmox lightweight HTTP server however changing the config could cause issues when upgrading to future Proxmox releases. The easiest way to expose the Proxmox web GUI externally is to use Apache to reverse proxy the site. You can then add additional security or specify SSL certificates at the proxy level without interfering with the Proxmox installation.

See my blog post on the basics of using Apache to reverse proxy websites.

To setup the reverse proxy for Proxmox, create a new sites-available entry called proxmox.

Add the following to the file and substitute a few settings for your own environment:

  • proxmox.cer – change to your SSL certificate for Proxmox
  • proxmox.key – change to the SSL certificate key for Proxmox.
  • proxmox.host – appears in the Location tags and must be the IP address or resolvable hostname of your internal Proxmox server. The ServerAdmin attribute is an email address which will be displayed on error pages such as 404.
  • proxmox.jamescoyle.net – change this to the external URL which will be used to access the reverse proxy server. The server will only proxy requests which contain this URL.

Enable the new site in Apache. In Ubuntu the command a2ensite will create the symlink, or you can create it manually.

Reload Apache to load the new configuration.


  • 11

Simple Apache reverse proxy example

Get Social!

Background

Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits:

  • Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.
  • Reduce load – You can reduce the load on the web servers with various methods such as web caching at the proxy, load balancing and deflecting traffic for invalid requests.

The interesting stuff – ProxyPass

To set up Apache as a reverse proxy server you will need to enable mod_proxy. Some other common mods you may need are below.

  • mod_proxy
  • mod_http
  • mod_headers
  • mod_html

To enable mods in Ubuntu/ Debian you need to make sure they are installed, then enabled. For example, installing and enabling mod_proxy would look like this:

Once these mods are enabled, we can begin editing the Apache config. The locations of these vary depending on your Linux distribution. For RHEL based distributions, this will be your httpd.conf; for Debian based, sites-available/default.

Inside your VirtualHost tag create a Location tag which matches the external path you wish to use. For this example we will use /.

Inside the Location tag add the proxy options ProxyPass and ProxyPassReverse followed by the site address which will be the target of the proxy. You will also need a couple of lines to allow access.

Outside of the location tags, towards the top of the virtual host add a few extras:

If you will be proxying SSL traffic, you will also need to add:

Restart apache or reload the settings for the changes to take effect:

You will now have a working proxy – all requests sent to / will be fetched from http://mywebsite.jamescoyle.net.

Example Apache reverse proxy VirtualHost

The below example shows an Apache VirtualHost which is listening on port 80. The confiiguration accepts requests on which match the www.jamescoyle.net hostname and proxys the requests to the backend server mywebsite.jamescoyle.net.


Visit our advertisers

Search

Visit our advertisers