Complete guide to setting up an apache reverse proxy for an ecommerce website
Complete guide to setting up an apache reverse proxy for an ecommerce website

This article provides a complete guide to setting up an Apache reverse proxy for an ecommerce website. We will provide a start-to-finish guide for installing all required software, configuring your reverse proxy and installing the SSL certificate that is necessary for any Ecommerce store.

Table of Contents

Setting Up an Apache Reverse Proxy for an Ecommerce Website

Let’s begin!

Introduction

Setting up an Apache reverse proxy is a common practice for enhancing the security, scalability, and performance of an ecommerce website. This guide will walk you through the process of configuring Apache as a reverse proxy and ensuring that the actual IP addresses of visitors are correctly captured and logged.

  1. Prerequisites

    Software Requirements

    Server Access and Permissions

    Launch 100% ssd vps from $2. 49/mo!

  2. Installing Apache

    Installation on Ubuntu/Debian

    Update your package list and install Apache:

    sudo apt update sudo apt install apache2 -y

    Installation on CentOS/RHEL

    Install Apache using the package manager:

    sudo dnf install httpd -y

    Start and enable Apache to run on boot:

    sudo systemctl start httpd sudo systemctl enable httpd

    Once installed, you should be able to access the server via your web browser at http://<your_server_ip>:80:

    Apache test page
    The apache default page
  3. Configuring Apache as a Reverse Proxy

    Enabling Required Modules

    Before configuring the reverse proxy, you need to enable the necessary Apache modules.

    On Ubuntu/Debian:

    sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod headers sudo a2enmod ssl # if you are using SSL sudo systemctl restart apache2

    On CentOS/RHEL, these modules are usually enabled by default. However, you can manually load them in the configuration file:

    sudo nano /etc/httpd/conf/httpd.conf

    Add the following lines if not already present:

    LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule headers_module modules/mod_headers.so LoadModule ssl_module modules/mod_ssl.so # if using SSL

    Basic Proxy Configuration

    Edit your Apache configuration file or create a new virtual host configuration:

    On Ubuntu/Debian:

    sudo nano /etc/apache2/sites-available/yourdomain.conf

    On CentOS/RHEL:

    sudo nano /etc/httpd/conf.d/yourdomain.conf

    Add the following basic reverse proxy configuration:

    <VirtualHost *:80> ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyPreserveHost On ProxyPass / http://backendserver.com/ ProxyPassReverse / http://backendserver.com/ ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined </VirtualHost>

    Replace yourdomain.com with your actual domain and http://backendserver.com/ with the IP address or hostname of your backend server.

    Secure Proxy Configuration (SSL)

    If you are using SSL, modify the configuration to include SSL directives:

    <VirtualHost *:443> ServerName yourdomain.com ServerAlias www.yourdomain.com SSLEngine On SSLCertificateFile /etc/ssl/certs/yourdomain.crt SSLCertificateKeyFile /etc/ssl/private/yourdomain.key SSLCertificateChainFile /etc/ssl/certs/yourdomain_chain.crt ProxyPreserveHost On ProxyPass / https://backendserver.com/ ProxyPassReverse / https://backendserver.com/ ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined </VirtualHost>

    Make sure to replace the SSL paths with the correct paths to your SSL certificate files.

  4. Returning Actual IP Information of Visitors

    Preserving Original Visitor IP

    To capture the original IP address of the visitor, you need to ensure that Apache logs the X-Forwarded-For header, which contains the client’s original IP.

    Configuring X-Forwarded-For Headers

    Add or modify the following directives in your Apache configuration:

    <VirtualHost *:80> ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyPreserveHost On ProxyPass / http://backendserver.com/ ProxyPassReverse / http://backendserver.com/ # Ensure that Apache logs the correct IP address RemoteIPHeader X-Forwarded-For ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined </VirtualHost>

    If mod_remoteip is not enabled, you may need to enable it:

    sudo a2enmod remoteip sudo systemctl restart apache2

    Modifying Log Format to Capture Visitor IPs

    Customize the log format to ensure the visitor’s IP is logged:

    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" proxy CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log proxy

    This ensures that the logs capture the actual IP address of the client rather than the IP of the proxy.

  5. Testing and Verification

    Verifying Proxy Functionality

    After configuration, restart Apache:

    On Ubuntu/Debian:

    sudo systemctl restart apache2

    On CentOS/RHEL:

    udo systemctl restart httpd

    Test the proxy by accessing your website and ensuring it properly forwards requests to the backend server.

    Checking Visitor IP in Logs

    You can verify that the correct IP addresses are being logged by inspecting the access log:

    sudo tail -f /var/log/apache2/yourdomain_access.log # Ubuntu/Debian sudo tail -f /var/log/httpd/yourdomain_access.log # CentOS/RHEL
  6. Security Best Practices

    Hardening Apache Configuration

    • Disable Unnecessary Modules: Only enable the modules you need.
    • Use Firewalls: Ensure that your backend servers are only accessible from the proxy server.
    • Regularly Update Apache: Keep Apache up to date to protect against vulnerabilities.
    • Implement SSL: Always use SSL for secure communication between the client and the server.

    Regular Updates and Patching

    Regularly update your server packages to ensure all security patches are applied:

    udo apt update && sudo apt upgrade -y  # Ubuntu/Debian
    sudo dnf update -y                      # CentOS/RHEL
    
  7. Troubleshooting Common Issues

    Proxy Errors

    • 503 Service Unavailable: This could indicate that the backend server is down or unreachable. Verify the backend server status.
    • 502 Bad Gateway: This might be due to incorrect backend server configuration or network issues.

    Incorrect IP Logging

    If you are not seeing the correct IP addresses:

    • Ensure mod_remoteip is enabled.
    • Verify that the X-Forwarded-For header is correctly being passed and logged.

Enable Caching for Improved Performance

Next, we will configure caching for improved performance an user experience.

Enabling caching in your Apache reverse proxy setup can significantly improve the performance of your ecommerce website by reducing the load on your backend servers and speeding up the delivery of frequently requested content. Apache supports several caching mechanisms, including mod_cache and mod_cache_disk. Below is a step-by-step guide to enable and configure caching in Apache.

Enable Caching in Apache

To enable caching in Apache, follow the steps below:

  1. Enable Required Modules

    To use caching in Apache, you need to enable the necessary modules. These include mod_cache, mod_cache_disk, and optionally mod_cache_socache (for shared object caching).

    On Ubuntu/Debian:

    sudo a2enmod cache sudo a2enmod cache_disk sudo a2enmod headers sudo systemctl restart apache2

    On CentOS/RHEL:

    Open the Apache configuration file:

    sudo nano /etc/httpd/conf/httpd.conf

    Ensure that the following modules are loaded (uncomment or add these lines):

    LoadModule cache_module modules/mod_cache.so LoadModule cache_disk_module modules/mod_cache_disk.so LoadModule headers_module modules/mod_headers.so

    Save the changes and restart Apache:

    udo systemctl restart httpd
  2. Basic Cache Configuration

    After enabling the modules, configure caching in your virtual host or main Apache configuration file.

    For a basic caching setup, edit your virtual host configuration:

    On Ubuntu/Debian:

    sudo nano /etc/apache2/sites-available/yourdomain.conf

    On CentOS/RHEL:

    sudo nano /etc/httpd/conf.d/yourdomain.conf

    Add the following caching configuration:

    <VirtualHost *:80> ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyPreserveHost On ProxyPass / http://backendserver.com/ ProxyPassReverse / http://backendserver.com/ # Enable caching CacheEnable disk / CacheRoot /var/cache/apache2/mod_cache_disk CacheDirLevels 2 CacheDirLength 1 # Set cache control headers (optional but recommended) Header set Cache-Control "max-age=3600, must-revalidate" # Specify the default cache expiry (1 hour in this case) CacheDefaultExpire 3600 # Specify the maximum size of the cache (in bytes) CacheMaxFileSize 1000000 ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined </VirtualHost>
  3. Understanding Cache Configuration Options

    • CacheEnable disk /: This directive enables disk-based caching for the specified path. The / means that all requests will be cached.
    • CacheRoot /var/cache/apache2/mod_cache_disk: Specifies the directory where cache files will be stored.
    • CacheDirLevels 2 and CacheDirLength 1: These directives define how the cache directory structure is organized.
    • Header set Cache-Control “max-age=3600, must-revalidate”: Adds HTTP headers to control how long content is cached and when it should be revalidated.
    • CacheDefaultExpire 3600: Sets the default expiry time for cached content (in seconds). Here, it is set to 1 hour.
    • CacheMaxFileSize 1000000: Specifies the maximum size of files that can be cached (in bytes). Here, it’s set to 1MB.
  4. Configuring Cache Expiration and Control

    To fine-tune caching behavior, you can control how Apache handles different types of content using the following directives:

    <FilesMatch "\.(html|htm|js|css)$">
    ExpiresActive On
    ExpiresDefault "access plus 1 hour"
    </FilesMatch>
    <FilesMatch "\.(jpg|jpeg|png|gif|ico)$">
    ExpiresActive On
    ExpiresDefault "access plus 24 hours"
    </FilesMatch>
    
    • ExpiresActive On: Enables the expiration headers.
    • ExpiresDefault “access plus 1 hour”: Sets the expiration time relative to when the file was accessed.
  5. Testing and Verification

    Once you’ve configured caching, restart Apache:

    On Ubuntu/Debian:

    sudo systemctl restart apache2

    On CentOS/RHEL:

    udo systemctl restart httpd

    You can verify that caching is working by checking the response headers of your site using a tool like curl:

    curl -I http://yourdomain.com

    Look for headers like X-Cache or Age, which indicate that content is being served from the cache.

  6. Cache Purging

    Occasionally, you may need to clear the cache manually, such as when updating your website content. You can do this by deleting the cache directory:

    sudo rm -rf /var/cache/apache2/mod_cache_disk/*

    Or, if you want to clear specific cached objects, you can use Apache’s cache purging methods, which may involve additional tools or configurations.

Automate SSL with Let’s Encrypt and Certbot

Next, let’s secure the site using free Let’s Encrypt SSL certificate and setup automated renewal with certbot.

Automating SSL certificate management with Let’s Encrypt using Certbot is an excellent way to ensure that your SSL certificates are always up-to-date without manual intervention. Let’s Encrypt provides free, automated, and open SSL/TLS certificates that can be renewed automatically using Certbot, a tool designed to work seamlessly with Let’s Encrypt.

Automating SSL with Let’s Encrypt and Certbot

To automate SSL with Let’s Encrypt and Certbot, follow the steps below:

  1. Install Certbot

    Certbot is the most popular tool for automating the process of obtaining and renewing Let’s Encrypt SSL certificates. Depending on your operating system, you can install Certbot using the package manager.

    On Ubuntu/Debian:

    sudo apt update sudo apt install certbot python3-certbot-apache -y

    On CentOS/RHEL:

    First, enable the EPEL repository, then install Certbot:

    sudo dnf install epel-release -y sudo dnf install certbot python3-certbot-apache -y
  2. Obtain an SSL Certificate

    Once Certbot is installed, you can obtain a new SSL certificate for your domain. Certbot will also automatically configure your Apache server to use the certificate.

    Run the following command:

    sudo certbot --apache
    

    You will be prompted to:

    1. Enter your email address: This is used for urgent renewal and security notices.
    2. Agree to the terms of service.
    3. Select your domain(s): Certbot will automatically detect the domains configured in your Apache virtual hosts.
    4. Choose whether to redirect HTTP traffic to HTTPS: It’s recommended to choose to redirect to ensure all traffic is encrypted.

    Certbot will automatically configure your Apache server and install the SSL certificates.

  3. Automatic Renewal

    Let’s Encrypt certificates are valid for 90 days, but Certbot includes a mechanism to automatically renew them. When Certbot is installed, a cron job or a systemd timer is typically set up automatically to handle the renewal.

    You can check if the renewal is correctly configured by listing the cron jobs:

    sudo crontab -l

    Or check the systemd timer:

    systemctl list-timers | grep certbot

    The renewal job typically runs twice a day and automatically renews any certificates that are within 30 days of expiration.

  4. Test Automatic Renewal

    It’s a good idea to test the automatic renewal process to ensure everything is working correctly.

    Run the following command to simulate the renewal process:

    sudo certbot renew --dry-run

    If the dry run is successful, you can be confident that Certbot will automatically renew your certificates when they are about to expire.

  5. Manually Renew Certificates (If Necessary)

    While automatic renewal is set up, you might occasionally want to renew a certificate manually, for example, if you’ve made changes to your server configuration or just want to force a renewal.

    You can do this with:

    sudo certbot renew

    This command checks all installed certificates and renews those that are within 30 days of expiration.

  6. Monitor and Troubleshoot Renewal

    To ensure that your renewal process is working smoothly, you can check the renewal logs:

    sudo cat /var/log/letsencrypt/letsencrypt.log

    If you encounter issues, Certbot usually provides detailed error messages that can help in troubleshooting.

  7. Renew Multiple Domains (If Applicable)

    If you have multiple domains, Certbot can handle them all at once. You can specify multiple domains when initially obtaining the certificate:

    sudo certbot --apache -d yourdomain.com -d www.yourdomain.com -d anotherdomain.com

    Certbot will then manage the certificates for all specified domains, including automatic renewals.

Setup Load Balancing with Apache Reverse Proxy

Finally, let’s configure basic load balancing to reduce server load and improve performance during traffic spikes.

This process involves configuring one or more additional servers to establish a cluster which will more efficiently serve web requests and establishes a blueprint for future scalability.

Load balancing your Apache reverse proxy is a crucial step for improving the scalability, availability, and performance of your ecommerce website. By distributing incoming traffic across multiple backend servers, you can ensure that no single server is overwhelmed, which helps maintain optimal response times and uptime even during traffic spikes.

SEE ALSO: 3 Easy Steps to Integrate Monitoring Tools for Apache Reverse Proxy Server

Load Balancing with Apache Reverse Proxy

To setup load balancing with Apache reverse proxy, follow the steps below:

  1. Prerequisites

    Before setting up load balancing, make sure you have:

    • Multiple backend servers: These are the servers where your application is hosted.
    • Apache installed: Apache should be set up as a reverse proxy on a server that will act as the load balancer.
    • Mod_proxy_balancer enabled: Apache modules for proxy and load balancing must be enabled.
  2. Enable Required Apache Modules

    To configure load balancing in Apache, you need to enable the necessary modules.

    On Ubuntu/Debian:

    sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests sudo systemctl restart apache2

    On CentOS/RHEL:

    Open the Apache configuration file:

    sudo nano /etc/httpd/conf/httpd.conf

    Ensure the following modules are loaded (uncomment or add these lines):

    LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

    Restart Apache to apply changes:

    udo systemctl restart httpd
  3. Configure the Load Balancer

    Now, you can configure the Apache server to distribute incoming requests to multiple backend servers.

    Edit your Apache virtual host configuration:

    On Ubuntu/Debian:

    sudo nano /etc/apache2/sites-available/yourdomain.conf
    

    On CentOS/RHEL:

    sudo nano /etc/httpd/conf.d/yourdomain.conf
    

    Add the following load balancer configuration:

    <VirtualHost *:80>
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com
    ProxyPreserveHost On
    <Proxy "balancer://mycluster">
    # Define backend servers
    BalancerMember http://backend1.yourdomain.com
    BalancerMember http://backend2.yourdomain.com
    BalancerMember http://backend3.yourdomain.com
    # Optional: Set the load balancing method
    # By default, Apache uses byrequests (distributes requests equally)
    # Other methods include bytraffic, bybusyness, and heartbeat
    ProxySet lbmethod=byrequests
    # Optional: Set a stickiness session to maintain session persistence
    # ProxySet stickysession=JSESSIONID
    # Optional: Define a failover worker in case a backend is down
    # BalancerMember http://backup.yourdomain.com status=+H
    </Proxy>
    # Proxy all requests to the load balancer
    ProxyPass / balancer://mycluster/
    ProxyPassReverse / balancer://mycluster/
    ErrorLog ${APACHE_LOG_DIR}/yourdomain_error.log
    CustomLog ${APACHE_LOG_DIR}/yourdomain_access.log combined
    </VirtualHost>
    
    Explanation of Configuration Options:
    • BalancerMember: Defines the backend servers that will handle the requests.
    • lbmethod=byrequests: The load balancing method; byrequests distributes requests equally across servers. Other methods include:
      • bytraffic: Distributes based on the amount of traffic.
      • bybusyness: Sends new requests to the server with the least number of active connections.
      • heartbeat: Works with a separate health monitoring module.
    • stickysession=JSESSIONID: This option maintains session persistence by sticking the user’s session to the same backend server based on the session ID.
    • status=+H: Marks a backend server as a hot standby, which is only used if all other servers are down.
  4. Configure SSL (If Applicable)

    If your site uses SSL, you need to configure your load balancer to handle HTTPS traffic. The configuration is similar, but you will be using port 443 and including SSL directives.

    Here’s how you can set up a load-balanced SSL virtual host:

    <VirtualHost *:443> ServerName yourdomain.com ServerAlias www.yourdomain.com SSLEngine On SSLCertificateFile /etc/ssl/certs/yourdomain.crt SSLCertificateKeyFile /etc/ssl/private/yourdomain.key SSLCertificateChainFile /etc/ssl/certs/yourdomain_chain.crt ProxyPreserveHost On <Proxy "balancer://mycluster"> BalancerMember http://backend1.yourdomain.com BalancerMember http://backend2.yourdomain.com BalancerMember http://backend3.yourdomain.com ProxySet lbmethod=byrequests </Proxy> ProxyPass / balancer://mycluster/ ProxyPassReverse / balancer://mycluster/ ErrorLog ${APACHE_LOG_DIR}/yourdomain_ssl_error.log CustomLog ${APACHE_LOG_DIR}/yourdomain_ssl_access.log combined </VirtualHost>
  5. Enable and Start the Site

    If you haven’t already done so, enable the site configuration:

    On Ubuntu/Debian:

    sudo a2ensite yourdomain.conf sudo systemctl reload apache2

    On CentOS/RHEL:

    Just restart Apache:

    sudo systemctl restart httpd
  6. Test the Load Balancer

    To verify that the load balancer is working correctly:

    1. Browser Test: Access your website from a browser. Monitor your backend servers to see if requests are being distributed across them.
    2. Command Line Test: Use tools like curl to simulate multiple requests and observe how they are distributed.
    for i in {1..10}; do curl -I http://yourdomain.com; done
    
  7. Monitoring and Health Checks

    Apache does not include advanced health checking and monitoring for backend servers by default. However, you can configure simple health checks or integrate with third-party monitoring tools.

    To enable basic health checks, you can configure the status=+H parameter for a hot standby server that will only be used if the primary servers fail.

    For more advanced monitoring, consider using tools like Nagios, Zabbix, or specialized load balancer tools that provide detailed metrics and health checks.

  8. Scaling and Advanced Load Balancing

    As your traffic grows, you may need to scale your setup:

    • Add more backend servers: Simply add more BalancerMember directives.
    • Geographic Load Balancing: Consider setting up geographically distributed load balancers.
    • Advanced Load Balancers: Consider using dedicated hardware or software-based load balancers like HAProxy or NGINX for more advanced scenarios.

Launch 100% ssd vps from $2. 49/mo!

Benefits of Apache Reverse Proxy

Load balancing your Apache reverse proxy setup is essential for ensuring high availability and performance of your ecommerce website. By following this guide, you can configure Apache to distribute incoming traffic across multiple backend servers, optimizing your server resources and enhancing the user experience.

Remember to monitor your load balancing setup regularly and adjust the configuration as your traffic and infrastructure evolve.

Conclusion

You are now familiar with setting up an Apache reverse proxy for an ecommerce website.

Share this:
Avatar of editorial staff

Editorial Staff

Rad Web Hosting is a leading provider of web hosting, Cloud VPS, and Dedicated Servers in Dallas, TX.

2 thoughts on “Complete Guide to Setting Up an Apache Reverse Proxy for an Ecommerce Website

  1. […] uses Nginx as a reverse proxy to route traffic to Gunicorn. Install […]

  2. […] integrate monitoring tools for Apache reverse proxy server. Integrating monitoring tools with your Apache reverse proxy server setup allows you to track performance, detect issues, and optimize your infrastructure […]

Comments are closed.

lg