Configuring Apache reverse proxy server (Linux)

Preparations

In this tutorial, we will learn how to set up Apache on Linux and use it as the reverse proxy server to redirect requests to the PowerServer Web APIs running on the Kestrel server.

In this tutorial, we will configure and use the following server environment and URLs. Make sure the port number is not occupied by any other program. For how to verify if a port number is occupied, follow the instructions in Choosing an appropriate port number.


Step 1: Set up the reverse proxy server with the following OS and software (install the software in the order listed).

Step 2: Configure the CentOS user account: you can either use the root account or create a new account with administrative privileges.

Step 3: Set up a firewall on the server and make sure the firewall allows the port (80 and 8080 in this tutorial or any port number you choose) to go through.

Step 4: Make sure the server can connect to Internet during the installation of Apache HTTP Server.

Configuring Apache

This section is to configure Apache as a reverse proxy server in a Linux machine.

Step 1: Go to the /etc/httpd/conf folder and open the httpd.conf file in a text editor.

Step 2: Add the following scripts to the end of the httpd.conf file.

This is to configure Apache as a reverse proxy server which will redirect requests made to the URL: https://172.16.100.40:8080/ to the PowerServer Web APIs running on Kestrel at https://172.16.100.35:6000/.

# Listen on port 8080 or any port you choose. Make sure it is not used by any other program. 
<VirtualHost *:8080> 
 ProxyPreserveHost On
 # Pass all requests received at the root https://172.16.100.40/8080 to https://172.16.100.35:6000/ (PowerServer Web APIs running on Kestrel server) and in reverse.
 ProxyPass / https://172.16.100.35:6000/ 
 ProxyPassReverse / https://172.16.100.35:6000/
</VirtualHost>

Step 3: Locate the following line in the httpd.conf file and specify the port number: 80 (or any port you choose) is used to access the static Web files on the Apache HTTP server, 8080 is used to access Web APIs (according to the reverse proxy setting in step 2, requests made to 8080 will be forwarded to 6000.)

Change

Listen 80

To

Listen 80
Listen 8080

Tip: In CentOS, you can execute the command "netstat -anp | grep 8080" to check if the port number is occupied by any other program.

Step 4: Run the following command to add port 8080 to "http_port_t":

$ sudo semanage port -a -t http_port_t -p tcp 8080

Note

If the port is not properly added, you may see the following error when you start and check the status of Apache:


Step 5: If you have set up a firewall on the server, run the following command to permanently enable port 8080:

$ sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp

and the following command to reload the firewall service:

$ sudo firewall-cmd --reload

Note

If the firewall blocks the port number, you may have the following error when running the application.


Step 6: Check if any syntax errors in httpd.conf, and then restart Apache for the changes to take effect.

$ sudo apachectl configtest
$ sudo systemctl restart httpd

Step 7: Verify that Apache is running.

$ sudo systemctl status httpd


Step 8: Run the following command to allow Apache to make outbound connections.

$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1

Note

If Apache is not allowed to make outbound connections, you may encounter the following error when running the application,


and may have the following errors in the \var\log\httpd\error_log.log file.

[Tue Jun 08 05:21:42.408866 2021] [proxy:error] [pid 4025:tid 140605678085888] (13)Permission denied: AH00957: HTTP: attempt to connect to 172.16.100.35:6000 (172.16.100.35) failed
[Tue Jun 08 05:21:42.408952 2021] [proxy_http:error] [pid 4025:tid 140605678085888] [client 172.16.100.35:56187] AH01114: HTTP: failed to make connection to backend: 172.16.100.35

Modifying and re-deploying the PowerServer project

The following modifications are made to the PowerServer project created in Quick Start > Guide 1. If you have not created a PowerServer project yet, please follow the instructions in Quick Start > Guide 1 to create one.

Step 1: Modify the Web API URL to point to the Apache reverse proxy server.

On the .NET Server page of the PowerServer project painter, specify the URL of the Apache reverse proxy server, for example, https://172.16.100.40:8080. It is highly recommended that you specify an HTTPS URL for the production environment.

All requests for PowerServer Web APIs will be first made to https://172.16.100.40:8080 and then redirected by the Apache reverse proxy server to the PowerServer Web APIs running on Kestrel server (for example, https://172.16.100.35:6000).


Step 2: Select a Web server for deploying the app files.

On the Web Server page of the PowerServer project painter, select a local or remote Web server (IIS, Apache, Nginx, etc.) you have configured properly.

The Web server and the Apache reverse proxy server can reside in the same or different machine. If the Web server is an Apache HTTP server, it can be the same or different server instance with the Apache reverse proxy server. If you want to deploy the app files to the Apache HTTP server which uses the same server instance as the Apache reverse proxy server on a Linux machine, you can choose "Create a package" (see Packaging and copying the client app for detailed instructions).

In this tutorial, we choose to deploy the app files to a local IIS Web server.


Step 3: Save the PowerServer project settings and then build and deploy the PowerServer project for the changes to take effect.

Verifying the configuration

Now let's run the PowerServer Web APIs and verify that the requests are forwarded successfully from the reverse proxy server to the PowerServer Web APIs.

In order to view the detailed log information, let's directly start the PowerServer Web APIs as a console application in the local development environment, using either of the following methods:

  • Execute the "dotnet run --project PowerServer19\ServerAPIs\ServerAPIs.csproj" command, or

  • Open the PowerServer C# solution in the SnapDevelop IDE and then click the Run button.

Make sure the PowerServer Web APIs is running on the correct IP address and port number. For example, https://172.16.100.35:6000/ in this tutorial. You may modify the port number in the launchSettings.json file of the ServerAPIs project of the PowerServer C# solution when running in the development environment.


Run the application (https://172.16.100.72:80/salesdemo_cloud in this tutorial). You should be able to see from the console that the requests are going through successfully and the requests are originally made to the Apache proxy server (https://172.16.100.40/8080 in this tutorial).


Once you have verified that the reverse proxy server works properly, you can publish and start the PowerServer Web APIs in a production environment, as described in Running Web APIs on Kestrel.