This section is to configure Apache as a reverse proxy server in a Linux machine.
Step 1: Go to the /etc/httpd/conf folder and open the httpd.conf file in a text editor.
Step 2: Add the following scripts to the end of the httpd.conf file.
This is to configure Apache as a reverse proxy server which will redirect requests made to the URL: https://172.16.100.40:8080/ to the PowerServer Web APIs running on Kestrel at https://172.16.100.35:6000/.
# Listen on port 8080 or any port you choose. Make sure it is not used by any other program. <VirtualHost *:8080> ProxyPreserveHost On # Pass all requests received at the root https://172.16.100.40/8080 to https://172.16.100.35:6000/ (PowerServer Web APIs running on Kestrel server) and in reverse. ProxyPass / https://172.16.100.35:6000/ ProxyPassReverse / https://172.16.100.35:6000/ </VirtualHost>
Step 3: Locate the following line in the httpd.conf file and specify the port number: 80 (or any port you choose) is used to access the static Web files on the Apache HTTP server, 8080 is used to access Web APIs (according to the reverse proxy setting in step 2, requests made to 8080 will be forwarded to 6000.)
Change
Listen 80
To
Listen 80 Listen 8080
Tip: In CentOS, you can execute the command "netstat -anp | grep 8080" to check if the port number is occupied by any other program.
Step 4: Run the following command to add port 8080 to "http_port_t":
$ sudo semanage port -a -t http_port_t -p tcp 8080
Note
If the port is not properly added, you may see the following error when you start and check the status of Apache:
Step 5: If you have set up a firewall on the server, run the following command to permanently enable port 8080:
$ sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
and the following command to reload the firewall service:
$ sudo firewall-cmd --reload
Note
If the firewall blocks the port number, you may have the following error when running the application.
Step 6: Check if any syntax errors in httpd.conf, and then restart Apache for the changes to take effect.
$ sudo apachectl configtest
$ sudo systemctl restart httpd
Step 7: Verify that Apache is running.
$ sudo systemctl status httpd
Step 8: Run the following command to allow Apache to make outbound connections.
$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1
Note
If Apache is not allowed to make outbound connections, you may encounter the following error when running the application,
and may have the following errors in the \var\log\httpd\error_log.log file.
[Tue Jun 08 05:21:42.408866 2021] [proxy:error] [pid 4025:tid 140605678085888] (13)Permission denied: AH00957: HTTP: attempt to connect to 172.16.100.35:6000 (172.16.100.35) failed [Tue Jun 08 05:21:42.408952 2021] [proxy_http:error] [pid 4025:tid 140605678085888] [client 172.16.100.35:56187] AH01114: HTTP: failed to make connection to backend: 172.16.100.35
