Install apache2
To execute the install command in terminal:
sudo apt-get install apache2
Then, we can find that the apache2 has been installed in “/etc/“ directory.
eric@eric:cd /etc/apache2
eric@eric:/etc/apache2$ apache2 -version
Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 3 2014 12:20:28
eric@eric:/etc/apache2# ls -l
total 80
-rw-r--r-- 1 root root 7115 Jan 7 21:23 apache2.conf
drwxr-xr-x 2 root root 4096 Jun 17 15:09 conf-available
drwxr-xr-x 2 root root 4096 Jun 17 15:09 conf-enabled
-rw-r--r-- 1 root root 1782 Jan 3 22:48 envvars
-rw-r--r-- 1 root root 31063 Jan 3 22:48 magic
drwxr-xr-x 2 root root 12288 Jun 17 15:09 mods-available
drwxr-xr-x 2 root root 4096 Jun 17 15:09 mods-enabled
-rw-r--r-- 1 root root 320 Jan 7 21:23 ports.conf
drwxr-xr-x 2 root root 4096 Jun 17 15:08 sites-available
drwxr-xr-x 2 root root 4096 Jun 17 15:09 sites-enabled
Attention:
After executing the install command, some echo exception messages may shown like that.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
If so, we need to:
1) Config the “ServerName” in apache2.conf.
eric@eric:cd /etc/apache2
eric@eric:cd vi apache2.conf
...
ServerName localhost
...
2) End the existed process which is using the 80 socket.
netstat -ap | grep 80
lsof -i:80
kill {PID}
Or modify the listen socket. (See Config listening ports)
Then, we can restart apache2.
eric@eric:sudo /etc/init.d/apache2 restart
Config listening ports
We can change and add the listening ports by modifying port.conf file in “/etc/apache2/“.
eric@eric:sudo vi /etc/apache2/ports.conf
For example, we change the default port from 80 to 81 to avoid the in used portd.
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
After changing the default port, the default site configuration (/etc/apache2/sites-enabled/000-default.conf) also need be updated.
eric@eric:sudo vi /etc/apache2/sites-enabled/000-default.conf
Modify
<VirtualHost *:80>
as
<VirtualHost *:81>
Config proxy or reverse proxy
Here, there is a Tomcat worked in 8080 port as our J2EE server and an application named “myreport” running in it. We will config the apache to proxy it.
1. Activate proxy module
There are “mods-available” and “mods-enabled” two directories in apache. The “mods-available” directory includes all available module configuration files. If we want to make them take effect, they must be copied or linked into the “mods-enabled” directory.
For activating the proxy module, we create some soft link for “proxy.load”, “proxy_http.load” and “proxy.conf”.
eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy.load
eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy_http.load
eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy.conf
Then, execute the a2enmod command.
eric@eric:/etc/apache2$ a2enmod proxy
2. Config proxy
After activating the proxy module, we can config the “Forward Proxy” or “Reverse Proxy” for the “myreport” application in Tomcat.
- Reverse Proxy
Reverse proxy is the most used way.
ProxyRequests Off
ProxyPass /myreport ${REPORT_SERVER}/myreport
ProxyPassReverse /myreport ${REPORT_SERVER}/myreport
or
ProxyRequests Off
Timeout 36000
ProxyTimeout 36000
<Location /myreport/>
ProxyPass ${REPORT_SERVER}/myreport
ProxyPassReverse ${REPORT_SERVER}/myreport
ProxyPassReverseCookiePath /myreport /
</Location>
For easy to config, we define a variable named “REPORT_SERVER” in “/etc/apache2/envvars”.
export REPORT_SERVER=http://192.168.0.88:8080
After restarting the apache with the latest configuration, we can access the “myreport” application with:
http://localhost:81/myreport
- Forward Proxy
For example, to control who can access your proxy:
ProxyRequests On
ProxyVia On
<Proxy *>
Require ip 192.168.0
</Proxy>
For more details, please see the official doc about [mod_proxy] [2].
Add SSL Support
1. Install openssl and ssl-cert
1 | eric@eric: sudo apt-get install openssl ssl-cert |
2. Generate private key and certification
eric@eric: sudo mkdir /etc/apache2/ssl
eric@eric: cd /etc/apache2/ssl
eric@eric:/etc/apache2/ssl$ sudo openssl genrsa -des3 -out my-server.key 1024
eric@eric:/etc/apache2/ssl$ sudo openssl req -key my-server.key -x509 -out my-server.crt -config /etc/ssl/openssl.cnf -days 3650
3. Activate SSL module
eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/ssl.load
eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/ssl.conf
eric@eric:/etc/apache2/mods-enabled$ sudo a2enmod ssl
4. Add SSL support for site
Now, we modify the default site configuration (/etc/apache2/sites-enabled/000-default.conf) to add SSL support and make non-https access use the https automatically.
Usually, we config the 443 port for SSL support.
<VirtualHost *:81>
...
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/my-server.crt
SSLCertificateKeyFiel /etc/apache2/ssl/my-server.key
...
</VirtualHost>
Postscript
I have just recorded my first attempt to proxy a web site by apache for memo.
There are some other useful and complex modules in apache, such as rewrite, load balance and so on.
Reference
- Apache official doc: [http://httpd.apache.org/docs/2.4/] [1]
[1]: http://httpd.apache.org/docs/2.4/ apache doc
[2]: http://httpd.apache.org/docs/2.4/mod/mod_proxy.html mode_proxy