Reverse proxy

The reverse proxy feature is useful when you want to access internal sites from the outside network.

Path and virtual host rules

A web client request can be forwarded to another web server transparently, according to two types of matching rules:

  • Requests matching an URL path, like http://mydomain.com/mysite
  • Requests matching a virtual host name, like http://my.secondary-domain.com

The typical scenario for a URL path rule is the following:

  • NethServer is the firewall of your LAN
  • You have a domain http://mydomain.com
  • You would like http://mydomain.com/mysite to forward to the internal server (internal IP: 192.168.2.100)

In this scenario, create a new record under Reverse proxy > Paths page. Set the Name of the item to mysite and the Target URL to http://192.168.2.100.

If only encrypted connections are allowed, enable the Require SSL encrypted connection.

Only clients from certain networks can be allowed to connect, by specifying a comma-separated list of CIDR networks under the Access from CIDR networks field.

A virtual host name rule can be forward HTTP requests to another web server, and is defined in the Reverse proxy > Virtual hosts page. For instance:

  • NethServer is the firewall of your LAN
  • You have a domain http://my.secondary-domain.com
  • You would like http://my.secondary-domain.com to be forwarded to the internal web server 192.168.2.101, port 9000.

In this scenario, set the Name of a new virtual host item to my.secondary-domain.com and the Target URL to http://192.168.2.101:9000.

Refer also to the UI description of Reverse Proxy for additional information about advanced features, like Forward HTTP “Host” header to target and :guilabel`Accept invalid SSL certificate from target`.

Manual configuration

If Reverse proxy page is not enough, you can always configure Apache manually, by creating a new file inside /etc/httpd/conf.d/ directory.

Example

Create /etc/httpd/conf.d/myproxypass.conf file with this content:

<VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    ProxyPass /owa https://myserver.exchange.org/
    ProxyPassReverse /owa https://myserver.exchange.org/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.mydomain.org
    ProxyPreserveHost On
    ProxyPass / http://10.10.1.10/
    ProxyPassReverse / http://10.10.1.10/
</VirtualHost>

Please refer to official Apache documentation for more information: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html