Reverse proxy

The reverse proxy feature is useful when you want to access internal sites from the outside network.

The virtual host configuration is part of the Web Server application inside the new Server Manager.

Path and virtual host rules

A web client request can be forwarded to another web server transparently, according to two types of matching rules:

  • Requests matching an URL path, like http://mydomain.com/mysite
  • Requests matching a virtual host name, like http://my.secondary-domain.com

The typical scenario for a URL path rule is the following:

  • NethServer is the firewall of your LAN
  • You have a domain http://mydomain.com
  • You would like http://mydomain.com/mysite to forward to the internal server (internal IP: 192.168.2.100)

In this scenario, create a new record under Reverse proxy > Paths page. Set the Name of the item to mysite and the Target URL to http://192.168.2.100.

If only encrypted connections are allowed, enable the Require SSL encrypted connection.

Only clients from certain networks can be allowed to connect, by specifying a comma-separated list of CIDR networks under the Access from CIDR networks field.

A virtual host name rule can be forward HTTP requests to another web server, and is defined in the Reverse proxy > Virtual hosts page. For instance:

  • NethServer is the firewall of your LAN
  • You have a domain http://my.secondary-domain.com
  • You would like http://my.secondary-domain.com to be forwarded to the internal web server 192.168.2.101, port 9000.

In this scenario, set the Name of a new virtual host item to my.secondary-domain.com and the Target URL to http://192.168.2.101:9000.

Refer also to the UI description of Reverse Proxy for additional information about advanced features, like Forward HTTP “Host” header to target and :guilabel`Accept invalid SSL certificate from target`.

Manual configuration

If Reverse proxy page is not enough, you can always configure Apache manually, by creating a new file inside /etc/httpd/conf.d/ directory.

Example

Create /etc/httpd/conf.d/myproxypass.conf file with this content:

<VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    ProxyPass /owa https://myserver.exchange.org/
    ProxyPassReverse /owa https://myserver.exchange.org/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.mydomain.org
    ProxyPreserveHost On
    ProxyPass / http://10.10.1.10/
    ProxyPassReverse / http://10.10.1.10/
</VirtualHost>

Please refer to official Apache documentation for more information: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html