Reverse Proxy with Apache

Configuring Apache with mod_http_proxy

Enable the mod_http_proxy, mod_proxy and mod_headers Apache modules:

LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so

And configure them:

…
AllowEncodedSlashes On
…
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set "X-Forwarded-Proto" "https"
RequestHeader set "X-Forwarded-Port" "443"
ProxyPass /cadenza http://localhost:8080/cadenza
ProxyPassReverse /cadenza http://localhost:8080/cadenza
…
We definitely recommend to run Cadenza over TLS, but it can also run without an encrypted connection. In that case we would have to use http and 80 instead of https and 443 in the example above.

Terminating TLS in Apache

When you operate Cadenza over TLS you typically want to terminate the TLS connection in the Apache reverse proxy.

Configure the Apache HTTPS Proxy with the following parameters:

  • ProxyPreserveHost On

  • SSLProxyEngine On

The context (usually /cadenza/) must be the same, both internally and externally.

Terminating TLS in Tomcat

Alternatively you can terminate the TLS connection in Tomcat, but then Apache needs to pass through the connection as is.

Configure the Apache HTTPS Proxy with the following parameters:

  • ProxyPreserveHost On

Configure the Tomcat HTTP-Connector with the parameters:

  • scheme="https"

  • proxyPort="443"

The context (usually /cadenza/) must be the same, both internally and externally.