Reverse Proxy with Apache
Configuring Apache with mod_http_proxy
Enable the mod_http_proxy, mod_proxy and mod_headers Apache modules:
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.soAnd configure them:
…
AllowEncodedSlashes On
…
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set "X-Forwarded-Proto" "https"
RequestHeader set "X-Forwarded-Port" "443"
ProxyPass /cadenza http://localhost:8080/cadenza
ProxyPassReverse /cadenza http://localhost:8080/cadenza
…
We definitely recommend to run Cadenza over TLS, but it can also run without an encrypted connection. In that case we would have to use http and 80 instead of https and 443 in the example above.
|
Terminating TLS in Apache
When you operate Cadenza over TLS you typically want to terminate the TLS connection in the Apache reverse proxy.
Configure the Apache HTTPS Proxy with the following parameters:
-
ProxyPreserveHost On -
SSLProxyEngine On
The context (usually /cadenza/) must be the same, both internally and externally.
| When terminating TLS in the Apache reverse proxy it is strongly recommended to use http2 as protocol because it gives you performance advantages over using older protocol versions. Instructions how to configure http2 can be found in the Apache documentation (https://httpd.apache.org/docs/2.4/mod/mod_http2.html). |
Terminating TLS in Tomcat
Alternatively you can terminate the TLS connection in Tomcat, but then Apache needs to pass through the connection as is.
Configure the Apache HTTPS Proxy with the following parameters:
-
ProxyPreserveHost On
Configure the Tomcat HTTP-Connector with the parameters:
-
scheme="https" -
proxyPort="443"
The context (usually /cadenza/) must be the same, both internally and externally.