Running a web application behind a proxy

May 10, 2022

Lang: cs en de es

There are more and more web applications running behind proxies. Configuring such applications is more complex. And it is especially necessary to do it correctly if the application processes some information from HTTP headers that it needs to operate correctly. And so you need to have a properly configured proxy server as well as the application, because without that, the application may not work, or it may work poorly, or there may be a potential security issue. I will describe how to configure such a proxy server and a sample application in this article.

What is a proxy server for

A proxy server is software that translates and possibly modifies requests between the client and the application server. It thus separates the external and internal network. A proxy server can also be implemented as a standalone device.

In the case of web applications, it is a web proxy. Specifically, we'll talk about a reverse proxy.

A proxy server can be provided by specialized applications such as HAProxy, Varnish, Treafik, and Squid. Or you can configure a Apache or Nginx web server as a reverse proxy.

A reverse proxy is used today (2022) often because, because due to the limitation of available public IPv4 addresses, one IPv4 address is directed to the server, where the proxy is running, which then forwards requests to individual servers on the internal network that have private IP addresses. The proxy also terminates HTTPS connections. For more information, see secure HTTP.
HAProxy is often used to balance traffic and limit outages during server upgrades and deploy (deploy) new versions of applications.
Before 2000, web proxy was used as a cache, but that only made sense until the static web era.
In corporations, proxies are used to examine traffic in detail - what users are visiting .

Setting up a proxy server

The reverse proxy server must be set up to receive the traffic for the domain in the first place. It is then configured where to route the traffic and how to modify the communication if necessary.

Nginx

Sample proxy settings for Nginx web server:

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name www.example.com;

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Forwarded-Host $host;
                proxy_pass http://IP-aplikace:80;
        }
}

Apache

Example of Apache web server setup as a reverse proxy:

        ServerName example.com
        ServerAlias www.example.com
        ProxyPreserveHost On
        ProxyRequests On
        #ProxyErrorOverride On
        ProxyPass / http://192.168.100.93/
        On ProxyPassReverse / http://192.168.100.93/
        
        RequestHeader set X-Forwarded-Port "443"
        RequestHeader set X-Forwarded-Port "https"

Application Settings

Nette

If you are using web application development PHP framework Nette, you need to add the following settings to the neon configuration file:

http:
	proxy: ip-proxy/ip-range-proxy
Instead of IP-proxy/IP-range-proxy, add the IP proxy or IP range of your local network where you run the infrastructure.

Wordpress

It may be that you are running wordpress behind a proxy. I had a problem with some old wordpress and I solved the problem as follows. I added the following to the wp-config.php file:

if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        $_SERVER['HTTPS'] = 'on';
}

This can be handled similarly in any other old PHP application. You may also find the video how to run old PHP applications interesting.

Video tutorial

Information about how the proxy works and how to set up the application in Nette can be viewed as a video:

PDFs of the presentation for this talk are on my IT services website.

Resources

Resources where you can find out more details:

Články na podobné téma

VMware licensing change
Running Microsoft SQL Server on Linux
Backup: the Proxmox Backup Server
Linux as a router and firewall
How to upload a docker image to the Docker Registry
Linux: logical volume management
Linux Software RAID
Mailbox migration
Docker multistage build
Backing up your data by turning on your computer
Podman
Importing Windows into Proxmox virtualization
Docker and PHP mail
Proxmox virtualization
Docker and Cron
Lenovo ThinkPad X1 Carbon: LTE modem EM7544 commissioning
Yocto Project: Build custom operating system for embedded devices
Preparing a Linux server to run a web application in Python
How to address poor file share performance in Docker
How to get started using Docker correctly
Installing Linux on a dedicated HPE ProLiant DL320e server
How to stress test a web application
Why use the JFS filesystem
How to boot from a 4TB drive with GTP using UEFI
Btrfs file system
Raspberry PI
WINE - running Windous programs under Linux
GNU/Linux operating system

Newsletter

If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.


+