How to Configure Apache as a Reverse Proxy with mod_proxy

Updated on May 25, 2022
How to Configure Apache as a Reverse Proxy with mod_proxy header image


Apache is a web server application that can serve dynamic web content or act as a reverse proxy —forwarding client requests to back-end applications. This article explains how to configure Apache to work as a reverse proxy with mod_proxy.

This guide proxies an ownCloud application on port 8080 under Docker, but you can use the same technique to host another application on a different port.


A Ubuntu 20.04 server is used in this article, but these instructions work for any Linux server running Apache.

1. Enable mod_Proxy

  1. Enable the Apache mod_proxy module.

      $ sudo a2enmod proxy
  2. Enable additional modules.

      $ sudo a2enmod proxy_http
      $ sudo a2enmod proxy_balancer
      $ sudo a2enmod proxy_wstunnel

    Here is what each module does:

    • mod_proxy: Implements proxying on the Apache server.
    • proxy_http: Handles proxy HTTP and HTTPS requests.
    • proxy_balancer: Enables load balancing.
    • proxy_wstunnel: Tunnels web socket connections to a back-end server.
  3. Restart Apache to activate modules.

      $ sudo systemctl restart apache2

2. Set up the Back-end Application

As an example, set up an ownCloud container listening on port 8080 under Docker.

  1. Create the ownCloud docker container.

      $ docker run -d --name owncloud -p 8080:8080 owncloud/server
  2. Start ownCloud.

      $ docker start owncloud
  3. Verify that ownCloud is running.

      $ docker ps


      CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                                       NAMES
      3eaea7b55cfe   owncloud/server   "/usr/bin/entrypoint…"   36 seconds ago   Up 35 seconds>8080/tcp, :::8080->8080/tcp   owncloud

3. Setup Apache as a Reverse Proxy

  1. Back up the default Apache virtual host configuration file.

      $ sudo mv /etc/apache2/sites-available/000-default.conf  /etc/apache2/sites-available/origdefault.backup
  2. Create a new configuration file.

      $ sudo nano /etc/apache2/sites-available/
  3. Add the following contents to the file. Change to your server name. If you are setting up a proxy for a different app than the ownCloud example, you may need to update port 8080 to your application's port number in the file below.

      <VirtualHost *:80>
         ProxyPreserveHost On
         ProxyPass /
         ProxyPassReverse /
  4. Save and close the file.

    Here is what each directive means:

    • ProxyPreserveHost: Forwards the original host header to the back-end application.
    • ProxyPass: Specifies that all requests / are forwarded to the back-end application port.
    • ProxyPassReverse: Negates ProxyPass by modifying response headers from the back-end application.
  5. Activate the configuration file.

      $ sudo ln -s /etc/apache2/sites-available/  /etc/apache2/sites-enabled/
  6. Test the Apache configuration for errors.

      $ sudo apachectl configtest
  7. Restart Apache to load changes.

      $ sudo service apache2 restart

4. Secure the server

  1. Configure the firewall to allow HTTP traffic on port 80.

      $ sudo ufw allow 80/tcp
  2. Allow HTTPS on port 443.

      $ sudo ufw allow 443/tcp
  3. Restart the firewall.

      $ sudo ufw reload

5. Setup SSL

  1. Install Certbot.

      $ sudo apt install certbot python3-certbot-apache
  2. Request a Let's Encrypt SSL Certificate.

      $ sudo certbot -d
  3. Test Auto-renewal.

      $ sudo certbot renew --dry-run

6. Test

Open a web browser, and visit your subdomain.

The ownCloud login page should be displayed. Log in with the username admin, and password admin to start using the application.

More Information

You have configured Apache as a reverse proxy and set up ownCloud as the back-end application. For further information, refer to the following resources.