以下是Apache配置反向代理的详细步骤:
1. 启用必要的模块
# Ubuntu/Debian
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod ssl # 如果需要HTTPS
# 重启Apache
sudo systemctl restart apache2
# CentOS/RHEL/Fedora
sudo dnf install mod_proxy # 或 yum install mod_proxy
# 确保httpd.conf中有这些模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so2. 基本反向代理配置
示例1:将根路径代理到后端应用
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
# 传递客户端真实IP
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1
</VirtualHost>示例2:代理特定路径
<VirtualHost *:80>
ServerName example.com
# 代理 /api 到后端应用
ProxyPass /api/ http://backend-server:8080/
ProxyPassReverse /api/ http://backend-server:8080/
# 代理 /app 到另一个应用
ProxyPass /app/ http://app-server:3000/
ProxyPassReverse /app/ http://app-server:3000/
# 静态文件由Apache处理
DocumentRoot /var/www/html
</VirtualHost>3. 高级配置示例
带负载均衡的反向代理
<VirtualHost *:80>
ServerName example.com
<Proxy balancer://mycluster>
# 定义后端服务器集群
BalancerMember http://backend1:8080 route=1
BalancerMember http://backend2:8080 route=2
BalancerMember http://backend3:8080
# 负载均衡算法
ProxySet lbmethod=byrequests
# 会话粘性
ProxySet stickysession=JSESSIONID
# 健康检查
ProxySet failonstatus=500,503
</Proxy>
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
# 健康检查页面
<Location /balancer-manager>
SetHandler balancer-manager
Require ip 192.168.1.0/24
</Location>
</VirtualHost>WebSocket代理配置
<VirtualHost *:80>
ServerName example.com
# WebSocket支持
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) "ws://backend:8080/$1" [P]
# 普通HTTP代理
ProxyPass / http://backend:8080/
ProxyPassReverse / http://backend:8080/
# 设置WebSocket代理头
ProxyPass /ws/ ws://backend:8080/ws/
ProxyPassReverse /ws/ ws://backend:8080/ws/
</VirtualHost>4. HTTPS反向代理配置
<VirtualHost *:443>
ServerName example.com
# SSL配置
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/chain.pem
# 代理到后端HTTP
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
# 设置HTTPS相关的头
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
# HTTP重定向到HTTPS
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>5. 配置头信息传递
<VirtualHost *:80>
ServerName example.com
# 传递原始客户端信息
ProxyPreserveHost On
ProxyRequests Off
# 设置代理头
RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Host "%{HTTP_HOST}s"
# 添加安全头
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
# 隐藏服务器信息
ServerSignature Off
ServerTokens Prod
ProxyPass / http://backend:8080/
ProxyPassReverse / http://backend:8080/
</VirtualHost>6. 错误处理和超时设置
<VirtualHost *:80>
ServerName example.com
# 超时设置
ProxyTimeout 300
Timeout 300
ProxyBadHeader Ignore
# 连接设置
ProxySet connectiontimeout=5
ProxySet timeout=300
# 错误文档
ErrorDocument 502 /errors/502.html
ErrorDocument 503 /errors/503.html
ErrorDocument 504 /errors/504.html
# 健康检查
ProxyPass /health-check !
Alias /health-check /var/www/health.html
ProxyPass / http://backend:8080/ retry=5
ProxyPassReverse / http://backend:8080/
</VirtualHost>7. 完整的生产环境示例
<VirtualHost *:80>
ServerName api.example.com
ServerAdmin admin@example.com
# 日志设置
ErrorLog ${APACHE_LOG_DIR}/api-error.log
CustomLog ${APACHE_LOG_DIR}/api-access.log combined
# 代理配置
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
# 安全头
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'"
# 客户端信息传递
RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Host "%{HTTP_HOST}s"
# 代理规则
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# 排除某些路径
ProxyPass /static/ !
Alias /static/ /var/www/static/
# 限制请求
<Location />
# 限制请求大小
LimitRequestBody 10485760
# 限制请求方法
<LimitExcept GET POST>
Deny from all
</LimitExcept>
</Location>
</VirtualHost>8. 调试和测试
检查配置
# 检查配置语法
sudo apachectl configtest
# 查看已启用模块
apache2ctl -M # 或 httpd -M
# 查看配置
apache2ctl -S测试命令
# 测试代理是否工作
curl -I http://example.com
curl -H "Host: example.com" http://localhost
# 检查头信息
curl -v http://example.com注意事项
-
安全设置:
-
设置适当的访问控制
-
限制代理范围,避免开放代理
-
使用防火墙限制后端服务器访问
-
-
性能优化:
-
调整连接池大小
-
启用压缩
-
配置适当的缓存
-
-
监控:
-
监控代理服务器和后端服务器的日志
-
设置告警机制
-
定期检查性能指标
-
这些配置可以根据你的具体需求进行调整。确保在修改配置后测试并重启Apache服务。