Hello, Thank you. I meant was the front end (Reverse Proxy) need any Apache hardening? Or just Back end (WordPress and etc) need hardening? Can anyone show me a complete Reverse Proxy configuration example?
On Tuesday, March 9, 2021, 02:03:23 AM GMT+3:30, Dino Ciuffetti <d...@tuxweb.it> wrote: > <VirtualHost *:80> > ProxyPreserveHost On > ProxyPass / http://Server-IP > ProxyPassReverse / http://Server-IP > </VirtualHost> > I have some questions: > > 1- the real work of a proxy server is just that lines? It's OK if you only have one backend HTTP worker without load balancing and no HTTPS. If you need load balancing (advised!) and HTTPS on the reverse proxy (much advised!) you'll need to configure your reverse proxy virtualhosts with mod_ssl and mod_proxy_balancer. I also recommend you to enable some logging (error_log and access_log) on your virtualhost. > 2- The real configuration of the web server must be done on the another > server? Consider below > figure: > > The Internet --> Reverse Proxy Server --> Apache Web Server > > The SSL configuration and other Apache hardening and configuration must be > done on the Apache Web > Server and not the Reverse Proxy Server? Don't know what you mean for "the real configuration". You'll need to configure the apache reverse proxy node as a reverse proxy, and the backend HTTP worker as a backend HTTP worker. Please remember that a apache httpd reverse proxy node works at Layer 7 (Application -> HTTP/HTTPS) and not a Layer 4 (eg TCP). Your HTTP contents (eg wordpress, static pages, js, css, etc) must be implemented on your backend workers and the reverse proxy will publish those contents to your clients. BTW HTTPS must be terminated on the reverse proxy. The security hardening must be enforced on both nodes. Rreverse proxy is generally directly exposed on outside, so it obviously needs more attentions. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
