Apache Httpd Proxy

Posted on  by admin

Estimated reading time: 4 minutes

The modproxy modules need to be installed. Apache HTTPD typically comes with the modproxy modules already included. This is the case on Red Hat Enterprise Linux, the HTTPD that comes with JBoss Enterprise Web Server, and the Apache HTTPD that comes with Microsoft Windows. In this post I configure a url redirection from HTTP to HTTPS and viceversa using the Apache modproxy and the ProxyPass directive. I assume an environment consisting of two hosts: a Web Server Apache in front of a Tomcat Applicaton Server.In the following first example the Apache ProxyPass redirects the HTTP requests to the SSL port 8443 of the Tomcat Server. The route must also be set in either ProxyPass or ProxySet. The cookie can either be set by the back-end, or as shown in the above example by the Apache web server itself. Some back-ends use a slightly different form of stickyness cookie, for instance Apache Tomcat.

This page contains information about hosting your own registry using theopen source Docker Registry. For information about Docker Hub, which offers ahosted registry with additional features such as teams, organizations, webhooks, automated builds, etc, see Docker Hub.

My site is using apache httpd to do the reverse proxy to an app running in Express (Node.js app). Have 2 express servers, one for backend, another for frontend hosting. Right now I'm trying to block malicious requests that is coming to my site so it returns a 404 or bad request.

Use-case

People already relying on an apache proxy to authenticate their users to other services might want to leverage it and have Registry communications tunneled through the same pipeline.

Apache Httpd ProxyApache httpd proxy exampleApache httpd proxyrequests

Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO mechanism fronting their internal http portal.

Alternatives

If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native basic auth registry feature.

Solution

With the method presented here, you implement basic authentication for docker engines in a reverse proxy that sits in front of your registry.

Apache

Apache Httpd Proxy Configuration

While we use a simple htpasswd file as an example, any other apache authentication backend should be fairly easy to implement once you are done with the example.

We also implement push restriction (to a limited user group) for the sake of the example. Again, you should modify this to fit your mileage.

Gotchas

While this model gives you the ability to use whatever authentication backend you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself.

Furthermore, introducing an extra http layer in your communication pipeline adds complexity when deploying, maintaining, and debugging.

Setting things up

Read again the requirements.

Apache Httpd Proxy Timeout

Ready?

Run the following script:

Starting and stopping

Now, start your stack:

Log in with a “push” authorized user (using testuserpush and testpasswordpush), then tag and push your first image:

Apache Https Reverse Proxy

Now, log in with a “pull-only” user (using testuser and testpassword), then pull back the image:

Apache Httpd Proxypassreverse

Verify that the “pull-only” can NOT push:

Apache httpd proxypassregistry, on-prem, images, tags, repository, distribution, authentication, proxy, apache, httpd, TLS, recipe, advanced