Apache2 Reverse Proxy

Hi,
I have a opensuse 15.2 server (192.168.0.2) for my nextcloud instance and a personal website.I have set up my system to use ClouDNS name and letsencrypt for SSL. all works fine for internal and external.
I also have pihole installed via docker on the same server (192.168.0.2:8081). I have a Rapsberry Pi with Home Assistance on 192.168.0.5:8123. So I thought I would try to use a reverse proxy to allow me acess to these devices externally. I failed miserably .

So I used my standby PC (also Opensuse 15.2) to try and get a simple reverse proxy working. I loaded the following in /etc/apache2/loadmodule.conf

LoadModule proxy_module                   /usr/lib64/apache2-prefork/mod_proxy.so
LoadModule proxy_http_module              /usr/lib64/apache2-prefork/mod_proxy_http.so
LoadModule proxy_html_module              /usr/lib64/apache2-prefork/mod_proxy_html.so

and this is my 00-default.conf file

<VirtualHost *:80>
  ServerName  /pihole
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass /pihole http://192.168.0.2:8081/admin/
  ProxyPassReverse /pihole http://192.168.0.2:8081/admin/
</VirtualHost>


<VirtualHost *:80>
  ServerName  /homeasst
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass /homeasst http://192.168.0.5:8123/"
  ProxyPassReverse /homeasst http://192.168.0.5:8123/
</VirtualHost>
 

I have scoured Google, but no luck.
Can someone please point me in the right direction.

Thanks

The first step for setting up a configuration like this is to locate a reliable reference.
You didn’t describe what you did or point to a reference you’re using, so it’s anyone’s guess what you’re doing and how you set it up (eg, did you install your certificate in your proxy or your webserver?)

It’s been a long time since I’ve set this up, so I can’t recommend a guide from experience that’s relevant to current Apache, but two good places to start are
The openSUSE documentation
The following is the openSUSE Apache documentation, but it’s pretty thin regarding setting up any kind of proxy, but does mention a couple settings
https://doc.opensuse.org/documentation/leap/reference/html/book-opensuse-reference/cha-apache2.html

The official Apache2 documentation has a section dedicated to setting up proxies, including a reverse proxy and a “simple reverse proxy.”
https://doc.opensuse.org/documentation/leap/reference/html/book-opensuse-reference/cha-apache2.html

I don’t know if you might need the following module installed and running on your webserver (that’s not the proxy)
https://software.opensuse.org/package/apache2-mod_rpaf?locale=nn

Although Arch is a different distro, its ArchWiki is one of my “go to” sources because what is described is usually close enough to what you’ll see on openSUSE to make it work
https://wiki.archlinux.org/index.php/Apache_HTTP_Server

TSU

This is wrong and will never match. Read on ServerName directive in Apache documentation.

  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass /pihole http://192.168.0.2:8081/admin/
  ProxyPassReverse /pihole http://192.168.0.2:8081/admin/
</VirtualHost>

This looks over-engineered. You do not need virtual hosts (and if you want to use them, you need to use paths relative to virtual root). Apache documentation has section on reverse proxy setup, did you read it?

Hi Many thanks for the pointers - I had reviewed the openSUSE document but was under the impression that I needed a reverse proxy and when I could not find anything I tried many other google and youtube references. I copied the Virtual host file from a youtube as it seemed the simplest solution. but it didn’t work even on my second simplified internal only web hosting server (testing device). From a second look at the opensuse doc I will try a ip based virtual host solution instead.
I did look at the official Apache documentation but it has the feel of “written by experts for experts”. I did try several of the examples and options.

I will look into the Arch information
Thanks

Unfortunately i didn’t work for me that’s why I turned to the forum for help. I did read the Servername directive and tried variation of the directive as per the Apache documentation.
The referenced virtual host file above was taken from a youtube video that worked but it was not for openSuse.

Can I ask in what way is it over-engineered? Why do I not need virtual hosts? Are you able to provide an alternative setup?

I did read the reverse proxy setup but I couldn’t get it to work for me hence my call for help here.

Any help much appreciated thanks

There is no way you can arrive at this form per the Apache documentation.

The referenced virtual host file above was taken from a youtube video that worked but it was not for openSuse.

Then you have to ask the author of this video. I cannot comment on something I have never seen.

Can I ask in what way is it over-engineered?

Because you do not need virtual hosts and if you want to use virtual hosts you also need to setup host aliases outside of Apache.

Why do I not need virtual hosts?

What makes you think you need them in the first place? It is up to you to explain the reasons for your design. Quite often when you attempt to explain something to other people you also get better understanding and see shortcomings and mistakes.

Are you able to provide an alternative setup?

The only directive you need is ProxyPass and probably ProxyPassReverse depending on what your backend server does.

I did read the reverse proxy setup but I couldn’t get it to work for me

Configuration shown so far cannot work. Otherwise you need to show configuration used when it did not work and explain what “does not work” means - what you expected, what you saw, what URL you requested, what content you received etc. Reading logs may be quite helpful too.

Thanks for your comments, I will try and show where I am to date and the results.
On my main Server (192.168.0.2) I used Virtual hosts to setup my nextcloud and personal website as per various tutorials and I it is working perfectly with SSL - no problems there. I tried to add coding to allow me to access my docker pihole running on 192.168.0.2:8081 and a Rapsberry PI Home Assistant runing on a different 192.168.0.5:8123.
My research lead me to a configuration, but that failed.
I then switched my efforts to my test PC (192.168.0.3) and tried the above configuration which failed so I am now at:

 <VirtualHost *:80>
#  ProxyPreserveHost On
#  ProxyRequests Off
  ProxyPass /pihole http://192.168.0.2:8081/admin/
  ProxyPassReverse /pihole http://192.168.0.2:8081/admin/
</VirtualHost>

<VirtualHost *:80>
#  ProxyPreserveHost On
#  ProxyRequests Off
  ProxyPass /homeasst http://192.168.0.5:8123/"
  ProxyPassReverse /homeasst http://192.168.0.5:8123/
</VirtualHost>

This was a partial success in that I got a text based version of my pihole site, but all the links reffered to “localhost” which in this instance was 192.168.0.3 and not the actual IP address of the pihole docker.
There was absolutely nothing in the error_log. The Access_log shows

192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /pihole HTTP/1.1" 200 16775 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/SourceSansPro/SourceSansPro.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, li
ke Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/daterangepicker.min.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko
) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/pi-hole.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.
182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/bootstrap/css/bootstrap.min.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, li
ke Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/datatables.min.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chr
ome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/select2.min.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/AdminLTE.min.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom
e/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/themes/default-light.css?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chro
me/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/jquery.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/bootstrap/js/bootstrap.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
 Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/moment.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/datatables.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
rome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/adminlte.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chro
me/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/bootstrap-notify.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gec
ko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/select2.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom
e/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/Chart.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/font-awesome/js/all.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Ge
cko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/select2.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom
e/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/index.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/utils.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/datatables.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
rome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/footer.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/logo.svg HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/moment.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/vendor/Chart.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/donate.gif HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.3
6"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /style/vendor/font-awesome/js/all.min.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Ge
cko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/logo.svg HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/utils.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/index.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /scripts/pi-hole/js/footer.js?v=1613518563 HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/88.0.4324.182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/favicons/favicon.ico HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Sa
fari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/favicons/favicon-32x32.png HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.
182 Safari/537.36"
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] "GET /img/favicons/favicon-16x16.png HTTP/1.1" 404 1088 "http://192.168.0.3/pihole" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.
182 Safari/537.36"
::1 - - [25/Feb/2021:07:54:08 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.43 (Linux/SUSE) PHP/7.4.6 mod_wsgi/4.5.18 Python/3.6 mod_perl/2.0.11 Perl/v5.26.1 (internal dummy connection)"

Can anyone provide a worked opensuse example of a reverse proxy configuration OR an alternate way of addressing the two services I want to find.
e.g. Is it possible to build some html code in /srv/www/htdocs/pihole to direct me to the pihole site, same for the home assistance site

Thanks for any help.

First,
My apologies for not providing the link to the Apache documentation in my previous post. Mainly for what you would need to install for different types of reverse proxy configurations, but the current scenarios is the “simples.”
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

For starters, you need to break down the solution into component parts, and then test what is happening with each part. You won’t likely get anywhere by trying to make everything work at once.
You might start by simplifying your setup by removing your Pi-hole and Home Assistance at first, and concentrate on just getting the reverse proxy to work. you can add the others back later.

Based on the following Digital Ocean guide intended for an Ubuntu or Debian setup (Which shouldn’t be an issue for configuring Apache, of course we install Apache differently)
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension

• Do you have all necessary modules installed, eg the mod_headers module if you’re using host headers
• Are all necessary modules loaded and enabled?
• You’ll notice the sample default configuration defines the servername without a leading slash (Why did you think that should be necessary?

In fact, without knowing how your virtualhost websites are set up, I’m wondering why you define the root paths with the server name. You have to be careful when doing that, in some cases the configuration might read it as an absolute path (ie system filesystem) and in other cases as a virtual path (ie web directory)

TSU

Please, PLEASE, always show the actual code, html page etc, not your description of it. Is it really that every link on the page you get has [noparse]http://localhost/[/noparse]?

The Access_log shows

192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] “GET /pihole HTTP/1.1” 200 16775 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36”
192.168.0.2 - - [25/Feb/2021:07:53:50 +0000] “GET /style/vendor/SourceSansPro/SourceSansPro.css?v=1613518563 HTTP/1.1” 404 1088 “http://192.168.0.3/pihole” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36”

I suspect the page actually contains absolute paths which of course do not match defined prefix (/pihole). In this case you indeed need separate virtual host and you need to map root to the remote location. And all of this is described in details in linux - How to handle relative urls correctly with a reverse proxy - Server Fault.

Hi,
thanks for the help, I will be putting this on the back burned for awhile until I understand more about apache. I seem to have found that I need either a separate domain name or port for each of the servers.

Thanks