Apache as SSL Reverse Proxy configuration example

Hello all,

I just want to contribute with my experience.
Documentation recommends the usage of an NGINX instance as Reverse Proxy in front of the actual Datagerry Webserver.
I have been using an Apache instance instead for the same reason, and I’d like to share my configuration.

Apache Web Server version, on Debian 10 platform, is:

Server version: Apache/2.4.38 (Debian)
Server built:   2020-08-25T20:08:29

Certificate Authority certificate, web server’s Certificate and Key are in the /etc/apache2/certs/ directory.
So that Apache Web Server runs as Reverse Proxy with SSL offloading.

Datagerry’s own webserver is configured to only listen on “” address.

Apache’s enabled site configuration is the following:

<VirtualHost *:443>
        ServerAdmin webmaster@mydomain.com

        ServerName  cmdb1.mydomain.com:443

        ProxyPass        /
        ProxyPassReverse /

        SSLEngine      on
        SSLProxyEngine on
        SSLCACertificateFile  /etc/apache2/certs/CA-mydomain.com.crt
        SSLCertificateFile    /etc/apache2/certs/cmdb1.mydomain.com.crt
        SSLCertificateKeyFile /etc/apache2/certs/cmdb1.mydomain.com.key

        # Mozilla SSL Configuration Generator
        # https://ssl-config.mozilla.org/#server=apache&version=2.4.38&config=modern&openssl=1.1.1d&guideline=5.6

        Protocols h2 http/1.1
        Header always set Strict-Transport-Security "max-age=63072000"
        SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
        SSLHonorCipherOrder     off
        SSLSessionTickets       off

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined


I hope you appreciate it, feel free to share your thoughts.


1 Like