Set up a reverse proxy in Windows

Setting up an Apache HTTP reverse proxy server in Windows requires the Apache 2.4 software and edits to some configuration file.

These instructions are only one example of how to set up a reverse proxy in Windows. You should consult your IT security department about the required protocols and security settings.

  1. Download the following files:
    1. Go to the Apache Lounge at https://www.apachelounge.com/download/
    2. Download the latest Apache 2.4 httpd, and extract it to a convenient location, such as C:\Ixiasoft\Apache24.
    3. Download and install the necessary VC runtime libraries.
  2. In the conf folder, edit the httpd.conf file and make the following changes:
    1. Correct all absolute path of ServerRoot, DocumentRoot, Directory, and ScriptAlias properties throughout the file.
      You can use a text editor to search and replace the string C:\Apache24 with the path you need.
    2. Uncomment the following lines: 
      LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
Include conf/extra/httpd-ssl.conf
  3. Create a new file in the conf/extra/ folder called reverse-proxy.conf with the following content:
    In the following content, replace webserver.acme.com with your server's FQDN address.
    RedirectMatch ^/$ [1]https://webserver.acme.com/ixiasoft-ccms
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteRule "^/oxygen-webapp/app/admin.html" - [R=403]
ProxyPass "/ixiasoft-ccms" "http://127.0.0.1:8080/ixiasoft-ccms"
ProxyPassReverse "/ixiasoft-ccms" "https://webserver.acme.com/ixiasoft-ccms"
ProxyPass "/oxygen-webapp" "http://127.0.0.1:8080/oxygen-webapp"
ProxyPassReverse "/oxygen-webapp" "https://webserver.acme.com/oxygen-webapp"
ProxyPass "/license-servlet" "http://127.0.0.1:8080/license-servlet"
ProxyPassReverse "/license-servlet" "https://webserver.acme.com/license-servlet"
Header add X-Frame-Options "SAMEORIGIN"
Header add X-XSS-Protection "1; mode=block
  4. Copy your server's SSL certificate files to the appropriate location on the server.
    For example, copy the files to C:\Ixiasoft\Apache24\conf\cert.
  5. In the conf/extra folder, edit the https-ssl.conf configuration file and make the following changes:
    1. Correct the absolute path of DocumentRoot, Directory, ScriptAlias, and Log files properties throughout the config file.
    2. Set the ServerName in the section VirtualHost according to the server FQDN that you specified earlier, such as webserver.acme.com.
    3. Configure paths for your SSL certificates in the properties: SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile, if applicable.
    4. Replace the lines (near line #52 and #83) beginning with SSLCipherSuite, SSLProxyCipherSuite, SSLProtocol, and SSLProxyProtocol with the following: 
      SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-
SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-
RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-
SHA256:ECDHE-RSA-AES128-SHA256

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
    5. Add the following lines somewhere after line #55: 
      SSLCompression off 
SSLSessionTickets off
    6. Uncomment the following lines: 
      SSLUseStapling On
SSLStaplingCache "shmcb:C:/Ixiasoft/Apache24/logs/ssl_stapling(32768)"
      In a large environment the 32868 value might need to be higher. Contact IXIASOFT for more information.
    7. Add the following line in the end of the file just before the </VirtualHost> line: 
      Include conf/extra/reverse-proxy.conf
  6. If you want Apache to run as a system service, do the following:
    1. Navigate to the apache bin folder, open a command window as an administrator, and enter the following command: 
      httpd.exe -k install
    2. Start the Apache 2.4 service either from the Services console or by running a command line as an administrator and entering the following command: 
      httpd.exe -k start
    Tip: Later, if necessary, you can stop the service either from the Services console or by using the httpd.exe -k stop command.
    Tip: If you later want to uninstall the service, you must first stop the service and then use the httpd.exe -k uninstall command.