Reverse Proxy is a method where a server receives requests from clients and forwards them to internal backend servers. This approach is commonly used to expose internal web applications such as Emby, Nextcloud, or Laravel Echo through a local domain without directly opening backend ports.
Table of Contents
In this article, I demonstrate how to configure Apache2 as a Reverse Proxy for an internal application running on 192.168.2.11:8096, accessible via the local domain emby.server.lan.
1. Enabling Apache Proxy Modules
Before creating a Reverse Proxy VirtualHost, the required Apache proxy modules must be enabled:
sudo a2enmod proxy proxy_http proxy_wstunnel
sudo systemctl restart apache2
These modules allow Apache to handle HTTP forwarding and WebSocket connections, which are required by many modern web applications.
2. Creating a Reverse Proxy VirtualHost
Create a new VirtualHost configuration file:
sudo nano /etc/apache2/sites-available/emby.server.lan.conf
Add the following configuration:
<VirtualHost *:80>
ServerName emby.server.lan
ProxyPreserveHost On
ProxyPass / http://192.168.2.11:8096/
ProxyPassReverse / http://192.168.2.11:8096/
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log combined
</VirtualHost>
Configuration Overview
- ProxyPreserveHost On
Ensures the original Host header is forwarded to the backend server. - ProxyPass
Forwards incoming client requests to the internal application. - ProxyPassReverse
Rewrites backend response headers so they remain valid for the client.
3. Enabling the Reverse Proxy Site
Activate the VirtualHost and reload Apache:
sudo a2ensite emby.server.lan.conf
sudo systemctl reload apache2
The application should now be accessible via:
http://emby.server.lan
without exposing port 8096 directly.
4. Bonus: Reverse Proxy for WebSocket Applications
Some applications—such as Laravel Echo, Socket.IO, Livewire, or real-time dashboards—require WebSocket support.
Add the following lines inside the <VirtualHost> block:
ProxyPass "/ws/" "ws://IP:PORT/"
ProxyPassReverse "/ws/" "ws://IP:PORT/"
This configuration ensures WebSocket connections are properly forwarded through Apache.
5. Ultra Minimal Configuration (HTTP Only)
For simple HTTP applications that do not use WebSockets, the configuration can be simplified:
<VirtualHost *:80>
ServerName emby.server.lan
ProxyPass / http://192.168.2.11:8096/
ProxyPassReverse / http://192.168.2.11:8096/
</VirtualHost>
6. Why Use Apache Reverse Proxy?
Using Apache as a Reverse Proxy provides several advantages:
- Hides internal server IP addresses
- Allows multiple applications to run behind a single web server
- Simplifies SSL/HTTPS implementation using Let’s Encrypt
- Improves security and access control
Conclusion
By configuring Apache2 as a Reverse Proxy, internal web applications can be accessed securely through a local domain without exposing backend ports. This setup is ideal for home labs, internal networks, and production environments that require centralized access control and scalability.
Combined with HTTPS and proper access policies, Apache Reverse Proxy becomes a powerful tool for managing modern web services efficiently.