How to Configure Apache to Proxy Pass a Specific URL to Localhost on Different Port


9 views

When you need to redirect a specific path (like /atom) to a local service running on a different port (like 4000), a simple RewriteRule won't suffice because it performs client-side redirection. What you actually need is a server-side proxy configuration.

Here's the complete Apache configuration that solves this problem:

<VirtualHost *:80>
    ServerName example.com
    
    # Standard document root for normal files
    DocumentRoot /var/www/html
    
    # Proxy configuration for /atom path
    ProxyPass /atom http://localhost:4000/
    ProxyPassReverse /atom http://localhost:4000/
    
    # Enable necessary modules
    <IfModule mod_proxy.c>
        ProxyRequests Off
        <Proxy *>
            Require all granted
        </Proxy>
    </IfModule>
</VirtualHost>

The "Permission denied" error you encountered typically occurs when SELinux is enforcing its security policies. To resolve this:

# Check SELinux status
getenforce

# Temporarily set to permissive mode (for testing)
setenforce 0

# Permanent solution (if it works in permissive mode)
setsebool -P httpd_can_network_connect 1

For those who prefer using mod_rewrite, here's an equivalent solution:

RewriteEngine On
RewriteRule ^/atom(.*)$ http://localhost:4000$1 [P,L]
ProxyPassReverse /atom http://localhost:4000/

After making changes, always verify your configuration:

apachectl configtest
systemctl restart apache2

  • Ensure mod_proxy and mod_proxy_http are enabled
  • Check that your backend service is actually running on port 4000
  • Verify no firewall rules are blocking internal connections
  • The trailing slash in ProxyPass directives is significant

When configuring Apache to handle both static files and route specific paths to local services, many developers encounter the permission denied error (13) during proxy setup. Here's how to properly implement both functionalities:



    ServerName example.com
    DocumentRoot /var/www/html
    
    # Static file handling
    
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    

    # Proxy configuration for /atom
    ProxyRequests Off
    ProxyPreserveHost On
    
        ProxyPass http://localhost:4000/
        ProxyPassReverse http://localhost:4000/
        Require all granted
    
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

If you're seeing permission denied errors on RedHat-based systems, run:


setsebool -P httpd_can_network_connect 1

Even for localhost routing, ensure your firewall permits the connection:


sudo iptables -A INPUT -p tcp --dport 4000 -s 127.0.0.1 -j ACCEPT

For cases where ProxyPass isn't suitable, this rewrite rule maintains client IP visibility:


RewriteEngine On
RewriteRule ^/atom(.*) http://localhost:4000$1 [P]

Enable detailed logging by adding these directives:


LogLevel debug
ProxyErrorOverride Off

For high-traffic scenarios, add these proxy parameters:


ProxyPass /atom http://localhost:4000/ connectiontimeout=5 timeout=30 keepalive=On
ProxyPassReverse /atom http://localhost:4000/