NAT 환경에서 Proxy 를 이용한 Apache Virtual Host 설정

하나의 공인 IP를 공유하는 NAT 환경에서 동일한 서버에 여러개의 도메인을 갖는 웹사이트들을 호스팅하는 경우에는 기본적인 virtual hosts 설정으로 처리가 가능하지만, 도메인에 따라 각각 다른 서버에서 동일한 포트를 사용하는 웹 호스팅을 한다면 일반적인 포트 번호 기반의 NAT로는 구현이 불가능하다. 이 경우 호스트 네임에 따라 포트 포워딩을 하는 것이 필요하다.

아래는 NAT에서는 80포트를 하나의 서버로 포워딩하고, 도메인 이름에 따른 분류는 Apache의 reverse proxy를 이용하는 virtual hosts 설정 방법이다.

Configuring Apache virtual hosts for NAT
http://jeffbaier.com/articles/configuring-apache-virtual-hosts-for-nat

VirtualHost Examples
http://httpd.apache.org/docs/2.2/vhosts/examples.html

- Apache 의 reverse proxy feature 사용
- proxy 모듈

# Ensure that Apache listens on port 80
Listen 80

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80

<VirtualHost *:*>
  DocumentRoot /www/example1
  ServerName www.example.com
</VirtualHost>

<VirtualHost *:*>
  ProxyPreserveHost On
  ProxyPass / http://192.168.111.2/
  ProxyPassReverse / http://192.168.111.2/
  ServerName hostname.example.com
</VirtualHost>

또는

# Listen for virtual host requests on all IP addresses
NameVirtualHost *

<VirtualHost *>
  DocumentRoot /www/example1
  ServerName www.example.com
</VirtualHost>

<VirtualHost *>
  ProxyPreserveHost On
  ProxyPass / http://192.168.111.2/
  ProxyPassReverse / http://192.168.111.2/
  ServerName hostname.example.com
</VirtualHost>

참고: Forward Proxy vs. Reverse Proxy, Controlling access to proxy
Apache Module mod_proxy
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

Forward Proxies and Reverse Proxies/Gateways

Apache can be configured in both a forward and reverse proxy (also known as gateway) mode.

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall. The forward proxy can also use caching (as provided by mod_cache) to reduce network usage.

The forward proxy is activated using the ProxyRequests directive. Because forward proxies allow clients to access arbitrary sites through your server and to hide their true origin, it is essential that you secure your server so that only authorized clients can access the proxy before activating a forward proxy.

A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers, or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

A reverse proxy is activated using the ProxyPass directive or the [P] flag to the RewriteRule directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

ProxyRequests Directive 의 default 값은 Off 이므로 따로 설정하지 않아도 된다.

ProxyRequests Directive
Description:    Enables forward (standard) proxy requests
Syntax:    ProxyRequests On|Off
Default:    ProxyRequests Off
Context:    server config, virtual host
Status:    Extension
Module:    mod_proxy