How to reverse-proxy using apache web server to google cloud run services?
Question
I have got some google cloud run service endpoints that are secured by HTTPS. I want to set up my apache webserver to reverse proxy into the services so that people using my defined URL get back the service response. I have tried to use mod_proxy and mod_rewrite to proxy the service endpoint but it gives me 500 internal server error. How can it be done? Worst case please share an nginx solution for this. Config I tried:
<VirtualHost *:80>
ServerName hello.world.com
ServerAlias hello.world.com
RewriteEngine On
RewriteRule ^ https://helloworld-zxtb3wfs2a-de.a.run.app [P]
</VirtualHost>
BTW the endpoint is a website and not just a simple JSON response. Though even JSON responses are not working for me either.
2 answers
solution1
1 2020-07-13 23:57:23
While rewriting the query back to the Cloud Run endpoint (*.run.app), you need to make sure you update Host header to match to that.run.app domain name as well. Otherwise, Cloud Run's frontend IP won't know where to send that.
Check this question this question on how to do this with mod_rewrite, and make sure you use ProxyPreserveHost Off .
Also since you're getting HTTP 500, make sure you check the application logs to see if there's something wrong with how the app handles this request.
solution2
0 2021-04-05 10:33:04
I assume that you have already deployed your cloud run service with --ingress internal option, so that no one can access Cloud Run without the reverse proxy.
Follow the below steps to create a reverse proxy in front of the cloud run service. You can skip Steps 2 - 5 if you are not installing self-signed SSL and you have your own SSL configured
- Launch a Ubuntu Compute Engine and install apache2
- Install self-signed SSL using
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
- Update the SSL conf by replacing the below two lines in /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
- Enable necessary modules
sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
- Check the config and restart the server, then check whether you can load the https URL https://your-server-public-ip
sudo apache2ctl configtest
sudo systemctl restart apache2
- Update /etc/apache2/sites-available/000-default.conf with this content, Don't forget to replace the CLOUD-RUN-URL
<VirtualHost *:80>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass / https://CLOUD-RUN-URL-as.a.run.app/
ProxyPassReverse / https:///CLOUD-RUN-URL-as.a.run.app/
</VirtualHost>
- Update /etc/apache2/sites-available/default-ssl.conf with this content, Don't forget to replace the CLOUD-RUN-URL
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine On
ProxyPass / https://CLOUD-RUN-URL-as.a.run.app/
ProxyPassReverse / https://CLOUD-RUN-URL-as.a.run.app/
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
- Enable few more modules
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod ssl
- Check the config and restart the server
sudo apache2ctl configtest
sudo systemctl restart apache2
- Now load the https URL https://your-server-public-ip again, this time you will get the response from cloud run
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.