Proxy virtual hosts are very handy when you need to access a tertiary system from your local network from the outside and you only have one IP address but there’s a master web server already configured.

If that server is running Apache, adding a proxy vhost to pass outside requests to the correct LAN system is as simple as defining/adding a new virtual host to the configuration.

The simplest proxy host is one that listens on (insecure) HTTP only and passes any requests to host on the local network:

A more complex setup allows for secure HTTPS connections from the open internet to be forwarded to the local host at (also running on HTTPS although plain insecure HTTP is supported with

This will require a (valid) certificate to be obtained for the (www.)server.domain.tld hostname. To simplify obtaining a certificate from Let’s Encrypt, for example, the virtualhost can be configured to skip proxying specific requests and serve them from the local filesystem instead (so that a certificate request for the main hostname can include the proxied domain as well as an ALT name):

If needed, specific subfolders can be proxied to different ports (for example for different software running on the same system).

Beware that the target application needs to be path-relative or be aware of the URL it’s accessed on (otherwise its link building will most likely fail).

Leave a Reply