Guides
  • Guides
  • Tutorials
    • File Management
    • Manage Identities
    • Storage Connectors
    • Automation with Flows
  • Overviews & Concepts
    • Clients, Scopes, and Consents
    • Collections and Endpoints
    • Globus Auth Requirements Errors (GAREs)
    • High Assurance Collections for Protected Data
    • Security Overview
  • Recipes & Manuals
    • Automating Transfer and Share of Data from Instruments
    • Automation with Service Accounts
    • GCS Apache Reverse Proxy
    • GCS Default VirtualHost
    • Monitoring Globus Connect Server
    • MRDP
    • Require a Flow for Data Movement
    • Use Globus Preview
Skip to main content
Globus Docs
  • Getting Started
    Getting Started

    Getting Started and Tutorial docs cover how to perform some activity or provide an introduction to a feature. They are not comprehensive, but help you get started with Globus or with new Globus features.

    • Users
    • Admins
    • Developers
  • Reference
    Reference
    • Service
      • Auth
      • Groups
      • Transfer
      • Timers
      • Flows
      • Compute
      • Search
    • Agents
      • Globus Connect Server
      • GCS CLI
      • Globus Connect Personal
      • Globus Compute
    • SDK
      • Python
      • JS
    • Clients
      • CLI
    • Security and Compliance
      • Product Security
      • Privacy
      • Solutions for Sensitive Data
      • FAQs
  • Solutions & Guides
    Solutions & Guides

    Find practical approaches for leveraging Globus in research environments, integrating with platforms, and building science gateways. Access hands-on guides, integration instructions, and real-world scenarios for advanced usage.

    • Portals/Science Gateways
    • Guides
  • Support
    Support

    Find answers to frequently asked questions, connect with the community by joining our mailing lists, or reach out directly to Globus support.

    • FAQs
    • Mailing Lists
    • Contact Us
    • Check Support Tickets
  • Site Search
  1. Home
  2. Guides
  3. Recipes & Manuals
  4. GCS Apache Reverse Proxy

How to configure Apache as a reverse proxy to allow concurrent hosting of GCS and other WebApps on port 443

In order to function correctly, Globus Connect Server must be accessible over SSL on port 443.

In instances where you are required to co-host GCS on a server with an application also required to be accessible on port 443, you can configure the Apache web server to act as a reverse proxy, which will route the non-Globus traffic to the appropriate port as specified in your vhost configuration:

  1. Configure your application to listen on a port other than 443 (eg. 4443)

  2. Create new Apache vhost definition

    • Ubuntu, Linux Mint, Debian
    • Fedora, CentOS, RedHat
    $ echo "IncludeOptional sites-enabled/*.conf" | sudo tee -a /etc/apache2/apache2.conf
    $ mkdir /etc/apache2/sites-{available,enabled}/
    $ vim /etc/apache2/sites-available/reverse-proxy.conf
    $ echo "IncludeOptional sites-enabled/*.conf" | sudo tee -a /etc/httpd/conf/httpd.conf
    $ mkdir /etc/httpd/sites-{available,enabled}/
    $ vim /etc/httpd/sites-available/reverse-proxy.conf
  3. Add a vhost entry similar to the below to reverse-proxy.conf (ensure to update ['ServerName', 'ProxyPass', 'ProxyPassReverse', 'SSLCertificateFile' and 'SSLCertificateKeyFile']):

            <VirtualHost *:443>
                SSLEngine on
                ServerName      ${vhostServerName}
                DocumentRoot /var/www/html/
                SSLProxyEngine on
                ProxyPreserveHost On
                ProxyPass / https://${proxyDestAndPort}
                ProxyPassReverse / https://${proxyDestAndPort}
                Header   always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
                LogLevel info
                SSLCertificateFile ${vhostSSLCert}
                SSLCertificateKeyFile ${vhostSSLKey}
            </VirtualHost>
  4. Enable and load the configuration by creating a symlink into the Apache 'sites-enabled' directory and restarting the Apache service:

    $ sudo ln -s /etc/apache2/sites-available/reverse-proxy.conf /etc/apache2/sites-enabled/reverse-proxy.conf
    $ sudo systemctl restart apache2.service
    $ sudo ln -s /etc/httpd/sites-available/reverse-proxy.conf /etc/httpd/sites-enabled/reverse-proxy.conf
    $ sudo systemctl restart httpd.service

After completing this process both the GCS Endpoint/Collections hosted on the node as well as the proxied application should be accessible over port 443 on your Endpoint node.

  • Guides
  • Tutorials
    • File Management
    • Manage Identities
    • Storage Connectors
    • Automation with Flows
  • Overviews & Concepts
    • Clients, Scopes, and Consents
    • Collections and Endpoints
    • Globus Auth Requirements Errors (GAREs)
    • High Assurance Collections for Protected Data
    • Security Overview
  • Recipes & Manuals
    • Automating Transfer and Share of Data from Instruments
    • Automation with Service Accounts
    • GCS Apache Reverse Proxy
    • GCS Default VirtualHost
    • Monitoring Globus Connect Server
    • MRDP
    • Require a Flow for Data Movement
    • Use Globus Preview
© 2010- The University of Chicago Legal Privacy Accessibility