Setting up an Apache HTTP server to proxy over a Virtuoso HTTP server
Challenge
A common scenario is that your Virtuoso instance is handling HTTP (and SPARQL) requests over its default HTTP port (8890
), possibly on a machine with an internal hostname and/or IP address (e.g., virtuoso.internal.example.com
at 10.3.2.1
), but you want users to issue SPARQL requests to your main company web server (e.g., www.example.com
) running Apache, as it must, at a public IP address.
In other words, you want users to put things like this in their browser address bar --
http://www.example.com/sparql
-- while Virtuoso is expecting such requests to come in to --
http://virtuoso.internal.example.com:8890/sparql
Solution
For Virtuoso to provide complete functionality, you'll need to set all of the following Apache rules --
ProxyPass /conductor http://virtuoso.internal.example.com:8890/conductor ProxyPassReverse /conductor http://virtuoso.internal.example.com:8890/conductor ProxyPass /about http://virtuoso.internal.example.com:8890/about ProxyPassReverse /about http://virtuoso.internal.example.com:8890/about ProxyPass /category http://virtuoso.internal.example.com:8890/category ProxyPassReverse /category http://virtuoso.internal.example.com:8890/category ProxyPass /class http://virtuoso.internal.example.com:8890/class ProxyPassReverse /class http://virtuoso.internal.example.com:8890/class ProxyPass /data4 http://virtuoso.internal.example.com:8890/data4 ProxyPassReverse /data4 http://virtuoso.internal.example.com:8890/data4 ProxyPass /data3 http://virtuoso.internal.example.com:8890/data3 ProxyPassReverse /data3 http://virtuoso.internal.example.com:8890/data3 ProxyPass /data2 http://virtuoso.internal.example.com:8890/data2 ProxyPassReverse /data2 http://virtuoso.internal.example.com:8890/data2 ProxyPass /data http://virtuoso.internal.example.com:8890/data ProxyPassReverse /data http://virtuoso.internal.example.com:8890/data ProxyPass /describe http://virtuoso.internal.example.com:8890/describe ProxyPassReverse /describe http://virtuoso.internal.example.com:8890/describe ProxyPass /delta.vsp http://virtuoso.internal.example.com:8890/delta.vsp ProxyPassReverse /delta.vsp http://virtuoso.internal.example.com:8890/delta.vsp ProxyPass /fct http://virtuoso.internal.example.com:8890/fct ProxyPassReverse /fct http://virtuoso.internal.example.com:8890/fct ProxyPass /isparql http://virtuoso.internal.example.com:8890/isparql ProxyPassReverse /isparql http://virtuoso.internal.example.com:8890/isparql ProxyPass /ontology http://virtuoso.internal.example.com:8890/ontology ProxyPassReverse /ontology http://virtuoso.internal.example.com:8890/ontology ProxyPass /page http://virtuoso.internal.example.com:8890/page ProxyPassReverse /page http://virtuoso.internal.example.com:8890/page ProxyPass /property http://virtuoso.internal.example.com:8890/property ProxyPassReverse /property http://virtuoso.internal.example.com:8890/property ProxyPass /rdfdesc http://virtuoso.internal.example.com:8890/rdfdesc ProxyPassReverse /rdfdesc http://virtuoso.internal.example.com:8890/rdfdesc ProxyPass /resource http://virtuoso.internal.example.com:8890/resource ProxyPassReverse /resource http://virtuoso.internal.example.com:8890/resource ProxyPass /services http://virtuoso.internal.example.com:8890/services ProxyPassReverse /services http://virtuoso.internal.example.com:8890/services ProxyPass /snorql http://virtuoso.internal.example.com:8890/snorql ProxyPassReverse /snorql http://virtuoso.internal.example.com:8890/snorql ProxyPass /sparql-auth http://virtuoso.internal.example.com:8890/sparql-auth ProxyPassReverse /sparql-auth http://virtuoso.internal.example.com:8890/sparql-auth ProxyPass /sparql http://virtuoso.internal.example.com:8890/sparql ProxyPassReverse /sparql http://virtuoso.internal.example.com:8890/sparql ProxyPass /statics http://virtuoso.internal.example.com:8890/statics ProxyPassReverse /statics http://virtuoso.internal.example.com:8890/statics ProxyPass /void http://virtuoso.internal.example.com:8890/void ProxyPassReverse /void http://virtuoso.internal.example.com:8890/void ProxyPass /wikicompany http://virtuoso.internal.example.com:8890/wikicompany ProxyPassReverse /wikicompany http://virtuoso.internal.example.com:8890/wikicompany
You may choose to omit some of these rules (e.g., those for /conductor
) as an additional layer of security, but Virtuoso's built in ACLs provide a fairly robust level of protection.