Setting up an Apache HTTP server to proxy over a Virtuoso HTTP server

Challenge

A common scenario is that your Virtuoso instance is handling HTTP (and SPARQL) requests over its default HTTP port (8890), possibly on a machine with an internal hostname and/or IP address (e.g., virtuoso.internal.example.com at 10.3.2.1), but you want users to issue SPARQL requests to your main company web server (e.g., www.example.com) running Apache, as it must, at a public IP address.

In other words, you want users to put things like this in their browser address bar --


http://www.example.com/sparql

-- while Virtuoso is expecting such requests to come in to --


http://virtuoso.internal.example.com:8890/sparql

Solution

For Virtuoso to provide complete functionality, you'll need to set all of the following Apache rules --


ProxyPass          /conductor     http://virtuoso.internal.example.com:8890/conductor
ProxyPassReverse   /conductor     http://virtuoso.internal.example.com:8890/conductor
ProxyPass          /about         http://virtuoso.internal.example.com:8890/about
ProxyPassReverse   /about         http://virtuoso.internal.example.com:8890/about
ProxyPass          /category      http://virtuoso.internal.example.com:8890/category
ProxyPassReverse   /category      http://virtuoso.internal.example.com:8890/category
ProxyPass          /class         http://virtuoso.internal.example.com:8890/class
ProxyPassReverse   /class         http://virtuoso.internal.example.com:8890/class
ProxyPass          /data4         http://virtuoso.internal.example.com:8890/data4
ProxyPassReverse   /data4         http://virtuoso.internal.example.com:8890/data4
ProxyPass          /data3         http://virtuoso.internal.example.com:8890/data3
ProxyPassReverse   /data3         http://virtuoso.internal.example.com:8890/data3
ProxyPass          /data2         http://virtuoso.internal.example.com:8890/data2
ProxyPassReverse   /data2         http://virtuoso.internal.example.com:8890/data2
ProxyPass          /data          http://virtuoso.internal.example.com:8890/data
ProxyPassReverse   /data          http://virtuoso.internal.example.com:8890/data
ProxyPass          /describe      http://virtuoso.internal.example.com:8890/describe
ProxyPassReverse   /describe      http://virtuoso.internal.example.com:8890/describe
ProxyPass          /delta.vsp     http://virtuoso.internal.example.com:8890/delta.vsp
ProxyPassReverse   /delta.vsp     http://virtuoso.internal.example.com:8890/delta.vsp
ProxyPass          /fct           http://virtuoso.internal.example.com:8890/fct
ProxyPassReverse   /fct           http://virtuoso.internal.example.com:8890/fct
ProxyPass          /isparql       http://virtuoso.internal.example.com:8890/isparql
ProxyPassReverse   /isparql       http://virtuoso.internal.example.com:8890/isparql
ProxyPass          /ontology      http://virtuoso.internal.example.com:8890/ontology
ProxyPassReverse   /ontology      http://virtuoso.internal.example.com:8890/ontology
ProxyPass          /page          http://virtuoso.internal.example.com:8890/page
ProxyPassReverse   /page          http://virtuoso.internal.example.com:8890/page
ProxyPass          /property      http://virtuoso.internal.example.com:8890/property
ProxyPassReverse   /property      http://virtuoso.internal.example.com:8890/property
ProxyPass          /rdfdesc       http://virtuoso.internal.example.com:8890/rdfdesc
ProxyPassReverse   /rdfdesc       http://virtuoso.internal.example.com:8890/rdfdesc
ProxyPass          /resource      http://virtuoso.internal.example.com:8890/resource
ProxyPassReverse   /resource      http://virtuoso.internal.example.com:8890/resource
ProxyPass          /services      http://virtuoso.internal.example.com:8890/services
ProxyPassReverse   /services      http://virtuoso.internal.example.com:8890/services
ProxyPass          /snorql        http://virtuoso.internal.example.com:8890/snorql
ProxyPassReverse   /snorql        http://virtuoso.internal.example.com:8890/snorql
ProxyPass          /sparql-auth   http://virtuoso.internal.example.com:8890/sparql-auth
ProxyPassReverse   /sparql-auth   http://virtuoso.internal.example.com:8890/sparql-auth
ProxyPass          /sparql        http://virtuoso.internal.example.com:8890/sparql
ProxyPassReverse   /sparql        http://virtuoso.internal.example.com:8890/sparql
ProxyPass          /statics       http://virtuoso.internal.example.com:8890/statics
ProxyPassReverse   /statics       http://virtuoso.internal.example.com:8890/statics
ProxyPass          /void          http://virtuoso.internal.example.com:8890/void
ProxyPassReverse   /void          http://virtuoso.internal.example.com:8890/void
ProxyPass          /wikicompany   http://virtuoso.internal.example.com:8890/wikicompany
ProxyPassReverse   /wikicompany   http://virtuoso.internal.example.com:8890/wikicompany

You may choose to omit some of these rules (e.g., those for /conductor) as an additional layer of security, but Virtuoso's built in ACLs provide a fairly robust level of protection.

Related