qoliberdocs
Sign in
qoliberdocs
2 min readMar 29, 2026by jakub

Apache

Architecture 1: Apache in Front of Trident

Apache handles TLS and forwards all requests to Trident. Trident caches responses from your backend.

Client --HTTPS--> Apache (:443) --HTTP--> Trident (:8120) --HTTP--> Backend (:8080)

Required Modules

Enable the necessary Apache modules:

Bash
sudo a2enmod proxy proxy_http headers ssl
sudo systemctl restart apache2

Apache Configuration

apache
<VirtualHost *:443>
    ServerName example.com

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

    ProxyPreserveHost On
    ProxyPass        / http://127.0.0.1:8120/
    ProxyPassReverse / http://127.0.0.1:8120/

    RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
    RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>

Trident Configuration

JSON
{
  "server": {
    "listeners": [
      { "address": "127.0.0.1:8120" }
    ]
  },
  "backends": [
    {
      "name": "origin",
      "address": "127.0.0.1:8080"
    }
  ]
}
Bind to localhost

When Apache sits in front, bind Trident to 127.0.0.1:8120 instead of 0.0.0.0:8120 so it only accepts connections from Apache.

Architecture 2: Trident in Front of Apache

Trident is the entry point. Cache misses are forwarded to Apache, which serves the application.

Client --HTTP--> Trident (:8120) --HTTP--> Apache (:8080) --> App

Trident Configuration

JSON
{
  "server": {
    "listeners": [
      { "address": "0.0.0.0:8120" }
    ]
  },
  "backends": [
    {
      "name": "origin",
      "address": "127.0.0.1:8080"
    }
  ]
}

Apache Configuration

Configure Apache to serve the application on port 8080:

apache
Listen 8080

<VirtualHost *:8080>
    ServerName example.com

    DocumentRoot /var/www/html

    <Directory /var/www/html>
        AllowOverride All
        Require all granted
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php-fpm.sock|fcgi://localhost"
    </FilesMatch>
</VirtualHost>

Health Checks

When Apache sits in front of Trident, forward health check requests:

apache
<Location /health>
    ProxyPass http://127.0.0.1:8120/health
    ProxyPassReverse http://127.0.0.1:8120/health
</Location>
Admin API health endpoint

Trident's admin API (default 127.0.0.1:6085) exposes a health endpoint you can use for monitoring and load balancer health checks separately from the cache port.

Cache Purge Forwarding

To forward purge requests from Apache to Trident's admin API:

apache
<Location /purge>
    ProxyPass http://127.0.0.1:6085
    ProxyPassReverse http://127.0.0.1:6085

    Require ip 127.0.0.1
</Location>
Restrict purge access

Always restrict access to purge endpoints using Require directives or firewall rules. Exposing purge endpoints publicly allows anyone to invalidate your cache.

Was this page helpful?
Apache — Web Servers — Trident HTTP Cache Proxy | qoliber Docs