Reverse proxy is very useful when We need Load balancing web requests or ensure our web servers for possible attacks. The operation of reverse proxy is simple, acts as intermediary between the web browser requests and the real web server (backends). A very common configuration for reverse proxy is installing a server in a DMZ executing it and the real servers configured in the LAN. Installing this type of proxy has some advantages:
- Control the URL access in one point of your web server access.
- Log all the inbound request in the same server.
- The web requests are not handled by the web server, improving the security.
- SSL acceleration, Installing the certificates in the proxy server releasing the load to the web server.
- Load balancing between the different servers.
In this scenario I’ll configure one reverse proxy server offering the resources /was1 and /was2 located in two differents servers in a LAN with a different subnet.
Configuring apache to provide reverse proxy service:
1.- Installing mod_proxy module for apache:
1
| # apt-get install libapache2-mod-proxy-html |
1
2
| LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy .so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http .so |
1
|
|
1
| ServerAdmin webmaster@localhost |
1
| ServerName www.webapplication.com |
1
2
3
4
|
ProxyPass http: //internal1 .webapplication.com/ ProxyPassReverse http: //www .webapplication.com /was1 < /location > |
1
2
3
4
5
|
ProxyPass http: //internal2 .webapplication.com/ ProxyPassReverse http: //www .webapplication.com /was2 < /location > ErrorLog ${APACHE_LOG_DIR} /error .log |
1
| LogLevel warn |
1
| CustomLog ${APACHE_LOG_DIR} /access .log combined |
1
| < /virtualHost > |
- ProxyPass: maps the public URL to the internal URL for the backend web server.
- ProxyPassReverse: hides the real server URL maintain the public URL in the outbound HTTP headers.
1
| # service apache2 restart |
For more information about mod_proxy for Apache see:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
No comments:
Post a Comment