Attention! Helicon Tech Blog has moved to www.helicontech.com/articles/

Monday, August 31, 2009

Helicon Ape mod_proxy: proxy-server inside IIS

What is proxy-server?

Proxy-server is a network service empowering clients to perform indirect requests to other network services. Proxy-server may be considered an intermediary. The brief description of proxy-server operation is as follows:

  • client connects to proxy-server (front-end server)
  • asks proxy-server for some resource located on another server
  • proxy-server connects to the specified server (back-end server)
  • gets requested resource
  • gives out resource to the client

And the client may be ignorant that the requested resource was delivered from another server.

What is HTTP-proxy

HTTP-proxy is an implementation of proxy service for HTTP protocol. HTTP-proxy may be either reverse or forward.

Reverse HTTP-proxy usually lives between external network and internal network, it resolves external namespace into internal one, it is a barrier between external clients and live web-servers on the Intranet. The example is given below. Reverse HTTP-proxy is used to disguise internal network infrastructure, balance load among back-end servers, caching and HTTP responses compression. As a rule external clients have no idea that they are getting response from reverse proxy server.

Forward HTTP-proxy (aka Web-proxy) is used to reside between internal network and external network (Internet) and restrict access to specific HTTP resources, HTTP responses caching and web surfing. To make use of forward proxy the client shall explicitly specify its address (e.g. in browser settings). HTTP requests to forward proxy look like: 
GET http://example.com/ HTTP/1.1
Host: example.com
Accept: */*
User-Agent: Mozilla

Note! The peculiarity of forward proxy request in comparison with direct request is that the path after GET (and any other HTTP method) is a fully qualified URL (including protocol and host part) and not just the local path to destination (starting with /).

Helicon Ape mod_proxy

Helicon Ape owns a mod_proxy module that implements both reverse and forward proxy functionality. All basic aspects of this module along with examples may be found in the docs.

Forward proxy in Helicon Ape is enabled by ProxyRequests On directive. Before enabling you need to secure your server so that only authorized users could access the proxy.

Reverse proxy is enables by ProxyPass directive. For example:

ProxyPass /app/ http://backend.domain.com/

or (the first parameter may be omitted when the directive is used inside <Location> section or .htaccess):

<Location /app/>
  ProxyPass http://backend.domain.com/
</Location>

The above config will proxy all requests starting with /app/ to backend.domain.com previously removing /app part from the path:
/app/item/33/ -> http://backend.domain.com/item/33/.

To make HTTP response headers change when reverse proxying (e.g. Location header upon redirect) ProxyPassReverse directive may be used, and to change domain names and paths in cookies the following directives are used: ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath.

Now we'll illustrate you an example of non-trivial proxy application.

Example: load balancing

Given: front-end server example.com visible from external network.

Goal: Realize load balancing among three back-end application servers accounting for their performance and two back-end servers storing static files (images, CSS, etc.). Say, the second and the third back-end application servers are twice as productive as the first one, and the second back-end for static is thrice as powerful as the first one.

Solution. The reverse proxy configuration in httpd.conf will be:

<VirtualHost *:80>

ProxyPass /static/ balancer://cluster-static/ lbmethod=bytraffic

<Proxy balancer://cluster-static>
  BalancerMember http://static1.example.com/ loadfactor=1
  BalancerMember http://static2.example.com/ loadfactor=3
</Proxy>

ProxyPass / balancer://cluster-app/ lbmethod=byrequests

<Proxy balancer://cluster-app>
  BalancerMember http://app1.example.com/ loadfactor=1
  BalancerMember http://app2.example.com/ loadfactor=2
  BalancerMember http://app3.example.com/ loadfactor=2
</Proxy>

</VirtualHost>

The search of ProxyPass directive to match current request is performed subsequently, so directives with shorter matching patterns should be put lower in the config. balancer: protocol in ProxyPass directive tells that requests will be forwarded to the URLs specified in subsequent BalancerMember directives. lbmethod=byrequests parameter indicates that balancing will be based on the number of requests to back-end server; bytraffic value means that load balancing will depend on the quantity of bytes transmitted from back-end.

Compression and caching

To accelerate your proxy-server responses from the back-end may be compressed and cached. To do that we add the following line into the VirtualHost section of our htpd.conf:

# enable compression
SetEnv gzip 

# enable caching
CacheEnable mem http://app1.example.com/
CacheEnable mem http://app2.example.com/
CacheEnable mem http://app3.example.com/

Please notice that caching will only work if the response from back-end contains expiration headers; e.g., Cache-Control: max-age=60.

Conclusion

As you could see Helicon Ape mod_proxy module possesses full-fledged proxy functionality to satisfy the most exacting needs.

Best wishes,
HeliconTech Team
Posted by Tony at 3:04 AM
Labels: ,

3 comments:

  1. nintendo ds r4 cardOctober 5, 2009 at 5:07 AM

    Thanx for the valuable information. How to use a proxy server? Please provide information over it. Provide links to related topics if possible.

    ReplyDelete
  2. TonyDecember 23, 2009 at 2:51 AM

    @nintendo ds r4 card:

    And what exactly is not clear for you? It's just this very article that addresses the subject of using proxy.

    ReplyDelete
  3. AnonymousMarch 18, 2010 at 11:57 PM

    you have a nice post. thanks for sharing this enormous resources.

    ReplyDelete

Subscribe to: Post Comments (Atom)