You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brian Mearns <bm...@ieee.org> on 2009/11/22 22:30:23 UTC
[users@httpd] Lightweight apache for fast proxying
I'm thinking of setting up apache as a fairly rich reverse proxy for a
variety of different servers, and would like some suggestions on a)
whether or not this is a good idea and if there are better
alternatives, and b) how should I build and configure it to maximize
performance.
There's the executive summary, here are the details. I already have
Apache httpd set up as a web server with several SSL and NonSSL name
based vhosts. I also have Squid set up as a caching reverse proxy.
Finally, I have a second apache web server instance set up as a test
server: basically I work out my configuration options in this server
(which listens on different ports), and then when it's working
properly I push the configuration into my other (release) server.
So here's what I want to do. Set up a third instance of Apache
exclusively as a front end for my other servers. Generally, it will
just service the same named vhosts as on my original server by reverse
proxying to squid (which is already set up to reverse proxy to the
origin server). I will also set it up with two different sets of
vhosts to a) access my test server (for instance at test.mysite.com),
and b) bypass the squid proxy and go straight to the origin server
(e.g., at nosquid.mysite.com).
Final detail is just that all of my vhosts (including test and
no-cache varieties) will have SSL enabled. I've got SNI working fine
with my current apache server, so I don't think this will be much of
an issue.
I'm pretty comfortable with Apache config, so I don't foresee any
insurmountable difficulties in setting this up. But if anyone can
offer any tips on the best way to do it (for instance, to make sure
the apache reverse proxying happens as fast as possible, or just how
to keep the front end server lightweight), or suggest better
alternatives to using apache for this, I'd really appreciate it.
Thanks,
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Lightweight apache for fast proxying
Posted by Emmanuel Bailleul <Em...@telindus.fr>.
> -----Message d'origine-----
> De : mearns.b@gmail.com [mailto:mearns.b@gmail.com] De la part de Brian
> Mearns
> Envoyé : dimanche 22 novembre 2009 22:30
> À : users@httpd.apache.org
> Objet : [users@httpd] Lightweight apache for fast proxying
>
> I'm thinking of setting up apache as a fairly rich reverse proxy for a
> variety of different servers, and would like some suggestions on a)
> whether or not this is a good idea and if there are better
> alternatives, and b) how should I build and configure it to maximize
> performance.
>
> There's the executive summary, here are the details. I already have
> Apache httpd set up as a web server with several SSL and NonSSL name
> based vhosts. I also have Squid set up as a caching reverse proxy.
> Finally, I have a second apache web server instance set up as a test
> server: basically I work out my configuration options in this server
> (which listens on different ports), and then when it's working
> properly I push the configuration into my other (release) server.
>
> So here's what I want to do. Set up a third instance of Apache
> exclusively as a front end for my other servers. Generally, it will
> just service the same named vhosts as on my original server by reverse
> proxying to squid (which is already set up to reverse proxy to the
> origin server). I will also set it up with two different sets of
> vhosts to a) access my test server (for instance at test.mysite.com),
> and b) bypass the squid proxy and go straight to the origin server
> (e.g., at nosquid.mysite.com).
> Final detail is just that all of my vhosts (including test and
> no-cache varieties) will have SSL enabled. I've got SNI working fine
> with my current apache server, so I don't think this will be much of
> an issue.
>
> I'm pretty comfortable with Apache config, so I don't foresee any
> insurmountable difficulties in setting this up. But if anyone can
> offer any tips on the best way to do it (for instance, to make sure
> the apache reverse proxying happens as fast as possible, or just how
> to keep the front end server lightweight), or suggest better
> alternatives to using apache for this, I'd really appreciate it.
>
> Thanks,
> -Brian
>
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://keys.gnupg.net
>
Hi Brian,
I'm sure you already thought of the things below, but as I'm feeling concerned (I'm currently working on something similar), I want to contribute to the checklist :
- compile modules statically
- only include the modules you need (rewrite, headers, proxy, ssl, deflate, status, ...)
- check that SSLSessionCache is correctly used (you can check that with mod_status)
- ...
I could also ask you whether you thought about load balancing (I'm seriously thinking about using haproxy, though SSL and SNI in particular could make it harder to use), monitoring (I'd like to know if my reverse proxy is fast and how fast it is ...) and why not securing (maybe use mod_security ?).
Hope others will contribute.
Emmanuel
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org