[users@httpd] HTTPS proxy with mod_rewrite to do a cheap ip-based load balancing

[Thierry Danard <td...@yahoo.com>]

Hello,

I am trying to implement in Apache a cheap load
balancer that is only based upon the ip address of the
client. 

I have two application servers. My Apache server is
acting as a HTTPS proxy, doing all the SSL for these
two application servers. Ip addresses ending with 0,
1, 2, 3 or 4 should go to the first application
server, Ip addresses ending with 5, 6, 7, 8 or 9
should go to the second application server.

I thought I could use ProxyPass and RewriteRule to
achieve this. It works most of the time except that
Apache sometimes performs a redirect instead of a
forward.

This causes problems with my application servers, they
cannot handle the extra "balancer1" or "balancer2" in
the URLs that they receive when a redirect occured.

Here are the configuration items I added in my conf
file.

SSLProxyEngine on
RewriteEngine on

RewriteCond %{REQUEST_URI}% !^/balancer1(.*)
RewriteCond %{REQUEST_URI}% !^/balancer2(.*)
RewriteCond %{REMOTE_ADDR} ^.*[0-4]$
RewriteRule (.*) /balancer1$1 [P]
ProxyPass /balancer1/app1 http://appserver1:8080/app1
ProxyPassReverse /balancer1/app1
http://appserver1:8080/app1
ProxyPass /balancer1/app2 http://appserver1:8080/app2
ProxyPassReverse /balancer1/app2
http://appserver1:8080/app2

RewriteCond %{REQUEST_URI}% !^/balancer1(.*)
RewriteCond %{REQUEST_URI}% !^/balancer2(.*)
RewriteCond %{REMOTE_ADDR} ^.*[5-9]$
RewriteRule (.*) /balancer2$1 [P]
ProxyPass /balancer2/app1 http://appserver2:8080/app1
ProxyPassReverse /balancer2/app1
http://appserver2:8080/app1
ProxyPass /balancer2/app2 http://appserver2:8080/app2
ProxyPassReverse /balancer2/app2
http://appserver2:8080/app2

I appreciate your help.

Note1: I know that a DNS round robin is the right way
to do this, but the application servers can't be
swapped once a session has started.

Note2: I know that a load balancer such as pen could
help me, but pen support of SSL is not so great. When
placed between Apache and the application servers, pen
uses the IP address of the proxy server instead of the
address of the client.

-Thierry




	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] HTTPS proxy with mod_rewrite to do a cheap ip-based load balancing

[Joshua Slive <js...@gmail.com>]

On 11/17/05, Thierry Danard <td...@yahoo.com> wrote:

> I thought I could use ProxyPass and RewriteRule to
> achieve this. It works most of the time except that
> Apache sometimes performs a redirect instead of a
> forward.

You need to get more information about "sometimes".  One way to do
this is to use the RewriteLog.

But if you don't find the problem there, I can suggest a couple
alternatives.  One is mod_proxy_balancer, which is included in 2.1
beta.  It can do sticky sessions based on cookies or urls, but not ip
addresses.  So it depends what your appserver needs.  (It probably
wouldn't be too hard to add IP-address-based sticky sessions to
mod_proxy_balancer.)

The other possibility is that, if your appservers already think they
have the same name as the front-end servers, and hence generate
appropriate redirects, you can get rid of the ProxyPassReverse and a
lot of resulting complication.  Your configuration would become
something like:

RewriteCond %{REMOTE_ADDR} ^.*[0-4]$
RewriteRule ^/(.*) http://appserver1:8080/$1 [P,L]
RewriteRule ^/(.*) http://appserver2:8080/$1 [P]

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org