Original http://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
Translation
Reverse Proxy Guide
In addition to being a "basic" Web server and providing static and dynamic content to end users, Apache httpd (and most other Web servers) can also act as a reverse proxy server, also known as a gateway server.
In this case, the httpd itself does not generate or host the data, but instead obtains the content through one or more back-end servers, which typically do not connect directly to the external network. When HTTPD receives a request from the client, the request itself is proxied to one of the back-end servers, then processes the request, generates the content, sends the content back to httpd, and httpd generates the actual HTTP response back to the client.
There are many reasons for this implementation, but typically the typical reason is security, high availability, load balancing, and centralized authentication/authorization. In these implementations, it is critical that the layout of the backend infrastructure (those servers that actually handle the requests), the design and architecture are insulated and not externally protected; In the case of customers, the reverse proxy server is the only source of all content.
The typical implementation is as follows:
Reverse Proxy
Related modules |
Related directives |
Mod_proxy |
Proxypass |
Mod_proxy_balancer |
Balancermember |
Mod_hcheck |
|
Simple Reverse Proxy
The proxypass directive specifies the mapping of incoming requests to a back-end server (or a cluster of servers called the Blancer group). The simplest example proxies all requests ("/") to a single back end:
1 proxypass "/" "http://www.example.com/"
To ensure that the location:header generated from the backend is modified to point to the reverse proxy instead of returning to itself, the Proxypassreverse directive is usually required:
1 proxypass "/" "http://www.example.com/"2 proxypassreverse "/" "http://www.example.com/"
Only specific URIs can be proxied, as shown in the following example:
1 proxypass "/images" "http://www.example.com/"2 proxypassreverse "/images" "http// www.example.com/"
Above, any request that begins with the/images path is proxied to the specified backend, otherwise it is processed locally.
Cluster and Load balancer (Balancer)
Although useful, it is still flawed, that is, (single) backend nodes are down or overloaded, and proxy requests do not provide a real advantage. What we need is the ability to define a set or set of back-end servers that can handle these requests and allow the reverse proxy to load balance and fail over. This group is sometimes called a cluster, but the term Apache httpd is a load balancer (Balancer). Define a Load balancer (Balancer) by using the <Proxy> and Balancermember directives, as follows:
1 < proxy balancer://myset > 2 Balancermember http://www2.example.com:8080 3 Balancermember http://www3.example.com : 8080 4 Proxyset lbmethod=bytraffic 5 </ proxy > 6 7 Proxypass "/images/" "balancer://myset/" 8 proxypassreverse "/images/" " balancer://myset/"
BALANCER://'s notation tells HTTPd that we are creating a balancer set called MySet. It includes 2 back-end servers, httpd calls Balancermembers. In this case, any/images requests will be proxied to one of the 2 backend. The proxyset directive specifies that the MySet balancer uses a load balancing algorithm based on I/O byte balancing.
1 Tips 2 3 Balancermember is sometimes called a worker.
Configuration of Balancer and Balancermember
You can adjust the large number of configuration details for balancer and balancermember through the various parameters defined in the Proxypass. For example, suppose we want http://www3.example.com:8080 to handle 3x of traffic with a 1-second timeout, we'll adjust the configuration as follows:
1 < proxy balancer://myset > 2 Balancermember http://www2.example.com:8080 3 Balancermember http://www3.example.com : 8080 loadfactor=3 timeout=1 4 Proxyset Lbmethod=bytraffic 5 </ proxy > 6 7 proxypass "/images" "balancer://myset/" 8 proxypassreverse "/images" "balancer://myset/"
Fail over
You can also fine-tune various failover scenarios, detailing which workers should be accessed in this case and which balancer. For example, the following settings implement three failover scenarios:
1 when one or two of the http://www2.example.com:8080 and http://www3.example.com:8080 are hung, then http://spare1.example.com:8080 and http:/ /spare2.example.com:8080 is used to send traffic. A standby server will be used to replace an unavailable server in the same balancer set.
2 http://hstandby.example.com:8080 is used to send traffic only when all balancer are unavailable.
3 If all the load balancers are set to 0, they are not available, then only the worker in http://bkup1.example.com:8080 and http://bkup2.example.com:8080 is set to 1 to enter the working state.
Therefore, each load Balancer group can have one or more hot spares
1 <ProxyBalancer://myset>2 Balancermember http://www2.example.com:80803 balancermember http://www3.example.com:8080 loadfactor=3 timeout=14 balancermember http://spare1.example.com:8080 status=+r5 balancermember http://spare2.example.com:8080 status=+r6 balancermember http://hstandby.example.com:8080 status=+h7 balancermember http://bkup1.example.com:8080 lbset=18 balancermember http://bkup2.example.com:8080 lbset=19 Proxyset lbmethod=byrequestsTen </Proxy> One A proxypass "/images/" "balancer://myset/" -Proxypassreverse "/images/" "balancer://myset/"
For failover, hot spares can be used as an alternative to the unavailable worker in the same load Balancer group. If the worker is exhausted, stopped, or in an error/failure state, the worker is considered unavailable. If all workers and spares in the Load Balancer group are unavailable, use a hot spare. The Load Balancer collection (and their respective hot and standby) always tries in the lowest to highest order.
Balancer Manager
One of the most unique and useful features of the Apache httpd reverse proxy is the embedded Balancer-manager application. Similar to Mod_status, Balancer-manager displays the current working configuration and status of the enabled balancer and workers that are currently in use. However, it not only shows these parameters, but also allows for dynamic, almost all reconfiguration of the runtime, including the addition of new balancermembers (worker) to the existing balancer. To enable these features, you need to add the following to your configuration:
1 < "/balancer-manager">2 SetHandler balancer-manager3 Require host localhost4</location>
warning do not enable Balancer-manager until the server is secured. In particular, ensure that access to URLs is severely restricted.
When you access the reverse proxy server at that URL (for example: http://rproxy.example.com/balancer-manager/, you will see a page that resembles the following:
This form allows DevOps admin to adjust various parameters, take the worker offline, change the load balancing method, and add new works. For example, click Balancer itself and you will see the following page:
and click Worker to display this page:
To make these changes continue to restart the reverse proxy, make sure that Balancerpersist is enabled.
Health dynamic Check
Before httpd requests a proxy to the worker, it can "test" whether the worker is available by using Proxypass to set the ping parameter for the worker. In general, it is more useful to dynamically check the health status of a worker. This is achieved through the Mod_proxy_hcheck module in Apache httpd.
Balancermember Status Flag
In Balancer-manager, the current state or state of the worker person is displayed and can be set/reset. The meanings of these states are as follows:
Sign |
String |
Describe |
|
Ok |
Worker available |
|
Init |
Worker has been initialized |
D |
Dis |
The worker is disabled and will not accept any requests; will be retried automatically. |
S |
Stop |
The worker is stopped at the management level; Requests are not accepted and are not automatically retried |
I |
Ign |
The worker is in ignore error mode and is always considered available. |
R |
Spar |
The worker is a hot spare. For each worker that is not available in a given lbset (emptying, stopping, error, etc.), available hot spares using the same lbset will be used for their location. Hot Spares can help ensure that a specific number of workers are always available for balancer use. |
H |
Stby |
The worker is in hot standby mode and can only be used if there are no other viable workers or spares in the Balancer group. |
E |
Err |
The worker is in an error state, usually due to a pre-request check failure; The request will not be proxied to the worker, but will be retried based on the worker's retry settings. |
N |
Drn |
The worker is in drain mode and only accepts existing sticky sessions destined to itself and ignores all other requests. |
C |
Hcfl |
The worker does not pass a dynamic health check and is not used until a subsequent health check is passed. |
Finish
httpd----> httpd as Reverse proxy server (translator)