httpd----> httpd as Reverse proxy server (translator)

Source: Internet
Author: User
Tags failover

Original http://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

Translation

Reverse Proxy Guide

In addition to being a "basic" Web server and providing static and dynamic content to end users, Apache httpd (and most other Web servers) can also act as a reverse proxy server, also known as a gateway server.

In this case, the httpd itself does not generate or host the data, but instead obtains the content through one or more back-end servers, which typically do not connect directly to the external network. When HTTPD receives a request from the client, the request itself is proxied to one of the back-end servers, then processes the request, generates the content, sends the content back to httpd, and httpd generates the actual HTTP response back to the client.

There are many reasons for this implementation, but typically the typical reason is security, high availability, load balancing, and centralized authentication/authorization. In these implementations, it is critical that the layout of the backend infrastructure (those servers that actually handle the requests), the design and architecture are insulated and not externally protected; In the case of customers, the reverse proxy server is the only source of all content.

The typical implementation is as follows:

Reverse Proxy

Related modules Related directives
Mod_proxy Proxypass
Mod_proxy_balancer Balancermember
Mod_hcheck

Simple Reverse Proxy

The proxypass directive specifies the mapping of incoming requests to a back-end server (or a cluster of servers called the Blancer group). The simplest example proxies all requests ("/") to a single back end:

1 proxypass "/"  "http://www.example.com/"

To ensure that the location:header generated from the backend is modified to point to the reverse proxy instead of returning to itself, the Proxypassreverse directive is usually required:

1 proxypass "/"  "http://www.example.com/"2 proxypassreverse "/"  "http://www.example.com/"

Only specific URIs can be proxied, as shown in the following example:

1 proxypass "/images"  "http://www.example.com/"2 proxypassreverse "/images"  "http// www.example.com/"

Above, any request that begins with the/images path is proxied to the specified backend, otherwise it is processed locally.

Cluster and Load balancer (Balancer)

Although useful, it is still flawed, that is, (single) backend nodes are down or overloaded, and proxy requests do not provide a real advantage. What we need is the ability to define a set or set of back-end servers that can handle these requests and allow the reverse proxy to load balance and fail over. This group is sometimes called a cluster, but the term Apache httpd is a load balancer (Balancer). Define a Load balancer (Balancer) by using the <Proxy> and Balancermember directives, as follows:

 1  <  proxy  balancer://myset  >  2   Balancermember http://www2.example.com:8080  3   Balancermember http://www3.example.com : 8080  4   Proxyset lbmethod=bytraffic  5  </ proxy  >  6  7   Proxypass "/images/" "balancer://myset/"  8  proxypassreverse "/images/" " balancer://myset/"

BALANCER://'s notation tells HTTPd that we are creating a balancer set called MySet. It includes 2 back-end servers, httpd calls Balancermembers. In this case, any/images requests will be proxied to one of the 2 backend. The proxyset directive specifies that the MySet balancer uses a load balancing algorithm based on I/O byte balancing.

1 Tips 2 3 Balancermember is sometimes called a worker.

Configuration of Balancer and Balancermember

You can adjust the large number of configuration details for balancer and balancermember through the various parameters defined in the Proxypass. For example, suppose we want http://www3.example.com:8080 to handle 3x of traffic with a 1-second timeout, we'll adjust the configuration as follows:

 1  <  proxy  balancer://myset  >  2   Balancermember http://www2.example.com:8080  3   Balancermember http://www3.example.com : 8080 loadfactor=3 timeout=1  4   Proxyset Lbmethod=bytraffic  5  </ proxy  >  6  7  proxypass "/images" "balancer://myset/"  8  proxypassreverse "/images" "balancer://myset/" 

Fail over

You can also fine-tune various failover scenarios, detailing which workers should be accessed in this case and which balancer. For example, the following settings implement three failover scenarios:

1 when one or two of the http://www2.example.com:8080 and http://www3.example.com:8080 are hung, then http://spare1.example.com:8080 and http:/ /spare2.example.com:8080 is used to send traffic. A standby server will be used to replace an unavailable server in the same balancer set.

2 http://hstandby.example.com:8080 is used to send traffic only when all balancer are unavailable.

3 If all the load balancers are set to 0, they are not available, then only the worker in http://bkup1.example.com:8080 and http://bkup2.example.com:8080 is set to 1 to enter the working state.

Therefore, each load Balancer group can have one or more hot spares

1 <ProxyBalancer://myset>2 Balancermember http://www2.example.com:80803 balancermember http://www3.example.com:8080 loadfactor=3 timeout=14 balancermember http://spare1.example.com:8080 status=+r5 balancermember http://spare2.example.com:8080 status=+r6 balancermember http://hstandby.example.com:8080 status=+h7 balancermember http://bkup1.example.com:8080 lbset=18 balancermember http://bkup2.example.com:8080 lbset=19 Proxyset lbmethod=byrequestsTen </Proxy> One  A proxypass "/images/" "balancer://myset/" -Proxypassreverse "/images/" "balancer://myset/"

For failover, hot spares can be used as an alternative to the unavailable worker in the same load Balancer group. If the worker is exhausted, stopped, or in an error/failure state, the worker is considered unavailable. If all workers and spares in the Load Balancer group are unavailable, use a hot spare. The Load Balancer collection (and their respective hot and standby) always tries in the lowest to highest order.

Balancer Manager

One of the most unique and useful features of the Apache httpd reverse proxy is the embedded Balancer-manager application. Similar to Mod_status, Balancer-manager displays the current working configuration and status of the enabled balancer and workers that are currently in use. However, it not only shows these parameters, but also allows for dynamic, almost all reconfiguration of the runtime, including the addition of new balancermembers (worker) to the existing balancer. To enable these features, you need to add the following to your configuration:

1 <  "/balancer-manager">2    SetHandler balancer-manager3     Require host localhost4</location>
warning do not enable Balancer-manager until the server is secured. In particular, ensure that access to URLs is severely restricted.

When you access the reverse proxy server at that URL (for example: http://rproxy.example.com/balancer-manager/, you will see a page that resembles the following:

This form allows DevOps admin to adjust various parameters, take the worker offline, change the load balancing method, and add new works. For example, click Balancer itself and you will see the following page:

and click Worker to display this page:

To make these changes continue to restart the reverse proxy, make sure that Balancerpersist is enabled.

Health dynamic Check

Before httpd requests a proxy to the worker, it can "test" whether the worker is available by using Proxypass to set the ping parameter for the worker. In general, it is more useful to dynamically check the health status of a worker. This is achieved through the Mod_proxy_hcheck module in Apache httpd.

Balancermember Status Flag

In Balancer-manager, the current state or state of the worker person is displayed and can be set/reset. The meanings of these states are as follows:

Sign String Describe
Ok Worker available
Init Worker has been initialized
D Dis The worker is disabled and will not accept any requests; will be retried automatically.
S Stop The worker is stopped at the management level; Requests are not accepted and are not automatically retried
I Ign The worker is in ignore error mode and is always considered available.
R Spar The worker is a hot spare. For each worker that is not available in a given lbset (emptying, stopping, error, etc.), available hot spares using the same lbset will be used for their location. Hot Spares can help ensure that a specific number of workers are always available for balancer use.
H Stby The worker is in hot standby mode and can only be used if there are no other viable workers or spares in the Balancer group.
E Err The worker is in an error state, usually due to a pre-request check failure; The request will not be proxied to the worker, but will be retried based on the worker's retry settings.
N Drn The worker is in drain mode and only accepts existing sticky sessions destined to itself and ignores all other requests.
C Hcfl The worker does not pass a dynamic health check and is not used until a subsequent health check is passed.

Finish

httpd----> httpd as Reverse proxy server (translator)

Large-Scale Price Reduction
  • 59% Max. and 23% Avg.
  • Price Reduction for Core Products
  • Price Reduction in Multiple Regions
undefined. /
Connect with us on Discord
  • Secure, anonymous group chat without disturbance
  • Stay updated on campaigns, new products, and more
  • Support for all your questions
undefined. /
Free Tier
  • Start free from ECS to Big Data
  • Get Started in 3 Simple Steps
  • Try ECS t5 1C1G
undefined. /

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.