"Turn" thoughts on the evolution of large-scale website Technology (18)--Website static processing-reverse proxy (10)

Reverse proxy is also a kind of important technology that can help to realize the static website, today I will talk about the subject of reverse proxy. So first we need to understand what the reverse proxy is. And the reverse proxy is the forward proxy, the forward proxy is what we often say proxy services, the forward proxy is very common, such as in some companies we want to use the Internet, then we have to set up a proxy server in the browser, through the proxy server we can use the internet normally, And this proxy server is a forward proxy server. The more familiar usage scenarios for forward proxies are still used in FQ technology, and we use a proxy server that is placed abroad to access sites that are not normally accessible in the country, which is actually using a forward proxy service.

In fact, whether it is a forward proxy or reverse proxy, the definition of these two concepts are based on the browser side, the forward proxy is the proxy browser to access the Internet, reverse proxy refers to the agent is no longer the proxy browser side, but in turn the proxy browser needs to access the application server . So why are we using a forward proxy server? The answer is certainly not for FQ, let me cite some examples to illustrate the problem.

For example, the use of proxy servers in the company is mainly for security considerations, many companies have their own local area network, generally we call it intranet, the intranet has a variety of resources, if the company employees of the computer free to connect to the Internet, if you encounter those ulterior motives of hackers, By attacking the employee's work computer to intercept the company's important documents, which will cause the company's major losses, is to the agent in addition to prevent external hacker attacks can also monitor and control the company's internal staff to pass the company's important documents through the Internet to inappropriate people, Therefore the company lets the staff use the agent to go online basically is to consider from the security angle.

The rational use of positive agents can also help some enterprises to improve their product core competitiveness, such as on the mobile side has a very popular browser, it is very popular with users, because the browser to use the Internet faster than other browsers significantly faster, then how does this browser do this? The mystery is that the company for its own browser to establish a very powerful proxy server cluster, users use the browser to visit the site when users first access to the company's proxy server, and these proxy servers using caching technology to cache a huge amount of website information, Plus the use of some web-accelerated technologies such as CDN technology, which makes it much more efficient for the browser to access the site than other browsers.

Reverse proxy and forward proxy are basically consistent from the technical point of view, the main difference is the content of the agent is not the same, the reverse proxy agent is the application server. Reverse proxy technology is basically an internet company's standard technology, but the reverse proxy can be used correctly, whether to further play its practical value, I think not all companies can do well, I would like to summarize the reverse proxy use the purpose of it, specifically as follows:

Use destination one: The reverse proxy can hide the real application server. This goal belongs to the security category, the reverse proxy hides the real application server, then may make the ulterior motive hacker difficult to grasp the correct application server, thus increases the hacker's attack difficulty.

Use Purpose Two: the reverse proxy can achieve load balancing functions, such as in Java Web Development, there is a very simple way to implement clustering, the means is the use of Apache plus tomcat combination, the user requests to reach the pre-Apache server, Apache then uses a load-balancing policy to assign requests to different Tomcat servers in the background.

Use purpose Three: the reverse proxy can be used to dynamically adjust the number of application server concurrency, the server is generally used as a reverse proxy is a static resource server, such a server in the concurrent processing power is much stronger than the background of the Web application server, Then you can control the Web application Server front of the reverse proxy server, so that you can dynamically adjust the size of the load of background services, the benefits of this practice may be a lot of friends do not understand, here I cite an example, a site where the most need for stability is what part? Many friends will say is the database, indeed the database is the most important, because the database to do the distribution is difficult, it is easy to form a single point of failure, if the database hangs basic everything can not play, then in addition to the database there is something else? Of course, that is the application server for processing business, Application server if the cluster, one of the servers in the cluster hangs its impact surface is much lower than the database hangs, but a website to do business processing application server hangs off, the loss of the company is still very large, and the Web application server in front of the static resource server used as the reverse proxy, the problem will be much smaller, at least not the company's business can not be done properly, so when the site load is too high, so that the overload of the request by reverse proxy interception or blocking, which is a great benefit to the stability of the application server. Of course, the use of reverse proxy to adjust the load level of the application server is not only these, interested friends can find the relevant introduction on the network.

Use Purpose four: the reverse proxy can cache the static data, generally used as a reverse proxy server is using a static resource server like Apache or Ngnix, so we can cache the static resources in the Web application on the reverse proxy server, So as to improve the speed of request processing. This feature of the reverse proxy is relevant to the static processing of this series of theme sites.

After analyzing the purpose of using the reverse proxy, we now apply the reverse proxy to the project, where a pre-qualification is applied to the application of the reverse proxy to the static processing of the site, first of all, the first application, as shown in:

The first way to apply the reverse proxy is to have the reverse proxy and application Server one by one counterparts, that is, each application service deployment server corresponding to the deployment of a reverse proxy server, what is the benefit of doing so? First of all, we are the first advantage, if we do a static separation of the Web page, then the reverse proxy server can be responsible for the request of the access to the resources of the same time, the reverse proxy can also assume the purpose of dynamic and static resources integration. In particular, I said in the previous article that the static and dynamic resources will be due to our use of static and static strategy, and then some of the dynamics of the content is converted to a stationary resource, we can be converted to the passive resources on the server cache, this time the presentation of the schema model will change, as shown in:

　

We see the reverse proxy server and the application server will form a cache layer, the reverse proxy access to the cache layer is much more efficient than direct access to the application server, which is equivalent to the application server to do a speedup, while through the cache we can reduce the application server operating pressure, To achieve the purpose of improving application server performance. I used to have a friend ask me to do this will increase the pressure on the application server, because there are two servers on a server that can handle Web requests, there must be a conflict between them, but I think the conflict must be that we do not have a good deal with the relationship between the cause, So we're going to sort it out. What is the relationship between the reverse proxy and the application server deployed on the same server?

In fact, the reverse proxy and application server from the physical aspect of their two different things, but they are logically a whole, they work together to complete a logical application server function, but both because of the application of different scenarios and formed a division of labor Relations, The reverse proxy server mainly completes the processing of the static resource requests, while the application server is responsible for the processing of the business logic, and they eventually form a strong resultant force, which makes the performance of the overall logic application server significantly improved.

In addition, the reverse proxy can also play the purpose of dynamically adjusting the concurrency of the application server, but the above technical solution does not play the role of the reverse proxy load balancing and security two aspects. In order for the reverse proxy to be fully utilized for four purposes, how do we do it?

The simple way to do this is to migrate the location of the reverse proxy from the physical server on which the application server resides and onto a separate physical server, but this will have a performance penalty and add to the complexity of the entire technical architecture. Why is performance lost? Because the original reverse proxy server and application server are deployed on the same physical server, the communication between them is in a memory-sharing way, so the communication efficiency is very high, now replaced by network communication, and network communication is the most efficient IO device, the worst reliability, Therefore, deploying a reverse proxy server alone will result in a loss of performance.

    Why is it that deploying reverse proxies alone increases the complexity of the entire Web site technology architecture? We deploy the reverse proxy server separately, so will we use the one by one corresponding strategy when we deploy it separately? First of all, the pros and cons of doing this, from the technical and business perspective, but from the cost of this consideration is a lot of companies will be deterred, because this practice will be used to deploy the application server doubling the cost, and the increase of the server used for reverse proxy, this practice is not feel good value for money, Again, the static resource server for the reverse proxy itself is hundreds of times times the concurrency of the normal application server, and it does not fully play the potential of the reverse proxy server, so the best solution is to turn the reverse proxy server into a cluster of reverse proxy servers, and is the data for each reverse proxy cache in the cluster to be kept in sync? This is like dealing with the application Server session synchronization problem, if this does not cause the reverse proxy server to cache a large number of low-usage data resulting in poor cache utilization, while the synchronization itself will affect the performance of the reverse proxy cluster, So to design a good reverse proxy cluster is a very complex thing, in fact, a reasonable reverse proxy cluster is in the cluster in the group, each packet should be and the back-end of the SOA services to match, this time the reverse proxy cluster efficiency can be the biggest play, while the resource utilization will be more reasonable. In fact, the use of reverse proxy cluster mode, will also cause trouble to the production deployment, if the site has been static processing, then the reverse proxy needs to bear the static resources processing operations, this time the reverse proxy and the corresponding application server together to form a complete application server, But now that we have deployed a complete logic application server separately, we have to face more complex situations when we release new applications, which increases the risk and difficulty of deployment and operations.

      I'm so critical of the problem of deploying reverse proxies alone, but I'm not saying it's completely undesirable, but rather that it's a high-level approach, but it's also a complex approach, and it's a tricky thing to do to get this cluster done, I think that only when our website business volume and request volume is very big time, at the same time the original solution has the bottleneck time can seriously consider the implementation of the reverse proxy cluster scheme, but the reverse proxy formation of the cluster will bring great benefits to the security of the website, reverse proxy can hide the application server in the background, This kind of hiding is the client only need to access the proxy server, the application server is external to the reverse proxy to show, but if the reverse proxy and application Server one by one corresponding, then the malicious hacker to find a reverse proxy server, the reverse proxy server for repeated attacks, Then this attack is equal to the corresponding application server, which causes the reverse proxy to hide the role of the real application server is not effectively played, and the cluster this piece can be very good to deal with this problem, but if we feel that the use of cluster cost is too high, we also have a flexible approach, That is to put a reverse proxy server in front of all the logic application server, the reverse proxy server no longer assume the function of caching, but only to do load balancing and security processing, so that the one by one corresponding policy security can be guaranteed, However, if the company's technical ability can be considered using LVS as a software load balancing technology scheme, if the company is also rich can also consider using more advanced hardware load balancing devices such as F5 devices.

If our site in addition to the use of the site static technology also uses the front-end separation technology, of course, the front-end separation technology should be using nodejs of the front-end separation technology, then Nodejs should be placed in the production deployment where? In the previous article I listed a NODEJS application practice scenario, in this practice I mentioned that if the introduction of Nodejs in the original site production structure will add a request processing link, and Nodejs use mainly to meet the front and back end separation rather than increase the site performance, So the added link might degrade the performance of the request processing, so I ended up with a workaround that nodejs the source code when the project was released, and then simply went through the compiled JavaScript and HTML files to the browser side, thus creating the front-end MVC framework, This practice is always a bit nondescript, if we really want to introduce nodejs into the application production network architecture, we do not want to unnecessarily increase the request processing links, it is best to let the Nodejs server replace a section. According to this thinking, then I think Nodejs in the production of the introduction of the best is related to the reverse proxy, the simplest way is to let the Nodejs and reverse proxy one by one corresponding, so that can be very good to reduce the introduction of Nodejs brought about by the problem, Of course, the complex point is that the reverse proxy cluster corresponding application server should be Nodejs application server, rather than the business-level application server to do business processing.

Anyway, I think in the site static scheme we must consider the use of reverse proxy, if the static technology solution does not have a reverse proxy figure, then this site static processing may be difficult to achieve our expected effect.

Well, write it here today, and finally I wish you all good night.

Original link: http://www.cnblogs.com/sharpxiajun/p/4309976.html

"Turn" thoughts on the evolution of large-scale website Technology (18)--Website static processing-reverse proxy (10)