Article title: R-Proxy-set up using Apache. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Duncan Lo <duncan@twn.wox.org>
Target Audience: firewall or system administrator.
Applicability: provides basic management and operation capabilities for the Linux environment.
Note: This article is a free document. You are welcome to repost it on a non-commercial basis and indicate the source!
For commercial reprint, please send a letter!
Note: 1. the procedures and settings provided in this article may not necessarily meet your environment,
Modify the program and settings according to your system environment.
2. before performing any destructive action or action,
Make sure that you have backed up all available data.
3. please read the entire article and try again. thank you!
This article is divided into four units. The first unit is to introduce the basic concept of R-Proxy and use Apache to establish
The R-Proxy method is basically set. The second unit is to use the Apache Rewrite module and R-Proxy to set
The distributed load and fault tolerance functions of Web hosts. The third unit is to discuss mod_proxy on Apache 1.3.
Module security issues. The fourth unit is to set up the R-Proxy on Apache 2 provided by kefore.
Experience.
Unit 1: set up R-Proxy
Generally, Proxy hosts are used by clients inside the service to access the Internet, and are usually set up with Squid,
At the same time, Squid itself also provides the Cache function to save access efficiency and bandwidth. Therefore, the Proxy host is also called the Proxy Cache Server.
R-Proxy itself is also a Proxy server, which represents the Reverse meaning of Reverse, the main purpose is to Reverse Proxy, for Internet user Proxy access to internal restricted websites, if the Cache function is enabled, it can also provide the File Cache function. In short, R-Proxy
It is like putting the Proxy architecture and requirements in Reverse direction, and the meaning of user role reconciliation. for details, refer to the final Netscape Proxy Server-Reverse Proxy text.
R-Proxy is mostly integrated with the firewall in practical applications. the Proxy accesses internal websites and prevents external users from directly accessing websites with internal restrictions and protection, or, the Web is distributed by several hosts according to the directory structure. in actual measurement, the R-Proxy can support html, php, asp, java and cgi programs as long as the path and settings are correct.
Web environment. the internal Web host can be accessed only by the IP address of the R-Proxy, while the general Internet users cannot directly access it, which is equivalent to using the R-Proxy as a virtual Web host, relative,
The security of the website has also improved.
In use, the Proxy Cache function can be used only when the Clien t is set in IE and Netscape or the transparent Cache mode is set on Firewall, but with R-Proxy, the user does not need to make any settings, as long as the Firewall or Web administrator sets R-Proxy.
There are many R-Proxy methods. Apache is the easiest method at present. Please note that the following tutorial demonstrates TurboLinux 7 Server and Apache 1.3.20, your actual environment may need to be modified. also, the Proxy is a function.
The software used as the cache proxy is mixed up...
First, make sure that your Apache has the modules proxy, which is usually in httpd. conf.
There will be a modules setting like the following two rows:
LoadModule proxy_module/usr/libexec/apache/libproxy. so
AddModule mod_proxy.c
After you confirm that Apache has the Proxy modules, you can start setting and find the following section:
Add or remove a few lines in it. the content will probably look like this:
ProxyRequests On
Order deny, allow
Deny from all
Allow from. your_domain.com
Change Allow from to the source location you provided. Next, set the Web host location you want to proxy and add the settings:
ProxyPass/http: // 192.168.1.7/
The above/refers to the Web root directory, followed by the internal Web host location.
OK! You can use Browser to connect to your R-Proxy host.
On Firewall, you may need to make httpd port moderately open, but you do not need to perform port Conversion. you will find that, the webpage you connect to the R-Proxy host contains the Web host you specified.
You can also distribute Web pages on different hosts. because there is only one Web main directory, you can divide the pages according to the Web Directory. the setting method is as follows:
There is a key point here, that is, the directory structure of the Web pages on each host is best followed by the structure of the Web main directory. for example, there should be no problem with the execution of rows 1st and 2nd above, but there should be rows 3rd and 4, it may not be feasible because the Web path may not be correct, especially when there is another directory in this directory, because this R-Proxy is used for Proxy access, rather than as a redirection action, therefore, you may need to use the ProxyPassReverse command. like this:
In this way, http: // 192.168.1.2/webmail/images will be transferred to/webmail/images, instead of the/images error path. however, pay attention to the following, this is the method specified by the sub-directory in the web page program. it must still be written in the "relative location" mode. there is still a possibility of an error in the "absolute location" mode.
The Apache proxy module I tested does not provide the round-robin function, so if you set it to the following:
Basically, only 1st settings take effect, and the fault tolerance function is not provided. Therefore, the above settings indicate that the web page still cannot be connected when the 1st hosts are down, because it does not automatically enable 2nd settings, this part must be used with the Apache rewrite module or other r-rproxy module with error detection.
If you want to activate the Cache function, you can refer to the Apache Configuration Manual to add several Cache settings,
In actual use, because R-Proxy may only access the internal Web host through Proxy, the File Cache changes and the quantity is not large,
It is suitable for some complicated and medium-and large-sized websites. you can choose whether to use the Cache function on your own.
Related parameters are as follows:
After R-Proxy is used, there is another difference, that is, the content of httpd log, which originally allows any user to directly
When accessing the Web host, the httpd log records the IP location of the online Client. However, after R-Proxy is used
All records in the Client will be the IP address of the R-Proxy, and the real access records of the Client will be recorded in the R-Proxy
In the httpd log, to trace online problems, you need to check the httpd log content of the R-Proxy.
Currently, only a few medium and large websites are deployed on the R-Proxy Host. in practical applications, R-Proxy can improve the Web access efficiency and enhance the security of the real Web host, the R-Proxy information on my hand is incomplete. many commercial products have used the concept of R-Proxy to achieve multi-line load balancing and fault-tolerant access in different regions, it also supports non-httpd services. to implement functions like those of products, you may need to implement the R-Proxy function with Squid...
3. ibm http Server
Http://tst.sinica.edu.tw/manual/ibm/index.html
Unit 2: distributed load of R-Proxy and host fault tolerance
In the previous unit, we can find that the basic R-Proxy can only be scattered on different hosts based on the Web Directory, and a web directory can only be linked to one host, when a host is a machine, the link's webpage directory becomes invalid.
A single static distributed service and lack of fault tolerance mechanisms are not good R-Proxy functions.
There is a CrulTunnel module available in the http://pihl.kumpu.org/mod_curltunnel.html, it
Provides commands like ProxyPass and ProxyPassReverse, CrulTunnelPass and CrulTunnelPassReverse,
The installation of the CurlTunnel module system must have a http://curl.haxx.se/libcurl function, but after the test, we found that the CurlTunnel module only makes the error 404 error message of the error link no longer appear, or does not provide the fault tolerance function, so this is not what we want.
To solve the web page link error, Apache must automatically identify the error when the URL path is faulty and direct it to the URL with the correct or error message response, in Apache, there is a module that provides the ability to convert URL paths according to conditions and rules-Rewrite. The Apache Rewrite module is a powerful URL path maintenance module, which can be based on conditions, rules or external programs to convert the URL path of the webpage.
The following test environment also sets up the R-Proxy on the firewall, which contains several Web hosts.
First, you must first confirm that there is a Rewrite module on your host, and there are settings similar to the following in httpd. conf:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
