Reverse proxy Load Balancer Apache

1.1 Introducing Reverse Proxies

The reverse proxy method refers to a proxy server that accepts connection requests on the Internet, then forwards the request to a server on the internal network and returns the results from the server to the client requesting the connection on the Internet, Reverse. At this point the proxy server appears as a reverse proxy server externally.

1.2 How the reverse proxy works

The usual proxy server, which is used only to proxy connection requests to the Internet by the internal network, must specify a proxy server and send HTTP requests that would otherwise be sent directly to the Web server to the proxy server. Because the host on the external network does not configure and use this proxy server, the normal proxy server is also designed to search the internet for multiple, uncertain servers instead of accessing a fixed server for requests from multiple clients on the Internet. Therefore, the normal Web proxy server does not support external access requests to the internal network. When a proxy server is able to proxy hosts on an external network, this proxy service is called a reverse proxy service when it accesses the internal network. At this point the proxy server is represented as a Web server, and the external network can simply treat it as a standard Web server without the need for a specific configuration. The difference is that the server does not save the real data of any Web page, all static Web pages or CGI programs are stored on the internal Web server. Therefore, the attack on the reverse proxy server does not cause the Web page information to be destroyed, which enhances the security of the Web server.
There is no conflict between the reverse proxy mode and the packet filtering method or the normal proxy mode, so both methods can be used in the firewall device, where the reverse proxy is used for external network access to the internal network, and the forward proxy or packet filtering method is used to deny other external access and provide internal network access to the external network. This way, you can combine these approaches to provide the best secure access.

1.3 Role of the reverse proxy 1.3.1 Protect website security

Any requests from the Internet must go through a proxy server

1.3.2 Configure caching to accelerate Web requests

Can cache some static resources on the real Web server, alleviate the load pressure of the real Web server

1.3.3 For load Balancing

Act as a Load Balancer server to distribute requests evenly and balance the load pressure of each server in the cluster

Second, using Apache to achieve reverse proxy combat 2.1 environment preparation: two virtual machines

Deploy Apache on both machines as RS

First set

[[Email protected] ~] # hostnamelinux-node1.example.com[[email protected]-node1 ~]#  uname-r2.6.32-504 . El6.x86_64[[email protected]-node1 ~] #  CentOS Release 6.6 (Final) [[email protected]-node1 ~]#  tail-3/etc/hosts 192.168.230.128  linux-node1.example.com192.168.230.129     linux-node2.example.com

Yum Install httpd do RS node

[[Email protected] ~]#sed-i ' s/listen 80/listen 8080/g '/etc/httpd/conf/httpd.conf[[Email protected]-NODE1 ~]#echo "Check-test1" >/var/www/html/index.html[[Email protected]-NODE1 ~]#/etc/init.d/httpd Startstarting httpd: [OK][[email protected]-NODE1 ~]#NETSTAT-NTPLActive Internet connections (only servers) Proto Recv-Q send-q Local address Foreign address State Pid/Program name TCP 0 00.0.0.0:22682 0.0.0.0:* LISTEN 1008/sshd TCP 0 0: :22682:::* LISTEN 1008/sshd TCP 0 0: :8080:::* LISTEN 3907/httpd

The second stage installs the httpd as the RS node, ibid, simultaneously compiles installs as the httpd reverse proxy

Install the base environment package

Yum-y Install apr-devel apr-util-devel pcre-devel openssl-devel gcc-c++

Download

wget http://mirrors.tuna.tsinghua.edu.cn/apache//httpd/httpd-2.4.23. tar.gz wget http:

CentOS 6.6 Default Apr and Apr-util versions are low and need to be installed new, as follows official introduction

APR andapr-Util Make sure you have APR andApr-util already installed on your system. If you don'T, or prefer to not use the system-provided versions, download the latest versions of both April and Apr-util from Apach E APR,Unpack them INTO/HTTPD_SOURCE_TREE_ROOT/SRCLIB/APR and/httpd_source_tree_root/srclib/apr-util (be sure, the directory names do nothave version numbers; forexample, the APR distribution must be under/httpd_source_tree_root/srclib/apr/) andUse./configure's--WITH-INCLUDED-APR option. On some platforms.Corresponding-dev packages to allow httpd to build against your installed copy of APR andApr-util

Download new Apr and Apr-util

[[email protected] src] # lsapr-1.4.5.tar.gz  

Extract to the HTTP source srclib directory, no version number

[email protected] httpd-2.4.23]#  ls srclib/Apr  apr-util  Makefile  Makefile.  Inch

Add--WITH-INCLUDED-APR to the back.

[[email protected] src] # ./configure--prefix=/usr/local/httpd-2.4.18--enable-so--enable-modules= "All"--with-included-apr [[email protected] httpd-2.4.23] # Make && make install

Test the configuration and start

[[email protected] httpd-2.4.23] # /usr/local/httpd/bin/apachectl-t Syntax ok[[email protected]-node2 httpd-2.4.23] # /usr/local/httpd/bin/apachectl-k Start

Edit Linux-node2 's Apache as a reverse proxy configuration file

[[email protected] extra]#pwd #路径/usr/local/httpd-2.4.18/conf/Extra[[email protected]-node2 Extra]#Cat httpd-proxy.conf#www.check-blog.comLoadModule Proxy_module modules/mod_proxy.soloadmodule proxy_connect_module Modules/mod_proxy_connect.soloadmodule proxy_http_module Modules/mod_proxy_http.soloadmodule proxy_balancer_module Modules/mod_proxy_balancer.soloadmodule lbmethod_byrequests_module Modules/mod_lbmethod_byrequests.soloadmodule lbmethod_bytraffic_module Modules/mod_lbmethod_bytraffic.soloadmodule lbmethod_bybusyness_module Modules/mod_lbmethod_bybusyness.soloadmodule slotmem_shm_module Modules/mod_slotmem_shm.soproxyrequests Off<proxy balancer://check-cluster>balancermember http:192.168.230.129:8080balancermember http:192.168.230.128:8080</proxy>Proxypass/demo balancer://check-Clusterproxypassreverse/demo balancer://check-Cluste#www.check-blog.comLoadModule Proxy_module modules/mod_proxy.so#Proxy ModuleLoadModule Proxy_connect_module modules/mod_proxy_connect.so#Linked ModulesLoadModule Proxy_http_module modules/mod_proxy_http.so#Proxy module for HTTPLoadModule Proxy_balancer_module modules/mod_proxy_balancer.so#Load Balancer ModuleLoadModule Lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so#algorithm module, depending on the amount of server requestsLoadModule Lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so#algorithm module, based on server trafficLoadModule Lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so#algorithm module, depending on the server's busy levelLoadModule Slotmem_shm_module modules/mod_slotmem_shm.so#Proxyrequests OFF#do not turn on this if you do not have security measures on your server<proxy balancer://check-cluster>#the name of the LB cluster groupBalancermember http://192.168.230.129:8080#Cluster Group memberBalancermember http://192.168.230.128:8080#Cluster Group member</Proxy>Proxypass/demo Balancer://check-cluster#jump, and lb cluster group name corresponding, access demoProxypassreverse/demo balancer://check-cluster will just include the file [[email protected]-node2 Extra]#vim/usr/local/httpd-2.4.18/conf/httpd.conf +482#Proxy DemoInclude conf/extra/httpd-proxy.conf Check grammar [[email protected]-node2 Extra]#/usr/local/httpd/bin/apachectl-tSyntax OK reboot [[email protected]-node2 Extra]#/usr/local/httpd/bin/apachectl-k Restart

Apache adds a management and restarts

[[email protected] extra]#Cat httpd-proxy.conf#www.check-blog.comLoadModule Proxy_module modules/mod_proxy.soloadmodule proxy_connect_module Modules/mod_proxy_connect.soloadmodule proxy_http_module Modules/mod_proxy_http.soloadmodule proxy_balancer_module Modules/mod_proxy_balancer.soloadmodule lbmethod_byrequests_module Modules/mod_lbmethod_byrequests.soloadmodule lbmethod_bytraffic_module Modules/mod_lbmethod_bytraffic.soloadmodule lbmethod_bybusyness_module Modules/mod_lbmethod_bybusyness.soloadmodule slotmem_shm_module Modules/mod_slotmem_shm.soproxyrequests Off<proxy balancer://check-cluster>balancermember http:192.168.230.129:8080balancermember http:192.168.230.128:8080</proxy>Proxypass/demo balancer://check-Clusterproxypassreverse/demo balancer://check-Cluste<Location/manager>SetHandler Balancer-Manager Order Deny,allow allow from All</Location>graceful Restart [email protected]-node2 Extra]# .. /.. /bin/apachectl-k Graceful

Add virtual Host in effect

[[email protected] extra]#Cat httpd-proxy.conf#www.check-blog.comLoadModule Proxy_module modules/mod_proxy.soloadmodule proxy_connect_module Modules/mod_proxy_connect.soloadmodule proxy_http_module Modules/mod_proxy_http.soloadmodule proxy_balancer_module Modules/mod_proxy_balancer.soloadmodule lbmethod_byrequests_module Modules/mod_lbmethod_byrequests.soloadmodule lbmethod_bytraffic_module Modules/mod_lbmethod_bytraffic.soloadmodule lbmethod_bybusyness_module Modules/mod_lbmethod_bybusyness.soloadmodule slotmem_shm_module Modules/mod_slotmem_shm.soproxyrequests Off<proxy balancer://check-cluster>balancermember http:192.168.230.129:8080balancermember http:192.168.230.128:8080</proxy>Proxypass/demo balancer://check-Clusterproxypassreverse/demo balancer://check-Cluste<Location/manager>SetHandler Balancer-Manager Order Deny,allow allow from All</location><virtualhost *:80>ServerAdmin [email protected]-blog.com DocumentRoot"/opt"ServerName Www.check-blog.com Serveralias Check-blog.com errorlog"Logs/www.check-blog.com-error_log"Customlog"Logs/www.check-blog.com-access_log"Common Proxypass/balancer://check-Cluster Proxypassreverse/balancer://check-Cluster</VirtualHost>Reboot [[email protected]-node2 Extra]# .. /.. /bin/apachectl-k Graceful

Local computer parsing

192.168.230.128 www.check-blog.com  check-blog.com

Other parameters Explained

See Apache website for details.
Set weight : loadfactor
set session hold : stickysession
lb mode : Default is Byrequest, or it can be bytraffic or bybusyness

Http://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Reverse proxy Load Balancer Apache