Reverse proxy Load Balancer Apache

Reverse proxy Load Balancer Apache

One, reverse proxy
1.1 Introduction Reaction Agent

The reverse proxy method refers to a proxy server that accepts connection requests on the Internet, then forwards the request to a server on the internal network and returns the results from the server to the client requesting the connection on the Internet, Reverse. At this point the proxy server appears as a reverse proxy server externally.

1.2 How the reverse proxy works

The usual proxy server, which is used only to proxy connection requests to the Internet by the internal network, must specify a proxy server and send HTTP requests that would otherwise be sent directly to the Web server to the proxy server. Because the host on the external network does not configure and use this proxy server, the normal proxy server is also designed to search the internet for multiple, uncertain servers instead of accessing a fixed server for requests from multiple clients on the Internet. Therefore, the normal Web proxy server does not support external access requests to the internal network. When a proxy server is able to proxy hosts on an external network, this proxy service is called a reverse proxy service when it accesses the internal network. At this point the proxy server is represented as a Web server, and the external network can simply treat it as a standard Web server without the need for a specific configuration. The difference is that the server does not save the real data of any Web page, all static Web pages or CGI programs are stored on the internal Web server. Therefore, the attack on the reverse proxy server does not cause the Web page information to be destroyed, which enhances the security of the Web server.
There is no conflict between the reverse proxy mode and the packet filtering method or the normal proxy mode, so both methods can be used in the firewall device, where the reverse proxy is used for external network access to the internal network, and the forward proxy or packet filtering method is used to deny other external access and provide internal network access to the external network. This way, you can combine these approaches to provide the best secure access.

1.3 Role of the reverse proxy

1.3.1 Secure Your website

Any requests from the Internet must go through a proxy server

1.3.2 Configure caching to accelerate Web requests

Can cache some static resources on the real Web server, alleviate the load pressure of the real Web server

1.3.3 For load Balancing

Act as a Load Balancer server to distribute requests evenly and balance the load pressure of each server in the cluster

Second, the use of Apache to implement reverse proxy combat
2.1 Environment Preparation: two virtual machines

Operating system: CENTOS7. X

1. Backup

Mv/etc/yum.repos.d/centos-base.repo/etc/yum.repos.d/centos-base.repo.backup

2, download the new Centos-base.repo to/etc/yum.repos.d/

wget -o/etc/Yumrepos.d/centos-base.repo http://mirrors.aliyun.com/repo/ Centos-7.repowget -o/etc/yum. Repos.d/epel.repo http://mirrors.aliyun.com/ Repo/epel-7.repoyuminstallgccgcc make screen Tree Lrzsz

Node1:
Installing Apache in Yum modifies the HTTP port to 8080

Yum Install -sed's/listen 80/listen 8080/g' /etc/httpd/conf/   echo'node1' >/var/www/html/~]# Curl http:// 192.168.3.200:8080/Node1

Node2:
Installing Apache in Yum modifies the HTTP port to 8080

Yum Install -sed's/listen 80/listen 8080/g' /etc/httpd/conf/   echo'node2' >/var/www/html/~]# Curl http:// 192.168.3.200:8080/Node2

Install apache2.4.25 as the reverse proxy server again on Node1

# cd/usr/local/src/&&wgethttp//mirrors.hust.edu.cn/apache/httpd/httpd-2.4.25.tar.gz# TarZXF httpd-2.4. -.Tar. gz# CD httpd-2.4. -# ./configure--prefix=/usr/local/httpd-2.4. ---enable-so--enable-modules=" All"#  Make&& Make Install# LN-s/usr/local/httpd-2.4. -//USR/LOCAL/HTTPD

Edit Linux-node1 's Apache as a reverse proxy configuration file

# vim/usr/local/httpd/conf/extra/httpd-proxy.confloadmodule proxy_module Modules/mod_proxy.so #proxy模块LoadModule proxy_connect_module modules/mod_proxy_connect.so #链接的模块LoadModule proxy_http_module modules/mod_proxy_http.so #给http做代理模块LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #负载均衡模块LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so #算法模块, LoadModule Lbmethod_bytraffic_module modules based on the server's request volume/mod_lbmethod_bytraffic.so #算法模块, LoadModule lbmethod_bybusyness_module based on server traffic modules/mod_lbmethod_bybusyness.so #算法模块, LoadModule slotmem_shm_module modules according to the server's busy level/mod_slotmem_shm.so #ProxyRequests Off #如果没有对服务器采取安全措施之前, please do not turn on this<proxy Balancer://mycluster> #lb集群组的名称Balancermember http://192.168.3.140:8080 #集群组成员Balancermember http://192.168.3.200:8080 #集群组成员</Proxy>Proxypass/demo Balancer://mycluster #跳转, corresponding to the LB cluster group nameProxypassreverse/demo Balancer://mycluster

The master profile in Apache include the above profile and launch Apache

# vim/usr/local/httpd/conf/httpd.confinclude conf/extra/httpd-proxy.conf

# Write Test file

Echo ' Node1 ' >/usr/local/httpd-2.4. /htdocs/index.html/usr/local/httpd/bin/apachectl-t # Test Apache syntax is correct /usr/local/httpd /bin/apachectl-k Start # Launch Apache

By accessing the proxy server, you can see the effect of load balancing

Http://192.168.3.140:8080/demo

Add a management to Apache and restart

#Cat/usr/local/httpd/conf/extra/httpd-proxy.confloadmodule proxy_module Modules/mod_proxy.soloadmodule proxy_connect_module Modules/mod_proxy_connect.soloadmodule proxy_http_module Modules/mod_proxy_http.soloadmodule proxy_balancer_module Modules/mod_proxy_balancer.soloadmodule lbmethod_byrequests_module Modules/mod_lbmethod_byrequests.soloadmodule lbmethod_bytraffic_module Modules/mod_lbmethod_bytraffic.soloadmodule lbmethod_bybusyness_module Modules/mod_lbmethod_bybusyness.soloadmodule slotmem_shm_module Modules/mod_slotmem_shm.soproxyrequests Off<proxy Balancer://mycluster>Balancermember http://192.168.3.140:8080Balancermember http://192.168.3.200:8080</Proxy>Proxypass/demo Balancer://myclusterProxypassreverse/demo Balancer://mycluster<Location/manager>SetHandler Balancer-Managerorder Deny,allowallow from all</Location>

Open the browser management interface
Http://192.168.3.140:8080/manager

Add a virtual Host

LoadModule Proxy_module modules/mod_proxy.soloadmodule proxy_connect_module Modules/mod_proxy_connect.soloadmodule proxy_http_module Modules/mod_proxy_http.soloadmodule proxy_balancer_module Modules/mod_proxy_balancer.soloadmodule lbmethod_byrequests_module Modules/mod_lbmethod_byrequests.soloadmodule lbmethod_bytraffic_module Modules/mod_lbmethod_bytraffic.soloadmodule lbmethod_bybusyness_module Modules/mod_lbmethod_bybusyness.soloadmodule slotmem_shm_module Modules/mod_slotmem_shm.soproxyrequests Off<proxy Balancer://mycluster>Balancermember http://192.168.3.140:8080Balancermember http://192.168.3.200:8080</Proxy>Proxypass/demo Balancer://myclusterProxypassreverse/demo Balancer://mycluster<Location/manager>SetHandler Balancer-Managerorder Deny,allowallow from all</location><virtualhost *: the>ServerAdmin [Email protected]documentroot"/opt"ServerName Www.chinasoft.comServerAlias Chinasoft.comerrorlog"Logs/www.chinasoft.com-error_log"Customlog"Logs/www.chinasoft.com-access_log"Commonproxypass/balancer://myclusterProxypassreverse/balancer://mycluster</VirtualHost>

Add the following to the local computer's host file, and then clean up
192.168.3.140 www.chinasoft.com

Http://www.chinasoft.com

Reverse proxy Load Balancer Apache