Presented by Michael Rainey South Mississippi Linux Users Group Reverse Proxys Presented by Michael Rainey South Mississippi Linux Users Group
Reverse Proxy What is a reverse proxy Why use a reverse proxy How to configure a reverse proxy
Reverse Proxy What is a proxy server?
Reverse Proxy A proxy server is a dedicated computer or a software system that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service.
Reverse Proxy What is a forward proxy A forward proxy is a proxy configured to handle requests for a group of clients under the local Administrators control to an unknown or arbitrary group of resources that are outside of their control. Usually the word “forward” is dropped and it is referred to simply as a proxy. A well known example of a forward proxy is named squid.
Reverse Proxy What is a forward proxy
Reverse Proxy What is a reverse proxy In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as if they originated from the proxy server itself. Apache web server can be configured as a reverse proxy. For the purposes of this discussion Apache will be used in the demo.
Reverse Proxy What is a reverse proxy
Reverse Proxy Why use a reverse proxy?
Reverse Proxy Load Balancing This is the reverse proxy function that people are most familiar with. Here the proxy routes incoming HTTP requests to a number of identical web servers. This can work on a simple round-robin basis
Reverse Proxy Security A reverse proxy can hide the topology and characteristics of your back-end servers by removing the need for direct internet access to them. You can place your reverse proxy in an internet facing DMZ, but hide your web servers inside a non-public subnet.
Reverse Proxy Authentication You can use your reverse proxy to provide a single point of authentication for all HTTP requests.
Reverse Proxy SSL Termination Here the reverse proxy handles incoming HTTPS connections, decrypting the requests and passing unencrypted requests on to the web servers. This has several benefits: Removes the need to install certificates on many back end web servers. Provides a single point of configuration and management for SSL/TLS Takes the processing load of encrypting/decrypting HTTPS traffic away from web servers. Makes testing and intercepting HTTP requests to individual web servers easier.
Reverse Proxy Serving Static Content Some reverse proxy servers can also act as web servers serving static content. The average web page can often consist of megabytes of static content such as images, CSS files and JavaScript files. By serving these separately you can take considerable load from back end web servers, leaving them free to render dynamic content.
Reverse Proxy Caching A reverse proxy can act as a cache. You can either have a dumb cache that simply expires after a set period, or better still a cache that respects Cache-Control and Expires headers. This can considerably reduce the load on the back-end servers.
Reverse Proxy Compression In order to reduce the bandwidth needed for individual requests, the reverse proxy can decompress incoming requests and compress outgoing ones. This reduces the load on the back-end servers that would otherwise have to do the compression, and makes debugging requests to, and responses from, the back-end servers easier.
Reverse Proxy Centralized Logging and Auditing Because all HTTP requests are routed through the reverse proxy, it makes an excellent point for logging and auditing.
Reverse Proxy URL Rewriting Sometimes the URL scheme that a legacy application presents is not ideal for discovery or search engine optimisation. A reverse proxy can rewrite URLs before passing them on to your back-end servers.
Reverse Proxy Aggregating Multiple Websites Into the Same URL Space In a distributed architecture it’s desirable to have different pieces of functionality served by isolated components. A reverse proxy can route different branches of a single URL address space to different internal web servers.
Reverse Proxy Aggregating Multiple Websites Into the Same URL Space Internal Web Servers: http://ftp.smlug-internal.net http://sip.smlug-internal.net http://vpn.smlug-internal.net Routed from a single external domain: http://smlug.org/ftp http://ftp.smlug-internal.net http://smlug.org/sip http://sip.smlug-internal.net http://smlug.org/vpn http://vpn.smlug-internal.net
How to configure a reverse proxy in Apache
Reverse Proxy External server: smlug.org <Virtualhost *:80> ServerName smlug.org ProxyRequests off ProxyPass “/ftp” “http://ftp.smlug-internal.org/“ ProxyPassReverse “/ftp” “http://ftp.smlug-internal.org/“ ProxyPass “/sip” “http://sip.smlug-internal.org/“ ProxyPassReverse “/sip” “http://sip.smlug-internal.org/“ ProxyPass “/vpn” “http://vpn.smlug-internal.org/” ProxyPassReverse “/vpn” “http://vpn.smlug-internal.org/” </Virtualhost>