What is proxy-server?
Proxy-server is a network service empowering clients to perform indirect requests to other network services. Proxy-server may be considered an intermediary. The brief description of proxy-server operation is as follows:
- client connects to proxy-server (front-end server)
- asks proxy-server for some resource located on another server
- proxy-server connects to the specified server (back-end server)
- gets requested resource
- gives out resource to the client
And the client may be ignorant that the requested resource was delivered from another server.
What is HTTP-proxy
HTTP-proxy is an implementation of proxy service for HTTP protocol. HTTP-proxy may be either reverse or forward.
Reverse HTTP-proxy usually lives between external network and internal network, it resolves external namespace into internal one, it is a barrier between external clients and live web-servers on the Intranet. The example is given below. Reverse HTTP-proxy is used to disguise internal network infrastructure, balance load among back-end servers, caching and HTTP responses compression. As a rule external clients have no idea that they are getting response from reverse proxy server.
Forward HTTP-proxy (aka Web-proxy) is used to reside between internal network and external network (Internet) and restrict access to specific HTTP resources, HTTP responses caching and web surfing. To make use of forward proxy the client shall explicitly specify its address (e.g. in browser settings). HTTP requests to forward proxy look like:
GET http://example.com/ HTTP/1.1 Host: example.com Accept: */* User-Agent: Mozilla
Note! The peculiarity of forward proxy request in comparison with direct request is that the path after GET (and any other HTTP method) is a fully qualified URL (including protocol and host part) and not just the local path to destination (starting with /).
Helicon Ape mod_proxy
Forward proxy in Helicon Ape is enabled by
ProxyRequests On directive. Before enabling you need to secure your server so that only authorized users could access the proxy.
Reverse proxy is enables by
ProxyPass directive. For example:
ProxyPass /app/ http://backend.domain.com/
or (the first parameter may be omitted when the directive is used inside <Location> section or .htaccess):
<Location /app/> ProxyPass http://backend.domain.com/ </Location>
The above config will proxy all requests starting with
backend.domain.com previously removing
/app part from the path:
/app/item/33/ -> http://backend.domain.com/item/33/.
To make HTTP response headers change when reverse proxying (e.g. Location header upon redirect) ProxyPassReverse directive may be used, and to change domain names and paths in cookies the following directives are used: ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath.
Now we’ll illustrate you an example of non-trivial proxy application.
Example: load balancing
Given: front-end server example.com visible from external network.
Goal: Realize load balancing among three back-end application servers accounting for their performance and two back-end servers storing static files (images, CSS, etc.). Say, the second and the third back-end application servers are twice as productive as the first one, and the second back-end for static is thrice as powerful as the first one.
Solution. The reverse proxy configuration in httpd.conf will be:
<VirtualHost *:80> ProxyPass /static/ balancer://cluster-static/ lbmethod=bytraffic <Proxy balancer://cluster-static> BalancerMember http://static1.example.com/ loadfactor=1 BalancerMember http://static2.example.com/ loadfactor=3 </Proxy> ProxyPass / balancer://cluster-app/ lbmethod=byrequests <Proxy balancer://cluster-app> BalancerMember http://app1.example.com/ loadfactor=1 BalancerMember http://app2.example.com/ loadfactor=2 BalancerMember http://app3.example.com/ loadfactor=2 </Proxy> </VirtualHost>
The search of
ProxyPass directive to match current request is performed subsequently, so directives with shorter matching patterns should be put lower in the config.
balancer: protocol in
ProxyPass directive tells that requests will be forwarded to the URLs specified in subsequent
lbmethod=byrequests parameter indicates that balancing will be based on the number of requests to back-end server;
bytraffic value means that load balancing will depend on the quantity of bytes transmitted from back-end.
Compression and caching
To accelerate your proxy-server responses from the back-end may be compressed and cached. To do that we add the following line into the VirtualHost section of our htpd.conf:
# enable compression SetEnv gzip # enable caching CacheEnable mem http://app1.example.com/ CacheEnable mem http://app2.example.com/ CacheEnable mem http://app3.example.com/
Please notice that caching will only work if the response from back-end contains expiration headers; e.g.,
As you could see Helicon Ape mod_proxy module possesses full-fledged proxy functionality to satisfy the most exacting needs.