dns - Reverse Proxy to a URL

06
2014-04
  • Brigzzy

    I have a Ubuntu 12.04.3 server set up acting as DNS server (BIND9), web server (Apache2) and a reverse proxy server (haproxy). My goal is to have haproxy redirect to some of the other servers on the network, some of which I want to redirect to a 'sub URL' (Not sure that's the right term. Please see the example below)

    user goes to "monitor.example.com" > haproxy redirects to > "1.1.1.1:80/nagios"

    My DNS server is set up using wildcard subdomains, and right now if I go to monitor.example.com it goes to the default apache page on the monitor server, but it would look a lot nicer and be a lot shorter to type if I could get it to direct to the /nagios page automatically. If I go to monitor.example.com/nagios it works as expected, but it's a little redundant.

    I spent a while searching for a solution, but I'm not having any luck finding the answer to my question. Does anyone have any idea if this is possible and if so how I might solve it? Here is my haproxy.conf file:

    global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    #log loghost    local0 info
    maxconn 4096
    #chroot /usr/share/haproxy
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option redispatch
    maxconn 2000
    contimeout      5000
    clitimeout      50000
    srvtimeout      50000

frontend http-in
    bind 1:80

    acl host_apache hdr(host) -i example.com
    acl host_monitor hdr(host) -i monitor.example.com
    acl host_cloud hdr(host) -i cloud.example.com

    use_backend apache if host_apache
    use_backend monitor if host_monitor
    use_backend cloud if host_cloud


backend apache
    server web3 127.0.0.1:81

backend monitor
    server monitor 1.1.1.1:80/monitor

backend cloud
    server cloud 2.2.2.2:80

    If anyone has any other suggestions or a different program I could use to achieve my goal, I'm open to suggestions. I'm not using haproxy for any particular reason. I've tried pound too, but could not get it configured either.

    Thanks for reading!

    Brigzzy

    • Answers
  • walkeran

    While I love HAProxy, I'd agree with davidgo that it's probably not the best tool for this job. I also think that Apache with multiple named vhosts and mod_rewrite to proxy requests to the necessary backend are the way to go.

    Listen 80
NameVirtualHost *:80

<VirtualHost *:80>
  ServerName example.com
  RewriteEngine on
  ProxyPreserveHost On
  RewriteRule ^/(.*)$ http://127.0.0.1:81/$1 [P]
</VirtualHost>

<VirtualHost *:80>
  ServerName monitor.example.com
  RewriteEngine on
  ProxyPreserveHost On
  RewriteRule ^/(.*)$ http://1.1.1.1:80/monitor/$1 [P]
</VirtualHost>

    Depending on your applications on the backend, the rewrites may or may not work exactly like you are expecting. For example, if nagios is expecting that it's resources are located under a root dir of /monitor, and it links to things like /monitor/someurl, then your rewriting will cause the URL to end up at /monitor/monitor/someurl by the time it hits your server. That could probably be overcome by another RewriteRule, or a little bit of regex in the current one.

    You could also just use straight mod_proxy with ProxyPass directives instead of mod_rewrite (which, in this case, is also utilizing mod_proxy)


    • Related Question

    Nginx Reverse Proxy Apache Benefits
  • vonhogen

    Can anyone explain why putting up nginx and reverse proxying Apache is faster than just plain Apache?

    I've already moved all my static files to s3 (I heard nginx is better at handling static files), so what other benefits does it have?


    • Related Answers
  • Van Gale

    Apache has two models for handling connections from clients: worker and prefork. Prefork is very resource heavy (requires a full process for every client connection) but still commonly used with PHP. Worker is much better from a resource point of view, but still requires a dedicated thread per client connection.

    Nginx uses only a small number of threads (commonly only one thread per cpu) to handle all client connections. This makes it lighter than Apache and allows it to scale up and handle tens of thousands of connections on a single machine.

    However, this doesn't make it "better" than Apache for all cases. It generally makes it better than Apache for serving up static files, but not dynamic content generated from a web application (i.e. you don't want hundreds of connections being blocked while one of the requests is doing a database query). This is why you still need fastcgi, uWSGI, passenger, or even apache+mod_wsgi+passenger to offload web app work into the app server. These back-end processes are still going to use one thread per request, but at least it's only for the requests that need dynamic content.

    So the main reasons nginx + apache is faster than straight apache is (A) static files handled much more efficiently, (B) reduced load on (heavy) apache resources.

    Finally, for the "other benefits" part of your question: nginx also handles SSL connections faster than Apache although again, that doesn't make it better for all cases. For example, if you need detailed authentication using client-side certificates you'll still need Apache to handle the SSL. If you're just running pages over HTTPS for the encryption then nginx will give you a little speed boost.

  • mina.kolta

    Simply , Apache is excellent for dynamic content processing but you have to wait it's response.

    The reversed proxy (putting Nginx between user and Apache) saves you time cause apache is responding to 127.0.0.1 which is on the same machine as if you are accessing localhost.

    So Apache client will always be Nginx and the response from apache is a static content which will make you get the best of Nginx which is faster than apache in serving this content.