DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th April 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Question Apache Proxy

Hi all,

I have a few web servers (separate physical boxes) that I would like to all function/appear as one website to the public.

I gather this would be a form of load balancing based on "content" rather than bandwidth and I understand Apache's reverse proxy feature is capable of meeting my needs. (or am I wrong?)

Basically I have 1 public IP and several internal web servers and would like the public IP translated into an internal IP which would be the address of the http redirector/Apache proxy server.The server would then redirect the connection to the appropriate internal box according to the http header.

Example:

http://site1.website.com --> public ip --> http proxy ---> host 1
http://site2.website.com --> public ip --> http proxy ---> host 2
http://site3.website.com --> public ip --> http proxy ---> host 3
...etc

Does anyone have any thoughts? Am I on the right track? If so can anyone assist with configuration? I can post what I have if this is the correct path to take.


Thanks for your help/input!
Reply With Quote
  #2   (View Single Post)  
Old 12th April 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

If the websites on all three machines are identical, then pf can load balance with a simple rdr rule. For an example see http://www.openbsd.dk/faq/pf/pools.html#incoming.

I haven't got a chance to play with relayd(8), so I am not sure whether relayd could help in your situation. See the example configuration files in relayd.conf(5) so you can decide
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 13th April 2010
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

Perhaps carp(4) could be of use, specifically the Load Balancing section.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #4   (View Single Post)  
Old 13th April 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

There's also Varnish, the advantage of Varnish over using pf is that varnish is a HTTP proxy and can do caching.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 15th April 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Thanks all for your responses. I'm curious about relayd and varnish. They both look like they may do what I am looking for.

I'm not sure I properly explained as its not really true load balancing.

site1 would some of the website content
site2 would be different content
site3 ...etc.

but would all act as 1 site to the public. site1-3 would be kind of like vhosts all using the same IP except they would all be on separate machines.

Thoughts?

Thanks!
Reply With Quote
  #6   (View Single Post)  
Old 16th April 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

It's not uncommon to do things like running nginx up front with static content, then having it proxy requests for more dynamic (e.g. PHP) content to an instance of Apache.

Really, I reckon things depend on what specifically you want to do.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #7   (View Single Post)  
Old 16th April 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Thanks for the reply TerryP. I believe what you describe is more or less what I am trying to do. I just don't know which software would be most ideal or how to set up.
Reply With Quote
  #8   (View Single Post)  
Old 16th April 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

It still would depend on the particulars lol.

I would suggest analysing your loads (hit rate, bandwidth, resource utilization, etc), then your content (static files, scripts, etc), and your hardware resources (kit to work with), and look for the bottlenecks. You should also take into consideration the script languages used (e.g. PHP, Perl, Python, Scheme, Ruby, ...) and the methods used (e.g. mod_php, cgi, fastcgi, ...) as that would also impact things. Some web software is more sensitive to such differences then others, but for example many PHP scripts will handle both FastCGI and mod_php fine; allowing one to choose what best fits the usage case (I generally air on FastCGI).

With that sort of information, you can look at the points where it gets thick, and think a moment how to improve on things. That makes looking for software a bit easier as well. If all you're serving is your grocery list, then it won't matter: but if you've got more abuse coming in then GitHub, tuning is worth while. Every site is a bit different.

Based on the vibe I've got from this thread, I would probably be setting up a test environment around nginx, fastcgi, and squid with differing levels of tuning split between the boxes. Varnish is interesting enough a bit of software, to take the time to examine how it can best fit into service stack.



There's an old saying, that goes something like be careful of asking advice of the elves, for surely they will say both yes and no.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 16th April 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Hi Terryp.

Thanks for your input. What I am doing is just trying to learn. Nothing production.

What you wrote about separation between content is exactly what I'm trying to do. one server is hosting PHP/scripting and another server will house another type of data...etc.

Thanks!
Reply With Quote
Old 16th April 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

If you wanted to do something like feed static content to one server, and load balance scripts across the other two servers, I believe it would be easy enough to achieve with nginx.

Basically you would setup each of the local servers accordingly, e.g. a pair running PHP and a third server just serving static content. For testing, you could even run three of them on locally on the same machine with the proper configuration. Then you should be able to setup nginx to load balance between the two PHP scripts, and proxy requests for PHP files to that, and proxy everything else to the server serving your static content.

Other solutions are also possible,
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Old 21st April 2010
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Thanks for the info.

I'm trying to find an example configuration but can't seem to find one for what I want. Would you be able to assist?

Basically (as an example) if I have 2 servers running. Server1: abc.mynetwork.com and Server2: php.mynetwork.com

How would I direct traffic accordingly? With ABC for regular traffic and PHP for scripting. I only have been able to find info for load balancing should server1 go offline then send to server2, but I would like to load balance based on the URL entered. (abc... or php...)

Any help?
Thanks!
Reply With Quote
Old 3rd May 2010
DNAeon DNAeon is offline
Shell Scout
 
Join Date: Sep 2008
Location: Bulgaria
Posts: 138
Default

Quote:
Originally Posted by plexter View Post
Thanks for the info.

I'm trying to find an example configuration but can't seem to find one for what I want. Would you be able to assist?

Basically (as an example) if I have 2 servers running. Server1: abc.mynetwork.com and Server2: php.mynetwork.com

How would I direct traffic accordingly? With ABC for regular traffic and PHP for scripting. I only have been able to find info for load balancing should server1 go offline then send to server2, but I would like to load balance based on the URL entered. (abc... or php...)

Any help?
Thanks!
Hi,

Here's a sample documentation:
http://www.unix-heaven.org/index.php...server-freebsd

It contains examples on how you can configure a single Apache proxy server, that is redirecting the HTTP/HTTPS requests to internal servers.

You can also use Apache's mod_cache and mod_proxy_balancer modules in order to have cache and load-balancing capabilities in your Apache proxy server.
__________________
"I never think of the future. It comes soon enough." - A.E

Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Log ftp packet on PF with ftp-proxy on frenchviking OpenBSD Security 3 23rd October 2009 07:01 PM
Upgrade Apache 1.3 mod_ssl to Apache 2.2 beandip FreeBSD Ports and Packages 11 26th March 2009 09:12 PM
FTP-Proxy cannot connect plexter OpenBSD Packages and Ports 6 11th October 2008 05:59 PM
Tunnel to Proxy PatrickBaer General software and network 2 11th August 2008 03:32 PM
pf and ftp-proxy clinty OpenBSD Security 5 7th May 2008 10:36 PM


All times are GMT. The time now is 10:03 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick