Personal tools
You are here: Home Solution Areas Infrastructure Web Server Squid Reverse Proxy with Virtual Hosts

Squid Reverse Proxy with Virtual Hosts

by Khairil Yusof last modified Feb 19, 2009 08:38 AM
— filed under: , ,

An example configuration of Knowledge Bank using Squid with Pound to load balance multiple Zope application servers with centralised logging.

Objective

The objective of this is do reverse proxy caching of web application servers with simplest configuration possisble through the use of  Squid caching proxy server and Pound . This will reduce the load on backend servers and databases of dynamic websites, as commonly requested files and pages will be served by cache rather than the application itself. Load balanced application server provides scalability and high availability. Application frameworks such as Zope will be able to handle automatically transactions between multiple application servers.

Requisites

  • Squid 2.6.x

Configuring Pound

The configuration of Pound is simple. If you do not have multiple backends, you can skip this step and point your Squid directly at your single application server. It will still provide a performance enhancement. Please see Pound man page for additional settings such as other types of session monitoring.

User  "www"
Group "www"

Client 300

ListenHTTP
Address 127.0.0.1
Port 81
End

Service

Session
Type COOKIE
ID "__ac"
TTL 300
End

HeadRequire "Host:.*knowledge.oscc.org.my.*"

Backend
TimeOut 120
Address 127.0.0.1
Port 8081
End
Backend
TimeOut 120
Address 127.0.0.1
Port 8082
End

End

Configuring Squid

Reference page: http://wiki.squid-cache.org/Squid_Faq/ReverseProxy

The following configurations are done in squid's default configuraiton file squid.conf.

Set squid to listen to port 80 and also deal with named vhost requests. Usually this is on 3128.

http_port 80 vhost

Set Squid to go to Pound to manage rediretions and load balance the backend services. Pound is listening on port 81.

cache_peer 127.0.0.1 parent 81 0 originserver default

Note: If your application depends on Apache or some other none web application authentication mechanism, you need to add login=PASS as an additional option to the line above. This will tell Squid to pass on the authentication method to the backend server.

Multiple logs

One of the problems with multiple backend application servers is consolidating a single log. With a single Squid process handling all incoming requests before backend servers. This however is not straightforward. By default Squid is meant to handle web clients, therefore the default logs are geared towards statistics on users browsing websites, not users accessing internal web servers.

Additionally you also need different logs for different vhosts.

This is addressed through the use of ACLs and combined directive. First define the ACLs for your sites.

acl knowledge dstdomain knowledge.oscc.org.my
http_access allow knowledge
acl trac dstdomain trac.oscc.org.my
http_access allow trac

Then you define the logs according to acls,

access_log /var/log/httpd/knowledge.oscc.org.my/access.log combined knowledge
access_log /var/log/httpd/trac.oscc.org.my/access.log combined trac

Additional notes

OSCC's Knowledge Bank has a more complex setup that involves Squid and Pound handling other backends such as Trac and a Subversion repository with LDAP authentication. Configuration details will be added to the development pages of Knowledge Bank soon.

 

Document Actions