Squid Reverse Proxy with Virtual Hosts
An example configuration of Knowledge Bank using Squid with Pound to load balance multiple Zope application servers with centralised logging.
The objective of this is do reverse proxy caching of web application servers with simplest configuration possisble through the use of Squid caching proxy server and Pound . This will reduce the load on backend servers and databases of dynamic websites, as commonly requested files and pages will be served by cache rather than the application itself. Load balanced application server provides scalability and high availability. Application frameworks such as Zope will be able to handle automatically transactions between multiple application servers.
- Squid 2.6.x
The configuration of Pound is simple. If you do not have multiple backends, you can skip this step and point your Squid directly at your single application server. It will still provide a performance enhancement. Please see Pound man page for additional settings such as other types of session monitoring.
Reference page: http://wiki.squid-cache.org/Squid_Faq/ReverseProxy
The following configurations are done in squid's default configuraiton file squid.conf.
Set squid to listen to port 80 and also deal with named vhost requests. Usually this is on 3128.
http_port 80 vhost
cache_peer 127.0.0.1 parent 81 0 originserver default
Note: If your application depends on Apache or some other none web application authentication mechanism, you need to add login=PASS as an additional option to the line above. This will tell Squid to pass on the authentication method to the backend server.
Multiple logsOne of the problems with multiple backend application servers is consolidating a single log. With a single Squid process handling all incoming requests before backend servers. This however is not straightforward. By default Squid is meant to handle web clients, therefore the default logs are geared towards statistics on users browsing websites, not users accessing internal web servers.
Additionally you also need different logs for different vhosts.
This is addressed through the use of ACLs and combined directive. First define the ACLs for your sites.
acl knowledge dstdomain knowledge.oscc.org.my
http_access allow knowledge
acl trac dstdomain trac.oscc.org.my
http_access allow trac
Then you define the logs according to acls,
access_log /var/log/httpd/knowledge.oscc.org.my/access.log combined knowledge
access_log /var/log/httpd/trac.oscc.org.my/access.log combined trac
OSCC's Knowledge Bank has a more complex setup that involves Squid and Pound handling other backends such as Trac and a Subversion repository with LDAP authentication. Configuration details will be added to the development pages of Knowledge Bank soon.