Post on 09-Jan-2017
REVERSE PROXY & WEB CACHE
BY : ELMAHDI BENZEKRI
Proxy vs Reverse Proxy
Reverse proxy in 4 questions – What is a reverse proxy ?• Bridge between the local entreprise network and the
external.• Avoid to expose frontal servers.• Intended to be securized and to absorb large loads of
traffic.
Reverse proxy in 4 questions – What are it’s additionnal features?• Access logs• Cache • Load balancing• Data compression, firewall• Authentication and SSL encryption
Reverse proxy in 4 questions – Can reduce the complexity of a web architecture?• Yes.
Reverse proxy in 4 questions – Can reduce the complexity of a web architecture?• Yes.• All the requests pass trough => uniform error pages,
access logs..• Expose only one address to the external
Reverse proxy in 4 questions – What are the most used reverse proxy?• Depending of the majoritary web server• Free• Nginx• Apache• Squid• HAProxy
• Proprietary• Microsoft ISA Server• Big IP
• Traffic management appliances that also fulfill this task : F5 network, Cisco…
NGINX• Global syntax• C10K problem• Open source writen in 2002 in C by Igor Sysoev
<section> {<directive> <parameters>}
Apache HTTPD• Hyper Text Transfer Protocol Daemon• <> Tomcat• The most popular (39% in 2015)• Writen in C In 1995 as ad-on to NCSA HTTPd• Version 2 comes with lot of features
Apache vs Nginx - Connection handeling architecture• Apache httpd provide multi processing modules• mpm_prefork• mpm_worker• mpm_event
• Nginx asynchronous, non blocking, event driver connection • One master and several worker processes
Apache vs Nginx - Connection handeling architecture
Web caching management• Improved responsiveness• Increased performance on the same hardware• Availability of content during network interruptions
Web caching management• Caching
headers:• Expires• Cache-Control• Etag• Last-Modified• Content-Length
• Cache-Control flag• No-cache• No-store
• What cannot be cached ?• Dynamic pages• Content with authentication cookie• Content linked to user or cart…
• Terminology• Origin server• Cache hit ratio• Stale content• Validation• invalidation
Web caching management - nginx• proxy_cache_valid any 10m;• proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:8m
max_size=1000m inactive=600m;• proxy_temp_path /var/www/cache/tmp;• proxy_cache_use_stale error timeout updating http_500 http_502 http_503
http_504;
• Location /{• Proxy_cache my-cache
• }
Web caching management- varnish• By Paul Henning
Kamp(FreeBSD dev) in 2006• Reverse proxy cache
server• http processor• Optimized for Linux• Custom configuration
langage
Web caching management- varnishDAEMON_OPTS="-a :6081 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m“Subroutines :• sub vcl_recv {}• sub vcl_hash {}• sub vcl_backend_response {}• sub vcl_deliver {}…
Request and response VCL object:• Req, bereq,beresp,resp,obj
Return in each subroutine : • Return(pass)• Return(fetch)• Return(deliver)• …
Load balancing• Traffic is intelligently distributed amongst multiple servers(app instances)• Features
• Optimizing resource utilization• Reducing latency• Ensuring fault tolerance
• Some load balancing solutions• Open source
• Nginx• Haproxy
• Corporate Standard• F5• Citrix
Load balancing - comparisonNGINX HAPROXYONLY HTTP TCP BASED On request health check Out of band health checkThree algorithmes Multiple algorithmesComplicated tasks based on HTTP infos -HTTP2 & SSL in v 1,9 Only in dev versionFree & commercial version Free
Load balancing with Nginx• Load balancing methods• Round robin• Least connected• Ip-hash
• Session persistence• Weighted load balancing• Health check(passive)
Optimizing Nginx • Number of workers
• grep processor /proc/cpuinfo | wc –l• Worker_connections
• Ulimit –u• Limiting the Buffer size
• client_header_buffer_size 1k;• client_max_body_size 8m;• large_client_header_buffers 2 1k;
• Timeouts • client_body_timeout 12;• client_header_timeout 12;• keepalive_timeout 15;
• Gzip compression
DEMO• 2 Tomcat • Nginx > tomcat• Nginx if / break / set / rewrite• Nginx headers• Nginx cache• Nginx log + blacklist• Nginx > 2tomcat• Nginx > varnish > tomcat
DEMO
TOMCAT A
TOMCAT B
THANK U