[TriLUG] Help with proxy setup
Igor Partola
igor at igorpartola.com
Tue Dec 3 10:05:15 EST 2013
I third nginx as the tool of choice. I run it as a reverse proxy in almost
all cases, proxying to either apache2 or a custom Python application. There
are very few gotcha's when using it, and it's rock solid.
Other options to consider:
- Varnish: seems to be more feature-rich, which may or may not translate
into more nuanced configuration (never used it so cannot tell)
- HAProxy: simpler than nginx, but not a full web server (I typically have
nginx serve all the static media since that's what it is good at). One nice
thing about it: it can do TCP (level 4) proxying, which is good for
non-HTTP applications.
- Apache mod_proxy: not something I would choose unless you get it working
with the event mpm. Your reverse proxy really ought to be event-based to
make it as transparent as possible.
One word of unsolicited advice: make sure you get the X-Forwarded-For
header set properly, along with the other reverse-proxying headers.
Typically, they look like this:
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
The last two are really important: you want your backend to know which IP
the request came from and whether the request came over HTTP or HTTPS.
Otherwise, your application server will always see the requests as coming
from localhost over HTTP.
Igor
More information about the TriLUG
mailing list