> -----Message d'origine----- > De : mearns.b@xxxxxxxxx [mailto:mearns.b@xxxxxxxxx] De la part de Brian > Mearns > Envoyé : dimanche 22 novembre 2009 22:30 > À : users@xxxxxxxxxxxxxxxx > Objet : Lightweight apache for fast proxying > > I'm thinking of setting up apache as a fairly rich reverse proxy for a > variety of different servers, and would like some suggestions on a) > whether or not this is a good idea and if there are better > alternatives, and b) how should I build and configure it to maximize > performance. > > There's the executive summary, here are the details. I already have > Apache httpd set up as a web server with several SSL and NonSSL name > based vhosts. I also have Squid set up as a caching reverse proxy. > Finally, I have a second apache web server instance set up as a test > server: basically I work out my configuration options in this server > (which listens on different ports), and then when it's working > properly I push the configuration into my other (release) server. > > So here's what I want to do. Set up a third instance of Apache > exclusively as a front end for my other servers. Generally, it will > just service the same named vhosts as on my original server by reverse > proxying to squid (which is already set up to reverse proxy to the > origin server). I will also set it up with two different sets of > vhosts to a) access my test server (for instance at test.mysite.com), > and b) bypass the squid proxy and go straight to the origin server > (e.g., at nosquid.mysite.com). > Final detail is just that all of my vhosts (including test and > no-cache varieties) will have SSL enabled. I've got SNI working fine > with my current apache server, so I don't think this will be much of > an issue. > > I'm pretty comfortable with Apache config, so I don't foresee any > insurmountable difficulties in setting this up. But if anyone can > offer any tips on the best way to do it (for instance, to make sure > the apache reverse proxying happens as fast as possible, or just how > to keep the front end server lightweight), or suggest better > alternatives to using apache for this, I'd really appreciate it. > > Thanks, > -Brian > > -- > Feel free to contact me using PGP Encryption: > Key Id: 0x3AA70848 > Available from: http://keys.gnupg.net > Hi Brian, I'm sure you already thought of the things below, but as I'm feeling concerned (I'm currently working on something similar), I want to contribute to the checklist : - compile modules statically - only include the modules you need (rewrite, headers, proxy, ssl, deflate, status, ...) - check that SSLSessionCache is correctly used (you can check that with mod_status) - ... I could also ask you whether you thought about load balancing (I'm seriously thinking about using haproxy, though SSL and SNI in particular could make it harder to use), monitoring (I'd like to know if my reverse proxy is fast and how fast it is ...) and why not securing (maybe use mod_security ?). Hope others will contribute. Emmanuel --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx