How can I set up a reverse proxy for several web applications and static content?

Question

Update: based on Jesper Mortensen's response, here is some more information. The applications are based on Perl's HTTP::Daemon. I do plan to deploying them on a Linux server.

Each application does something different. Therefore, this is not really load-balancing as the servers are not interchangeable. I am more familiar with Apache than anything else but I have never configured it for proxying.

Consider a scenario where a couple of web applications are listening on individual ports (say 8080 and 8888). The HTML output by these applications is dynamic and user specific at all times so it should not be cached but they will be using a common set of images, CSS and JavaScript files.

Is it possible to have a server listening on www.example.com:80 redirecting requests to localhost:8000 for static content, localhost:8080 and localhost:8888, respectively, for application specific requests? Also, is it possible to use https for the external www.example.com while the servers on ports 8000, 8080 and 8888 use http?

I have been reading Chapter 12 in Practical mod_perl and the squid examples and it looks like it ought to be possible but this is my first time delving into proxies and reverse proxies and therefore I am not sure how I should proceed and I am not sure about terminology, so any pointers/corrections would be much appreciated as well.

Answer 1

I think you're right on it. I'm not sure how to do it via perl or squid, but I'm doing exactly that thing through apache. Here's my config:

<VirtualHost *:443>

     ProxyPass           /doc http://127.0.0.1:81/gdoc
     ProxyPassReverse    /doc http://127.0.0.1:81/gdoc

     ProxyPass           /rp01 http://server01.mydomain.local/rp01
     ProxyPassReverse    /rp01 http://server01.mydomain.local/rp01

     ProxyPass           /bugzilla http://bugzilla.mydomain.local
     ProxyPassReverse    /bugzilla http://bugzilla.mydomain.local

</VirtualHost>

Answer 2

Yes, it is possible, it is even fairly standard functionality. You don't provide specifics about your server environment, unfortunately...

You can distinguish between sites on many parts of the request; but the classic is of course to distinguish by the Fully Qualified Domain Name of each site, i.e. sitename1.somedomain.com, sitename2.somedomain.com, sitename3.com et cetera.

With mod_perl and Squid it sounds like you're on Unix. Apache's mod_rewrite is perhaps the most common / oldest way of achieving this on Unix. Note, mastering mod_rewrite to set up secure proxies takes some work. (If you set up an insecure proxy it will allow proxying request on the 'outside' leg of the proxy, and spammers can misuse this to do form submissions etc from your IP address.)

Another common approach on Unix is to have a 'light-weight' HTTP server/proxy on the public IP (i.e. as receiving the requests from the users), and then let the 'light-weight' server fan out requests to 'heavier' Apache/PHP/Perl/Python instances. The benefits are more performant handling of many open connections, and reduced RAM use on the server. nginx (EngineX) is one popular server for this, and it also has a rewriting module.

Regarding handling HTTPS/SSL on the 'first' webserver; yes, this is a good solution. You would just set up SSL as normal, and have the web server proxy requests for that hostname to backend servers. Edit: It's common to have the frontend 'HTTPS accelerator' add HTTP headers (X-Forwarded-Proto) to the backend request, so that backend applications can know that the original request came via a encrypted connection

What you're looking at here is a sub-case of HTTP load balancing; i.e. you're installing a HTTP proxy on a single machine, and using it to fan out requests to other HTTP servers on the same machine. There are many good software load balancers for Unix systems.

If you're on Windows, then Microsoft's new "Application Request Routing" is pretty good. Version 2 is in betatest right now, and much improved over version 1 - find it over at the iis.net site. Edit: It should be said that never versions of IIS are quite fast and scalable. Most IIS users don't bother to set up a HTTP proxy for a single IIS server, they just create virtual hosts with the proper application model on the IIS server itself.