Project

General

Profile

Mod proxy » History » Revision 28

Revision 27 (gstrauss, 2017-05-21 20:32) → Revision 28/43 (gstrauss, 2017-06-11 03:41)

h1. The Proxy Interface 

 {{>toc}} 

 *Module: mod_proxy* 

 h3. Description 



 h3. Options 


 lighttpd mod_proxy is a reverse proxy.    lighttpd mod_proxy does not currently support SSL/TLS connections to the backend server. 

 mod_proxy config options: 

 * proxy.server: tell the module where to send Proxy requests to. Every file-extension can have its own handler. Load-balancing is done by specifying multiple hosts for the same extension. 
 * proxy.balance: might be one of 'fair' (default), 'hash', 'round-robin' or 'sticky'. 
 ** 'fair' is the normal load-based, passive balancing. 
 ** 'round-robin' chooses another host for each request. 
 ** 'hash' is generating a hash over the request-uri and makes sure that the same request URI is sent to always the same host. That can increase the performance of the backend servers a lot due to higher cache-locality. 
 ** 'sticky' (since 1.4.44) sends requests from the same (client) IP to the same backend. 
 * proxy.forwarded: append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) 
 * proxy.header: options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) 
 * proxy.replace-http-host: enable/disable replacing Host header in request to backend with proxy.server label (default: disable) (since 1.4.44) 
 * proxy.forwarded = append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) 
 * proxy.debug: a value between 0 and 65535 to set the debug-level in the Proxy module. Currently only 0 and 1 are used. Use 1 to enable some debug output, 0 to disable it. Note: Use 'enable|disable' in v1.4.13. 
  
 Structure of proxy.server section: 
  
 <pre> 
     ( <extension> =>  
       ( [ <label> => ] 
         ( "host" => <string> , 
           "port" => <integer> ), 
         ( "host" => <string> , 
           "port" => <integer> ) 
       ), 
       <extension> => ...  
     ) 
 </pre> 

 * <extension>: is the file-extension or prefix (if started with "/"); can be empty ("") to match all requests 
 * <label>:       optional name that shows up in the generated statistics of mod_status, useful for indicating which backend handler processed this extension 
 * "host":        is ip of the proxy server _*DO not* use hostnames here! only IP addresses 
   (since 1.4.36:) if host starts with a @"/"@ lighttpd will try to connect to the unix domain socket 
 * "port":        is tcp-port on the "host" used by the proxy server (default: 80) 


 e.g.: 
  
 <pre> 
     proxy.server = ( ".jsp" => 
                        ( (  
                            "host" => "10.0.0.242", 
                            "port" => 81 
                          ) ) 
                      ) 

 </pre> 


 proxy.forwarded (since 1.4.46) is a list of parameters to include in "Forwarded".    It is not enabled by default.    To provide the same information as X-Forwarded-For and X-Forwarded-Proto, enable "for" and "proto".    The "remote_user" is a lighttpd extension to the Forwarded header and, if enabled, adds the authenticated user set by mod_auth. 
 
   <pre> 
     proxy.forwarded = ( "for"            => 1, 
                         "proto"          => 1, 
                         #"host"          => 1, 
                         #"by"            => 1, 
                         #"remote_user" => 1 
     ) 
 </pre> 


 proxy.header (since 1.4.46) is a list of options to perform simple prefix matching to remap host and URL paths in proxied HTTP headers 
 <pre> 
     proxy.header = ( 
         #"map-host-request" => ( 
             #"-" => "...",#replace provided given Host request authority 
             #"..." => "-",#preserve existing authority (no further matching) 
             #"..." => "", #preserve existing authority (no further matching) 
             #               #(equivalent to "xxx" => "xxx") 
             #"xxx" => "yyy", #map one string ("xxx") to another ("yyy") 
         #), 
         #"map-host-response" => ( 
             #"-" => "...",#replace authority used in backend request 
             #"..." => "-",#replace with original authority 
             #"..." => "", #preserve existing authority (no further matching) 
             #               #(equivalent to "xxx" => "xxx") 
             #"xxx" => "yyy", #map one string ("xxx") to another ("yyy") 
         #), 
         #"map-urlpath" => ( 
             #"/xxx"    => "/yyy",#map one urlpath prefix to another 
             #"/xxx/" => "/",     #map one urlpath prefix to another 
             #"/xxx"    => "",      #map one urlpath prefix to another 
             #"/key"    => "/value", 
             # Note: request headers have matching "key" prefix replaced with 
             # "value", and response headers have matching "value" prefix 
             # replaced with "key", with a pre-test of the "value" from the 
             # first-matched "key" in request headers (if there was a match) 
         #), 
         #"https-remap" => "enable", 
             # For https requests from client, map https:// to http:// 
             # when map-host-request matches URI in request, and map http:// 
             # to https:// when map-host-response matches URI in response. 
             # (mod_proxy currently sends all backend requests as http) 
     ) 
 </pre> 


 h3. Example 

 Using lighttpd + mod_proxy in front of 8 Squids which handle the caching of dynamic content for you. All requests for the host www.example.org should be forwarded to the proxy. All proxies listen on port 80 for requests. 

 <pre> 
   $HTTP["host"] == "www.example.org" { 
     proxy.balance = "hash" 
     proxy.server    = ( "" => ( ( "host" => "10.0.0.10" ), 
                               ( "host" => "10.0.0.11" ), 
                               ( "host" => "10.0.0.12" ), 
                               ( "host" => "10.0.0.13" ), 
                               ( "host" => "10.0.0.14" ), 
                               ( "host" => "10.0.0.15" ), 
                               ( "host" => "10.0.0.16" ), 
                               ( "host" => "10.0.0.17" ) ) ) 
   } 
 </pre> 

 If one of the hosts goes down the all requests for this one server are moved equally to the other servers. If you want to know more about the algorithm used here, "google" for 'Microsoft CARP'. 


 h3. Troubleshooting 

 If you are getting: 


   2007-05-02 09:45:48: (mod_proxy.c.397) connect failed: 8 Network is unreachable 101  
   2007-05-02 09:45:48: (mod_proxy.c.871) proxy-server disabled: blabla.com 80 8  
   2007-05-02 09:45:48: (mod_proxy.c.1229) no proxy-handler found for: / 

 Check if you have used an IP address for the proxy address. Hostnames are *not* allowed there! 

 h3. User-contributed Enhancements 

 *Use of these patches is _not_ recommended (gstrauss)* 

 Remove HTTP headers X-Forwarded-For, X-Host, X-Forwarded-Proto, replace HTTP headers Host with proxy hostname ("name", then "host") from headers, and support hostnames by gethostbyname. You can get the patch from this page. 


 <pre> 
     ( "" =>  
       ( "nkbbs.org" => # name 
         ( "host" => "202.113.16.117", 
           "port" => 80 
         ) 
       ) 
     ) 
 </pre> 

 In the configuration of above, this will replace Host with "nkbbs.org"(name). But if the name is shorter than the shortest hostname("g.cn"?), mod_proxy will use Host as "host".