https://training-course-material.com/index.php?action=history&feed=atom&title=Reverse_ProxyReverse Proxy - Revision history2026-05-13T09:36:08ZRevision history for this page on the wikiMediaWiki 1.45.1https://training-course-material.com/index.php?title=Reverse_Proxy&diff=23945&oldid=prevCesar Chew at 17:31, 24 November 20142014-11-24T17:31:29Z<p></p>
<p><b>New page</b></p><div> {{Cat|Nginx}}<br />
<br />
<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="true" font="Trebuchet MS" ><br />
;title: Reverse Proxy<br />
;author: Bernard Szlachta (NobleProg Ltd)<br />
</slideshow><br />
<br />
=== nginx as a reverse proxy ⌘===<br />
* A popular use of nginx<br />
* Minimises concurrent connections to proxy backend<br />
* Put nginx in front of Tomcat<br />
:* nginx serves all static content (images, css, javascript)<br />
:* nginx proxies to Tomcat for dynamic content<br />
=== A simple example ⌘===<br />
<br />
location /static/ {<br />
root /var/www/static/;<br />
}<br />
<br />
location / {<br />
proxy_pass http://localhost:8000/;<br />
}<br />
<br />
=== Automatic URI rewriting ⌘===<br />
* On the previous example the path would be unchanged because it is at the root<br />
* If a path is specified in location and target, by default it is rewritten<br />
<br />
<br />
location /foo/ {<br />
proxy_pass http://localhost:8000/bar/;<br />
}<br />
<br />
* The proxy target will see the request as though it had been made for /bar/<br />
=== Rewriting Server Responses ⌘===<br />
* Sometimes applications will generate 301/302<br />
* Often this will include a path calculated from the local settings<br />
* When used behind a proxy this may be wrong<br />
=== Server response problem example ⌘===<br />
<br />
location /foo/ {<br />
proxy_pass http://localhost:8000/bar/;<br />
}<br />
<br />
$ curl -I http://localhost/foo/<br />
HTTP/1.1 302 Moved Temporarily<br />
Location: http://localhost:8000/baz/<br />
<br />
=== Solution: Proxy Redirect ⌘===<br />
<br />
location /foo/ {<br />
proxy_pass http://localhost:8000/bar/;<br />
proxy_redirect on;<br />
}<br />
<br />
=== Adding an X-Forwarded-For ⌘===<br />
<br />
* The proxy destination doesn't know who made the original request<br />
* Solution: Add an X-Forwarded-For header<br />
<br />
location /foo/ {<br />
proxy_pass http://localhost:8000/bar/;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
}<br />
<br />
<br />
=== Dealing with legacy applications + cookies ⌘===<br />
* Scenario: multiple applications need to be on a single domain<br />
:* http://app.example.com/legacy1<br />
:* http://app.example.com/legacy2 <br />
* Problem: These applications set cookies for the domain they are on - not the new single domain <br />
<br />
=== nginx to the rescue, again ⌘===<br />
<br />
location /legacy1 {<br />
proxy_cookie_domain legacy1.example.com app.example.com;<br />
proxy_cookie_path $uri /legacy1$uri;<br />
proxy_pass http://legacy1.example.com/;<br />
}<br />
location /legacy2 {<br />
proxy_cookie_domain legacy2.example.com app.example.com;<br />
proxy_cookie_path $uri /legacy2$uri;<br />
proxy_pass http://legacy2.example.com/;<br />
}<br />
<br />
=== What did we do? ⌘===<br />
* nginx will rewrite the cookie domain to app.example.com<br />
* nginx adds a cookie path matching the URI<br />
* Each app sees only its own cookies<br />
=== Caching ⌘===<br />
* nginx can be used to accelerate content from the upstream<br />
* By caching dynamically generated content, performance can be improved massively<br />
=== Simple caching example ⌘===<br />
<br />
http {<br />
proxy_temp_path /var/spool/nginx;<br />
proxy_cache_path /var/spool/nginx keys_zone=CACHE:100m levels=1:2 inactive=6h max_size=1g;<br />
location / {<br />
proxy_pass http://localhost:8000/;<br />
proxy_cache CACHE;<br />
}<br />
}<br />
<br />
=== What we did ⌘===<br />
* Configured a 100MB in-memory cache<br />
* Configured a 1GB on-disk cache<br />
* Told nginx to cache everything suitable<br />
<br />
=== What nginx does ⌘===<br />
* nginx proxies requests to localhost:8000 as in previous examples<br />
* nginx looks at the headers received to check if data is safe to cache, and for how long<br />
* nginx stores a copy on disk<br />
* Next time a request is made for this URL, on-disk cache is checked<br />
* If it exists and is fresh, serve directly, storing a copy in RAM<br />
<br />
=== What is fresh? ⌘===<br />
* Backend server should send appropriate headers to let nginx (and any other caches along the way) what is OK to cache, and how long for<br />
* `Cache-Control: private`<br />
:* don't cache at all<br />
* Cache-Control: public, max-age: 900<br />
:* cache for 15 minutes<br />
* Expires: Mon, 1 Jul 2013 01:00:00 GMT<br />
:* cache until the specified date<br />
<br />
=== Cache stampedes ⌘===<br />
* Cache stampedes are a big problems for sites using caching to scale<br />
* Imaging the following scenario:<br />
:* Proxy destination can handle max 50 requests/second<br />
:* nginx is added, traffic is 300 requests/second<br />
:* 25% of traffic is for the front page<br />
:* what happens when max-age is reached?<br />
=== Dogpile ⌘===<br />
[[File:Dogpile.jpg]]<br />
<br />
=== Dogpile effect ⌘===<br />
* Everyone tries to get the same URL at once<br />
* It's very slow / broken for everyone until a new copy gets into the cache<br />
* Load graphs show waves of peaks<br />
<br />
=== nginx solution ⌘===<br />
* nginx can be configured to serve stale content whilst updating<br />
<br />
location / {<br />
proxy_pass http://localhost:8000/;<br />
proxy_cache CACHE;<br />
proxy_cache_use_stale updating;<br />
}<br />
<br />
=== Hiding errors ⌘===<br />
* If old content is better than no content, nginx can also be configured to use stale content when it recieves no response or an error from the backend<br />
* We also set a timeout value<br />
<br />
location / {<br />
proxy_pass http://localhost:8000/;<br />
proxy_cache CACHE;<br />
proxy_cache_use_stale timeout http_500;<br />
proxy_read_timeout 15s;<br />
}</div>Cesar Chew