[TriLUG] Help with proxy setup

Ron Kelley rkelleyrtp at gmail.com
Thu Dec 5 10:09:13 EST 2013 

Thanks for the info Matt.  Before going toward nginx, I looked at HAProxy
but could not find any example configurations of DNS-based back-end
servers.  All the examples I saw were for static pools of servers on the
back end.  I just want a proxy tool (haproxy, nginx, etc) to simply forward
the inbound HTTP traffic to the server on the back end that matches the
URL's domain name (using an internal DNS server for lookups).  Do you have
such an example you can share?

Thanks.


On Thu, Dec 5, 2013 at 9:51 AM, Matt Pusateri <mpusateri at wickedtrails.com>wrote:

> Late to this party, glad you got it resolved.  I recently at previous job
> ran Nginx as a proxy server and the things I didn’t like about it were.  1.
> No dynamic modules, you have to recompile each time if you need a new
> module, not a big deal, but more work.  2. And more important, it was
> extremely difficult to get good stats out of Nginx.  I much preferred
> HA-Proxy.
>
> Matt P.
>
> On Dec 3, 2013, at 10:06 PM, Ron Kelley <rkelleyrtp at gmail.com> wrote:
>
> > Thanks again, Igor, for the wonderful information.  Let me sift through
> the list of additional optimization and see if I can make any headway.
> >
> > -Ron
> >
> >
> > On Dec 3, 2013, at 6:40 PM, Igor Partola <igor at igorpartola.com> wrote:
> >
> > Ron,
> >
> > The only thing I see that I wouldn't do here i the "server_name _" part.
> I
> > think you can just omit that, or actually specify the hostnames that this
> > will serve. Otherwise, looks good to me.
> >
> > Also, you can certainly do some optimization here if you care to:
> >
> > 1. Tune the number of nginx worker processes and connections per worker
> > (and the open file limits) to match your processing power
> > 2. Add cache headers bases on request type. For example, you could
> probably
> > automatically add something like 30 days expiration on certain static
> > resources, though obviously be careful not to have users cache stuff that
> > is bound to change.
> > 3. Enable proxy_cache. This stuff is wonderful. It can be the difference
> > between 10 and 1000 concurrent users, assuming you can cache the content
> > you are serving. This is easily the biggest optimization you can add.
> > 4. Add custom error pages.
> > 5. Add HTTPS/TLS, and ditch HTTP. If you are accessing /wp-admin/ over
> > HTTP, your password is in cleartext on the internet.
> > 6. Add a maintenance page: when a specific HTML file exists on disk,
> serve
> > that and a 503 status code. This lets you take sites down for maintenance
> > nicely.
> > 7. Add some way to normalize/filter the $host variable. This can probably
> > be done on the backends as well. For example, you might want to add or
> > remove the "www." prefix.
> > 8. Add gzip compression for textual responses (careful with HTML + gzip +
> > SSL. There is a recent vulnerability in SSL that can be exploited through
> > this.)
> >
> > No problem. Glad I got someone else to use of of my favorite pieces of
> > software.
> >
> > Igor
> > --
> > This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web        :
> http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> > Welcome to TriLUG: http://trilug.org/welcome
> >
> > --
> > This message was sent to: M. Pusateri <mpusateri at wickedtrails.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web        :
> http://www.trilug.org/mailman/options/trilug/mpusateri%40wickedtrails.com
> > Welcome to TriLUG: http://trilug.org/welcome
>
> --
> This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list