OpenLiteSpeed As Reverse Proxy
From OpenLiteSpeed Wiki
In this article, we explain how to set up OpenLiteSpeed as a proxy to a backend web server. With a proxy context for a single backend virtual host or rewrite rules for name-based backend vhosts, OpenLiteSpeed can serve part of or an entire virtual host as a proxy to the backend web server. This can speed up static file handling while preserving all the functionality of the backend server. OpenLiteSpeed's anti-DDoS capabilities can also be utilized to provide HTTP-level protection for the vhosts.
Contents
- 1 Proxy for an IP-based virtual host
- 1.1 Create a vhost to stand as the proxy
- 1.2 Create a vhost-level proxy (web server) external application
- 1.3 Create a vhost-level proxy context that uses the proxy external app you set up in the previous step
- 1.4 Map the proxy vhost to your listener(s)
- 1.5 Enable per-client throttling for the vhost/proxy (to provide HTTP-level anti-DDoS protection)
- 1.6 Go through steps 1.1 to 1.5 again to proxy additional backend vhosts.
- 2 Proxying to name-based vhosts
- 2.1 Create a vhost to stand as the proxy
- 2.2 Create a vhost-level proxy (web server) external application
- 2.3 Add a rewrite rule in the vhost to send traffic to the proxy external application
- 2.4 Map the proxy vhost to your listener(s)
- 2.5 Enable per-client throttling for the vhost (to provide HTTP-level anti-DDoS protection)
- 2.6 Go through steps 2.1 to 2.5 again to proxy additional backend vhosts.
Proxy for an IP-based virtual host
Create a vhost to stand as the proxy
WebAdmin console > Configuration > Virtual Hosts > Add
Basic ===== Base Virtual Host Name: proxy-vhost Virtual Host Root: $SERVER_ROOT/proxy/ Config File: $VH_ROOT/conf/vhconf.xml Connection Max Keep-Alive Requests: 1000 Security Follow Symbolic Link: No Enable Scripts/ExtApps: No Restrained: Yes General ======= General Document Root: $VH_ROOT/html/
Save and graceful restart to apply changes.
Create a vhost-level proxy (web server) external application
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > External App > Add
Type: Web Server Name: vhost-proxy Address: 10.1.2.3:80 Max Connections: 150 Initial Request Timeout (secs): 60 Retry Timeout (secs): 0
- Note: The address stipulated in these settings should point to your backend web server. For illustration, we used an IP from our internal lab. You need to use the real IP your backend server uses.
Create a vhost-level proxy context that uses the proxy external app you set up in the previous step
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > Context > Add
Type: proxy URI: / Web Server: [Vhost Level]: vhost-proxy
Map the proxy vhost to your listener(s)
WebAdmin console > Listeners > your listener(s) > Virtual Host Mappings > Add
Virtual Host: proxy-vhost Domain: proxy-vhost.domain.com
Enable per-client throttling for the vhost/proxy (to provide HTTP-level anti-DDoS protection)
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > Basic
Per Client Throttling Static Requests/second: 50 Dynamic Requests/sec: 5 Outbound Bandwidth (bytes/sec): 100K Inbound Bandwidth (bytes/sec): 20K
Go through steps 1.1 to 1.5 again to proxy additional backend vhosts.
That's it.
Proxying to name-based vhosts
If the backend server runs name-based vhosts (multiple virtual hosts sharing one IP), rewrite rules need to be used to direct traffic instead of a proxy context.
Create a vhost to stand as the proxy
WebAdmin console > Configuration > Virtual Hosts > Add
Basic ===== Base Virtual Host Name: proxy-vhost1 Virtual Host Root: $SERVER_ROOT/proxy/ Config File: $VH_ROOT/conf/vhconf.xml Connection Max Keep-Alive Requests: 1000 Security Follow Symbolic Link: No Enable Scripts/ExtApps: No Restrained: Yes General ======= General Document Root: $VH_ROOT/html/
Save and graceful restart to apply changes.
Create a vhost-level proxy (web server) external application
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > External App > Add
Type: Web Server Name: vhost-proxy1 Address: 10.1.2.3:80 Max Connections: 150 Initial Request Timeout (secs): 60 Retry Timeout (secs): 0
- Note: The address stipulated in these settings should point to your backend web server. For illustration, we used an IP from our internal lab. You need to use the real IP your backend server uses.
Add a rewrite rule in the vhost to send traffic to the proxy external application
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > Rewrite
Enable Rewrite: Yes Rewrite Rules: RewriteRule ^/(.*)$ http://vhost-proxy1/$1 [P,E=Proxy-Host:www.example1.com]
- Note: "vhost-proxy1" is the name of the proxy (web server) external application created in step 2.2. "www.example1.com" is the domain name of the backend vhost to be proxied.
Map the proxy vhost to your listener(s)
WebAdmin console > Listeners > your listeners > Virtual Host Mappings > Add
Virtual Host: proxy-vhost1 Domain: proxy-vhost1.domain.com
Enable per-client throttling for the vhost (to provide HTTP-level anti-DDoS protection)
WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > Basic
Per Client Throttle Static Requests/second: 50 Dynamic Requests/sec: 5 Outbound Bandwidth (bytes/sec): 100K Inbound Bandwidth (bytes/sec): 20K