Actions

Help

OpenLiteSpeed As Reverse Proxy

From OpenLiteSpeed Wiki

In this article, we explain how to set up OpenLiteSpeed as a proxy to a backend web server. With a proxy context for a single backend virtual host or rewrite rules for name-based backend vhosts, OpenLiteSpeed can serve part of or an entire virtual host as a proxy to the backend web server. This can speed up static file handling while preserving all the functionality of the backend server. OpenLiteSpeed's anti-DDoS capabilities can also be utilized to provide HTTP-level protection for the vhosts.

Proxy for an IP-based virtual host

Create a vhost to stand as the proxy

WebAdmin console > Configuration > Virtual Hosts > Add

Basic
=====
 Base
  Virtual Host Name: proxy-vhost
  Virtual Host Root: $SERVER_ROOT/proxy/
  Config File: $VH_ROOT/conf/vhconf.xml
 Connection
  Max Keep-Alive Requests: 1000
 Security
  Follow Symbolic Link: No
  Enable Scripts/ExtApps: No
  Restrained: Yes
General
=======
 General
  Document Root: $VH_ROOT/html/

Save and graceful restart to apply changes.

Create a vhost-level proxy (web server) external application

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > External App > Add

Type: Web Server
Name: vhost-proxy
Address: 10.1.2.3:80
Max Connections: 150
Initial Request Timeout (secs): 60
Retry Timeout (secs): 0
Note: The address stipulated in these settings should point to your backend web server. For illustration, we used an IP from our internal lab. You need to use the real IP your backend server uses. 

Create a vhost-level proxy context that uses the proxy external app you set up in the previous step

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > Context > Add

Type: proxy
URI: /
Web Server: [Vhost Level]: vhost-proxy

Map the proxy vhost to your listener(s)

WebAdmin console > Listeners > your listener(s) > Virtual Host Mappings > Add

Virtual Host: proxy-vhost
Domain: proxy-vhost.domain.com

Enable per-client throttling for the vhost/proxy (to provide HTTP-level anti-DDoS protection)

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost > Basic

Per Client Throttling
 Static Requests/second: 50
 Dynamic Requests/sec: 5
 Outbound Bandwidth (bytes/sec): 100K
 Inbound Bandwidth (bytes/sec): 20K

Go through steps 1.1 to 1.5 again to proxy additional backend vhosts.

That's it.

Proxying to name-based vhosts

If the backend server runs name-based vhosts (multiple virtual hosts sharing one IP), rewrite rules need to be used to direct traffic instead of a proxy context.

Create a vhost to stand as the proxy

WebAdmin console > Configuration > Virtual Hosts > Add

Basic
=====
 Base
  Virtual Host Name: proxy-vhost1
  Virtual Host Root: $SERVER_ROOT/proxy/
  Config File: $VH_ROOT/conf/vhconf.xml
 Connection
  Max Keep-Alive Requests: 1000
 Security
  Follow Symbolic Link: No
  Enable Scripts/ExtApps: No
  Restrained: Yes
General
=======
 General
  Document Root: $VH_ROOT/html/

Save and graceful restart to apply changes.

Create a vhost-level proxy (web server) external application

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > External App > Add

Type: Web Server
Name: vhost-proxy1
Address: 10.1.2.3:80
Max Connections: 150
Initial Request Timeout (secs): 60
Retry Timeout (secs): 0
Note: The address stipulated in these settings should point to your backend web server. For illustration, we used an IP from our internal lab. You need to use the real IP your backend server uses. 

Add a rewrite rule in the vhost to send traffic to the proxy external application

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > Rewrite

Enable Rewrite: Yes
Rewrite Rules:
 RewriteRule ^/(.*)$ http://vhost-proxy1/$1 [P,E=Proxy-Host:www.example1.com]
Note: "vhost-proxy1" is the name of the proxy (web server) external application created in step 2.2. "www.example1.com" is the domain name of the backend vhost to be proxied.

Map the proxy vhost to your listener(s)

WebAdmin console > Listeners > your listeners > Virtual Host Mappings > Add

Virtual Host: proxy-vhost1
Domain: proxy-vhost1.domain.com

Enable per-client throttling for the vhost (to provide HTTP-level anti-DDoS protection)

WebAdmin console > Configuration > Virtual Hosts > proxy-vhost1 > Basic

Per Client Throttle
 Static Requests/second: 50
 Dynamic Requests/sec: 5
 Outbound Bandwidth (bytes/sec): 100K
 Inbound Bandwidth (bytes/sec): 20K

Go through steps 2.1 to 2.5 again to proxy additional backend vhosts.