Basic CDN with Nginx or HA proxy to serve static content? - nginx

I have 2 servers A & B. On both server I serve static content via Nginx.
I would like to set up a HTTP redirection on A (Nginx, Ha proxy, Varnish ?) that check health of A & B and redirect HTTP requests to both servers depending on their availibility. Later the "balancer" will be on a separate dedicated server.
Actually I thought upstream from nginx would do the trick but all the bandwidth go throught this proxy which is not what.
I want to use all available bandwidth from A & B so I have to redirect request on A & B servers.
My searches:
HA Proxy have a HTTP redirection wich may help me : https://www.haproxy.com/doc/aloha/7.0/haproxy/http_redirection.html . Maybe using with https://www.haproxy.com/doc/aloha/7.0/haproxy/healthchecks.html to always send to available server. This mean installing and managing a new app I'm not familiar with (HA proxy).
There is mix with some perl code and nginx to achieve that here: http://www.sourceprojects.org/nginx-stateless-loadbalancer but It use external perl script and I'm not sure it is very robust solution.
I wonder if there is something I missed in Nginx or Varnish to achieve that ?

Related

How to Eliminate Nginx from the Production Stack via using Cloudflare as a substitutable Reverse Proxy?

Is it possible to use "cloudflare" as a reverse proxy for hosting several websites on the same host machine but on different ports?
Cloudflare can replace some of the features of Nginx, specifically:
Caching resources
Rate limiting and protecting your website
Redirecting access to your website to another server
But you still need Nginx or another web server for the following tasks:
Handling the TCP connections between Cloudflare and the server which generates the response (+ HTTPS should be used)
Generating the actual response, via FastCGI (PHP, Python, Ruby, etc.) or just delivering a file/resource (server and location blocks in Nginx)
Setting the correct headers for the response, for caching and content type (Cloudflare relies on these)
Cloudflare does not support sending your requests to specific ports on the origin host - but that would still not help you much, because Cloudflare has a very specific feature set, and generating responses is not part of them, which is why you need a web server.
If you want to reduce the work needed to maintain Nginx, you can restrict Nginx to only reply to requests by Cloudflare and do the rate limiting and some other tasks in Cloudflare.

Atlasssian Crucible through AWS ELB with HTTPS

I've recently setup a Crucible instances in AWS connected via a HTTPS ELB. I have a nginx reverse proxy setup on the instance as well to redirect HTTP requests to HTTPS.
This partially works. However Crucible itself doesn't know it's running over HTTPS so serves up mixed content, and ajax queries often break due to HTTP -> HTTPS conflicts.
I've found documentation for installing a certificate in Crucible directly...
https://confluence.atlassian.com/fisheye/fisheye-ssl-configuration-298976938.html
However I'd really rather not have to do it this way. I want to have the HTTPS terminated at the ELB, to make it easier to manage centrally through AWS.
I've also found documentation for using Crucible through a reverse proxy...
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
However this doesn't specifically deal with HTTPS.
All I really need is a way to ensure that Crucible doesn't serve up content with hard coded internal HTTP references. It needs to either leave off the protocol, or set HTTPS for the links.
Setting up the reverse proxy configuration should help accomplish this. Under Administration >> Global Settings >> Server >> Web Server set the following:
Proxy scheme: https
Proxy host: elb.hostname.com
Proxy port: 443
And restart Crucible.
Making configuration on UI is one way. You can also change config.xml in $FISHEYE_HOME:
<web-server site-url="https://your-public-crucible-url">
<http bind=":8060" proxy-host=“your-public-crucible-url" proxy-port="443" proxy-scheme="https"/>
</web-server>
Make sure to shutdown FishEye/Crucible before making this change.
AFAIK, this configuration is the only way to tell internal Jetty of FishEye/Crucible to be aware of the reversed proxy in front of them.

Forward proxy to redirect HTTPS URL to internal

I'm trying to come up with a solution where I can do the follow:
In my scenario there are 2 servers.
API1: Nginx + API Website
API2: Nginx + Staging Website
In order to check new version of API via mobileapp, I want to set my phone to use a proxy server (Should be API2), and only when the dest URL is https://api.test.com it will redirect it internally to localhost:6000.
Any ideas of how it can be done? I know Nginx does not support SSL Proxing, but maybe I'm wrong.
Thanks
Well,
Eventually I was able to accomplish that by using Apache Traffic Server which has been configured as a forward proxy while doing some map rules to redirect traffic from https to localhost:443/
But, I will be happy to hear some more ideas.
Thanks

HTTPS Proxy for existing HTTP application

I have a running HTTP web application and I am facing problems to make it run over HTTPS.
I am thinking of bringing some HTTPS Proxy that accepts user requests and forward it to the HTTP web app.
What do you think of that? and How can I accomplish that?
Setting up stunnel is a no-brainer - and its available for Unix/Linux/Posix/MSWindows (you might have mentioned what OS you are using).
(Also you can run the program to encrypt or decrpyt, at the server or at the client side)
It's possible to run Apache Httpd (for example) using HTTPS and use mod_proxy_http as a reverse proxy to forward the requests to your existing HTTP server. Of course, for this to be of any use, you'd need the reverse proxy and the target server to be connected in such a way that connections cannot be sniffed or altered.
You may find that the existing server needs certain extra settings for it to be aware it's using HTTPS (for example, special Valves in Apache Tomcat to set the HTTPS flag to true).
Apache httpd reverse-proxy?

Forwarding based on Host Headers

I am trying to get around ISP limitations of 1 IP address. Here is what I am trying to do. I have two web servers running internally on my network. One is my main IIS box that runs 4 or 5 sites and I just added a windows home server. I have created a dns entry for it called home.mydomain.com and the other server reponds to www.mydomain.com.
My router is set to forward 80 to www.mydomain.com's server (192.168.1.3) so when requests come in for home.mydomain.com the request fails since www server is not set up to listen to that host header.
I would like to know if there is a way with IIS 7 to 'proxy' requests to home.mydomain.com (192.168.1.4). I had tried setting up HttpRedirect in IIS but that does not work as I would have hoped since it sends back a 302 to the client with a name that points back to the main IP address and then a vicious redirect loop happens.
I am told in apache this can be done by having one server proxy for the other. Can this be done in IIS 7? If not does anyone know of a webserver proxy type of software I can use?
Thanks in advance,
Rich
What you are looking for is a "reverse proxy". In Apache you can do this via mod_proxy. In IIS, you'll want to try the Application Request Routing package.
URL Rewrite for IIS can also be used to do reverse proxing.
Yet another reverse proxy package is Managed Fusion URL Rewriter and Reverse Proxy

Resources