Revision 4 as of 2010-06-26 12:12:23

Clear message

Pound - Reverse Proxy Server

This Page describe the install and configuration of the Pound Reverse Proxy Server for running 2 or more Servers behind a Router with one static IP for delivering all of the different Websites that are Hosted on this Servers behind the Router with only 1 static IP without any Problems.

The Time needed for setting up this Service in Ubuntu is maximal 5 Minutes.

How it works?

  • Let us assume your public IP address is 202.54.1.5.
  • Pound will run on 202.54.1.5 port 80
  • It will forward all incoming http requests to internal host 192.168.1.5 and 192.168.1.10 port 80 or 443
  • Pound keeps track of associations between clients and back-end servers like sessions and cookies

Pound Installation

sudo apt-get install pound

Enabling Pound to start

sudo nano /etc/default/pound

Change it from startup=0 to startup=1. Before doing this, Pound will refuse to start. 

startup=1

Pound Configuration

Edit the Pund Confiuration File 

sudo nano /etc/pound/pound.cfg

Example Configurations

Redirect all HTTP traffic to an SSL url

It's easy to have pound do browser redirects for you. For instance, if your server farm is going to require SSL connections, you can automatically redirect any of the non-ssl connection attempts to the proper URL 

ListenHTTP
     Address 192.168.1.5
     Port    80
     Service
          Redirect "https://my.example.com/"
     End
End

Handle SSL at the proxy

If your server farm will be using SSL but you will have multiple servers on the backend which might make handling SSL certificates a bit sketchy, you can have Pound do the SSL encryption/decryption as the traffic leaves your LAN, and use standard HTTP requests within your local network 

ListenHTTPS
     Address 192.168.1.5
     Port    443
     Cert    "/etc/apache2/ssl/mycertificate.pem"
     Service
           BackEnd
                  Address 192.168.1.80
                  Port 80
           End
           BackEnd
                  Address 192.168.1.81
                  Port 80
           End
     End
End

Redirect image and css requests to a separate server

Another cool trick with Pound is to send all your static content to one server like LightTPD while pulling your PHP DB enabled content from Apache. That's easily done with URL matching 

Service
     URL "/(images|js|css)/"
     BackEnd
          Address 192.168.1.80
          Port    81  #This is where LightTPD is running
     End
End

Filter traffic based on headers

Another neat trick is to filter your end-users based on headers provided by the client. For instance, say your website should never be contacted by anything except an actual browser and you're concerned with the possibility of people writing programs to pull data from the site, you can add a Service that filters them out: 

Service
     HeadRequire "User-Agent:.*Microsoft URL Control.*"
     Redirect "http://www.microsoft.com"
End

Filter traffic based on destination DNS name

Service
     HeadRequire "Host:.*myotherdomain.com.*"
     BackEnd
          Address 192.168.1.8
          Port 80
     End
End

Starting Pound as Daemon Service

sudo /etc/init.d/pound start

Stoping Pound as Daemon Service

sudo /etc/init.d/pound stop

What Pound Is

Pound is a reverse proxy - that means you put it on the server end in front of your web services, not in front of your clients who need to connect to the general Internet. It takes web requests from end-users and distributes them among several web servers or services you may be running. Pound is also load balancing, so you can run multiple servers that look to the outside world as if they are just one, allowing you to spread the workload around.

What Pound Is Not

Pound proxy is NOT a caching proxy. By itself it won't help to speed up your server or network, but there is a lot of flexibility in Pound that will help you overall.

CategoryNetworking