Pound: Installation and Configuration of a Reverse Proxy
Introduction
A reverse proxy is a type of proxy server, usually placed in front of web servers. It differs in its usage from traditional proxy servers.
The reverse proxy is implemented on the server side of the Internet. Web users go through it to access applications on internal servers. This technique allows, among other things, to protect a web server from attacks from outside.
This technology is used in application security solutions.
There are several recognized applications for reverse proxies:
- Security: The additional layer provided by reverse proxies can bring additional security. Programmable URL rewriting allows masking and controlling, for example, the architecture of an internal website. But this architecture mainly allows filtering access to web resources from a single point.
- SSL Acceleration: The reverse proxy can be used as an “SSL terminator,” for example, through dedicated hardware.
- Load Balancing: The reverse proxy can distribute the load of a single site across multiple web application servers. Depending on its configuration, URL rewriting work will therefore be necessary.
- Cache: The reverse proxy can offload web servers from the load of static pages/objects (HTML pages, images) by managing a local cache. The load on web servers is thus generally reduced.
- Compression: The reverse proxy can optimize the compression of site content.
After some research, it appears that Pound is one of the best solutions for reverse proxying. You can also do it with Apache, Lighttpd, Nginx… But apparently, Pound stands out because:
- It is lightweight and efficient (works very well with over 600 connections/sec)
- Configuration can be easily evolved to do load balancing
- It is capable of managing sessions
Installation
To install it, it’s simple:
|
|
Configuration
Default
Configure /etc/default/pound
if you want it to start automatically:
|
|
Basic Reverse Proxy
Here, I have an Apache running locally on port 8080 and I have Pound listening on port 80:
|
|
Basic Load Balancing
For a configuration, we’ll try a redirection with IP or VirtualHost:
|
|
Here, our server listens on port 80 of IP 192.168.0.200. If the VirtualHost deimos.fr is used, there will be a redirection to IP 192.168.0.1:80. Otherwise, if it’s mavro.fr, the redirection will be to address 192.168.0.2:80.
As you can see, it’s quite simple.
Note: The developer of Pound does not recommend using VirtualHosts and suggests letting the lower layer handle it.
Important: Be aware that it is impossible to do VirtualHost with HTTPS. This is due to a limitation of the protocol and not specific to Pound.
Resources
Last updated 15 May 2010, 07:13 CEST.