Round Robin Web Proxy

[Codewiz]

I am trying to setup a configuration like this:

Server1: portal.company.com


Server2: server2.company.com
Server3: server3.company.com
Server4: server4.company.com

Server1 is the only publically accessible computer. It needs to act as a reverse proxy to all three servers.

Server2, 3, 4 all serve the same content and pages. Basically they are frontend web servers for a portal application.

Server1 need to act as a SSL reverse proxy round robin load balancer.

Anyone know of an application that will work in this way? I have found load balancers, I have found reverse proxies but I haven't found an application that can do both.

squid is an open source project that appears to be able to do it but I sure can't find a document that describes how to set it up in this fashion.

 

[Garion]

There's a lot of devices that will do server acceleration (aka reverse proxy) and SSL acceleration, if you have cash to spend. I don't know of any software-based app, however, that will do both. Both Apache and Squid can be configured as a reverse proxy / server accelerator, but I don't know about SSL.

Keep in mind that SSL encryption is EXTREMELY hard on the CPU of the device doing the encryption, to the tune of just a few transactions per second. Most folks who do SSL use hardware accelerators (Like F5's, Redlines, etc.). If you do need to do on an Intel server and need more than a few connections, use a SSL accelerator card, like a Rainbow or something.

If you've got some cash to spend, consider looking at a BlueCoat proxy with a SSL card in reverse proxy mode. We use a lot of them and they are good stuff. They will do the reverse proxy, SSL acceleration and load balance to the three servers.

- G

 

[Codewiz]

Originally posted by: Garion
There's a lot of devices that will do server acceleration (aka reverse proxy) and SSL acceleration, if you have cash to spend. I don't know of any software-based app, however, that will do both. Both Apache and Squid can be configured as a reverse proxy / server accelerator, but I don't know about SSL.

Keep in mind that SSL encryption is EXTREMELY hard on the CPU of the device doing the encryption, to the tune of just a few transactions per second. Most folks who do SSL use hardware accelerators (Like F5's, Redlines, etc.). If you do need to do on an Intel server and need more than a few connections, use a SSL accelerator card, like a Rainbow or something.

If you've got some cash to spend, consider looking at a BlueCoat proxy with a SSL card in reverse proxy mode. We use a lot of them and they are good stuff. They will do the reverse proxy, SSL acceleration and load balance to the three servers.

- G

Don't I know it

I am working on a project and at the moment we don't have any cash to spend. Basically we are doing a proof of concept but there are major restrictions. Security requires our HTTP servers to use SSL and our portal product needs multiple frontends to handle the concurrent user load.

http://hp.vector.co.jp/authors/VA027031/orenosp/index_en.html

Orenosp is pretty close to what I need. I have contacted the creator of the application and round robin load balancing is on the way. He is gonna let me test a sessionless based version soon.

I was just hoping that I am missing something out there.

 

[Garion]

If that'll do what you need, you can always run a load balancer application like Oscar on a different box (or even the same box - Just aim your SSL reverse proxy at the local IP on a different port) to do load balancing.

- G