æ°—ãŒã™ã‚‹ï¼
- ãªãœProxyPassReverseã«balancer://~~ ã‚’è¨å®šã§ããªã„ã®ã‹ *1
- ãªãœProxyPassReverseã«ajp://~~ ã‚’è¨å®šã§ããªã„ã®ã‹
- ãªãœbackendãŒhttpã¨ajpã®å ´åˆã§ã€ProxyPassReverseã«è¨å®šã™ã‚‹URLãŒç•°ãªã‚‹ã®ã‹
ãªã©ãªã©ã€‚今ã¾ã§ã¯mod_proxyã™ã‚‹æ©Ÿä¼šãŒã»ã¨ã‚“ã©ãªãé©å½“ã«ãŠèŒ¶ã‚’æ¿ã—ã¦ã„ãŸã®ã§ã€ä¸–é–“ã®äººã‹ã‚‰ç›¸å½“é…ã‚Œã¦ã„ã‚‹ã¨ã¯æ€ã„ã¾ã™ãŒã€ã›ã£ã‹ããªã®ã§è‡ªåˆ†ç”¨ã¾ã¨ã‚。æ€ã„ã¤ã„ãŸã“ã¨ã‚’ã¤ã‚‰ã¤ã‚‰ã¨ãƒ¡ãƒ¢ã£ã¦ã„ã‚‹ã‹ã‚‰ã‹ãªã‚Šå†—é•·ã§ã™ãŒã€‚
追記 20100907
apache 2.2.12 ã‹ã‚‰ã€balancer:// ã®URLã«ã‚‚ProxyPassReverseãŒä½¿ãˆã‚‹ã‚ˆã†ã«mod_proxyãŒãƒ‘ワーアップã—ã¦ã„ã¾ã—ãŸã€‚
*) mod_proxy: Complete ProxyPassReverse to handle balancer URL's. Given;
BalancerMember balancer://alias http://example.com/foo
ProxyPassReverse /bash balancer://alias/bar
backend url http://example.com/foo/bar/that is now translated /bash/that
[William Rowe]
ã¨ã„ã†ã‚ã‘ã§ã€è¨˜è¿°ã‚‚スッã‚リã™ã‚‹ã®ã§apache 2.2.12ã¯ProxyPassReverse balancer://~~ ã§æ›¸ã„ãŸã»ã†ãŒè‰¯ã„ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“。(試ã—ã¦ãªã„ã®ã§ä½•ã¨ã‚‚言ãˆãªã„ã‘ã©)
ã•ã‚‰ã«è¿½è¨˜
実際ã«è©¦ã—ã¦ã¿ãŸã‘ã©ã€ProxyPassReverse balancer://~~ ãŒã†ã¾ã動作ã™ã‚‹ã®ã¯ã€BalancerMemberãŒhttpã®ã¨ãã§ã€ajp:// ã ã¨LocationヘッダãŒèª¿æ•´ã§ãã¦ãªã‹ã£ãŸã€‚3番ã®é …ç›®ã®ã¨ã“ã§ã‚‚書ã„ãŸã‘ã©ã€httpã¨ajpプãƒãƒˆã‚³ãƒ«åˆ©ç”¨æ™‚ã®ãƒ¬ã‚¹ãƒãƒ³ã‚¹ãƒ˜ãƒƒãƒ€ã®é•ã„関係ã—ã¦ã‚‹ã‚“ã˜ã‚ƒãªã„ã‹ã¨æŽ¨æ¸¬ã€‚
## 追記ã“ã“ã¾ã§
- http://httpd.apache.org/docs/2.2/ja/mod/mod_proxy.html
- http://httpd.apache.org/docs/2.2/ja/mod/mod_proxy.html#proxypass
- http://httpd.apache.org/docs/2.2/ja/mod/mod_proxy.html#proxypassreverse
自分ãªã‚Šã«ç†è§£ã§ãã¦ç´å¾—ã—ã¦ã„ã‚‹ã¤ã‚‚ã‚Šã§ã™ãŒã€ç¢ºèªã«ä½¿ã£ãŸbackendサーãƒã¯apache + ç°¡å˜ãªcgi, tomcatã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®webappsã ã‘ãªã®ã§é–“é•ã£ã¦ã„ã‚‹ã¨ã“ã‚ã‚‚ã‚ã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã”指摘ã„ãŸã ã‘ã‚‹ã¨å¹¸ã„ã§ã™ã€‚
構æˆ
確èªã§ä½¿ã£ãŸã®ã¯vmware環境ã«ä½œã£ãŸapache(reverse proxy)ã¨ã€backendã¯apache or tomcat。
reverse proxy backend server -------- http ----------- http or ajp ------------------- |client| <======> | apache | <======> | apache or tomcat| -------- ----------- -------------------
- clientãŒã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹hostã¯www.example.com
- reverse proxyã§ã‚ã‚‹apacheãŒã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹backendã®hostã¯backend*.example.com
- backendã®apacheã¯ã®UseCannonicalName, UseCannonicalPhysicalPortãŒOffã«ãªã£ã¦ã„ã‚‹ã¨ã™ã‚‹
ProxyPassReverse
ProxyPassReverse ディレクティブ
説明: リãƒãƒ¼ã‚¹ãƒ—ãƒã‚ã‚·ã•ã‚ŒãŸã‚µãƒ¼ãƒã‹ã‚‰é€ã‚‰ã‚ŒãŸ HTTP å¿œç”ヘッダ㮠URL を調整ã™ã‚‹
構文: ProxyPassReverse [path] url
apacheå…¬å¼ã®èª¬æ˜Žã®ã‚ˆã†ã«ã€ProxyPassReverseã§è¨å®šã™ã‚‹ã®ã¯ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã‚µãƒ¼ãƒã‹ã‚‰é€ã‚‰ã‚Œã¦ãã‚‹Locationヘッダç‰ã®URLã§ã€æ›¸ãæ›ãˆã—ãŸã„URLã‚’è¨å®šã™ã‚‹ã€‚書ãæ›ãˆãŒè¡Œã‚れるã®ã¯ä¸€è‡´ã—ãŸã¨ããªã®ã§æ£ã—ã書ã‹ãªã‘ã‚Œã°ã„ã‘ãªã„。
例ãˆã°ä¸‹2è¡Œã®è¨å®šã€‚backend1ã®apacheãŒport80ã§listenã—ã¦ã„ã‚Œã°ã€URLã¨ã—ã¦ã¯å®Ÿè³ªåŒã˜æ„味ã ã‘ã©ã€ProxyPassReverseã®è¨å®šã¨ã—ã¦ã¯åˆ¥ç‰©(後述).
ProxyPass /app http://backend1.example.com:80/app ProxyPass /app http://backend1.example.com/app
URLを書ãæ›ãˆã—ãŸã„ã¨ãã¨ã¯
例ãˆã°ã“ã‚“ãªProxyPassè¨å®šã®ã¨ã。
ProxyPass /app http://backend1.example.com:8080/app
ã“ã®ã¨ãclientãŒhttp://www.example.com/app 以下ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€reverse proxyã®apacheã¯backendã®ã‚µãƒ¼ãƒã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã€‚ã“ã®ã¨ãã€backendサーãƒå´ã§redirectãŒç™ºç”Ÿã—ãŸå ´åˆã«ProxyPassReverseã®å‡ºç•ªã€‚良ãã‚ã‚‹ã®ã¯ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚¹ãƒ©ãƒƒã‚·ãƒ¥ãªã—ã§ã‚¢ã‚¯ã‚»ã‚¹ã—ãŸå ´åˆã€‚ä»–ã«ã‚‚アプリå´ã§ç‰¹å®šURLã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã•ã›ãŸå ´åˆãªã©ã€‚
- clientãŒhttp://www.example.com/app/dir ã«ã‚¢ã‚¯ã‚»ã‚¹
- リクエストをå—ã‘å–ã£ãŸapache(reverse proxy)ãŒã€backendã®http://backend1.example.com:8080/app/dirã«ã‚¢ã‚¯ã‚»ã‚¹
- backendã®apacheã¯301ã§Locationヘッダã«ã‚¹ãƒ©ãƒƒã‚·ãƒ¥ã‚’付ã‘ãŸURL(http://backend1.example.com:8080/app/dir/)ã‚’reverse proxyã®apacheã«è¿”ã™
- reverse proxyã®apacheã¯backendã‹ã‚‰å—ã‘å–ã£ãŸHTTPレスãƒãƒ³ã‚¹ã‚’clientã«è¿”ã™
å•é¡Œã¯ã“ã®ã¨ãã®3番ã®HTTPヘッダ(ã®Locationヘッダ)。reverse proxyã§ã‚ã‚‹apacheã¯backendã®ã‚µãƒ¼ãƒã«å¯¾ã—ã¦http://backend1.example.com:8080/ã§ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã„ã‚‹ã®ã§ã€backendã‹ã‚‰å—ã‘å–ã‚‹HTTPヘッダã¯ä»¥ä¸‹ã®ã‚ˆã†ãªã‚‚ã®ã€‚
HTTP/1.1 302 Moved Temporarily Date: Sat, 05 Dec 2009 03:08:13 GMT Server: Apache Location: http://backend1.example.com:8080/app/dir/ Transfer-Encoding: chunked Content-Type: text/plain
ã“ã®ãƒ˜ãƒƒãƒ€ãŒclientã«è¿”ã£ã¦ã—ã¾ã†ã¨ã€clientã¯Locationヘッダã®å€¤ã§ã‚ã‚‹http://backend1.example.com:8080/app/dir/ ã«ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ã—よã†ã¨ã—ã¦ã—ã¾ã†ã€‚
clientãŒbackendã®ã‚µãƒ¼ãƒã«ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ãªãœãƒ€ãƒ¡ã‹
色々ã‚ã‚‹ã‘ã©ã€‚
- 仕組ã¿ãŒã°ã‚Œã¦ã‹ã£ã“悪ã„
- reverse proxyã§é™çš„コンテンツを極力応ç”ã—ãŸã„ã®ã«ã€ç›´æŽ¥backendã®ã‚¢ãƒ—リケーションサーãƒã«ã‚¢ã‚¯ã‚»ã‚¹ã•ã‚ŒãŸã‚‰è² è·ãŒé«˜ããªã‚‹
- ãã‚‚ãã‚‚backend1.example.comãŒDNSã§åå‰è§£æ±ºã§ããªã„ or backendãŒãƒ—ライベートIPã®LANã«ã„ã‚‹ or Firewallã§é–‰ã˜ã‚‰ã‚Œã¦ã„ã‚‹ç‰ã®å ´åˆã¯clientãŒbackendã«ã‚¢ã‚¯ã‚»ã‚¹ã§ããªã„
- ex) /etc/hostsã« 10.0.0.10 backend1 ã‚’è¨å®š
- ProxyPass /app http://backend1:8080/app ã¨è¨å®šã—ã¦ã„ã‚‹å ´åˆãªã©
ãªã©ã®äº‹æƒ…ãŒã‚ã‚‹ãŸã‚ã€reverse proxyã¯backendã‹ã‚‰ä¸Šè¨˜ã®ã‚ˆã†ãªLocationヘッダãŒè¿”ã£ã¦ããŸã¨ãã«Locationヘッダを調整ã™ã‚‹å¿…è¦ãŒã‚る。ã“れを実際ã«è¡Œã†ã®ãŒProxyPassReverse。調整ã—ãŸã„URLã¨ã¯ã¾ã•ã«http://backend1.example.com:8080/app ãªã®ã§ã€apacheã®è¨å®šã¯
ProxyPass /app http://backend1.example.com:8080/app ProxyPassReverse /app http://backend1.example.com:8080/app
ã“ã†ãªã‚‹ã€‚
ãªãœProxyPassReverseã«balancer://~~ ã‚’è¨å®šã§ããªã„ã®ã‹ã€ã®ç”ãˆ
ã“ã“ã§1番ã®ç”ãˆã€‚↑ã®ä¾‹ã®ã‚ˆã†ã«ProxyPassReverseã«è¨å®šã™ã‚‹ã®ã¯backendã‹ã‚‰è¿”ã£ã¦ãã‚‹Locationヘッダç‰ã®URLを調整ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã€‚
ãªã®ã§ã€ProxyPassã¨ã‚»ãƒƒãƒˆã«ã—ã¦ProxyPassReverseã«balancer://~~ を書ã„ã¦ã‚‚æ„味ã¯ãªã„。backendã®ã‚µãƒ¼ãƒã‹ã‚‰balancer://~~ ã¨ã‹ã„ã†LocationヘッダãŒè¿”ã£ã¦ãã‚‹ã¯ãšã¯ãªã„ã®ã ã‹ã‚‰ã€‚
ProxyPass /app balancer://cluster/app ProxyPassReverse /app balancer://cluster/app ## é–“é•ã„
ProxyPassReverseã®URLã¯BalancerMember or ProxyPassã«è¨å®šã™ã‚‹URLã¨ã¯å¿…ãšã—も一致ã—ãªã„
ã“れも微妙ã«ã¯ã¾ã£ãŸã€‚実環境ã§ã¯ã“ã‚“ãªãƒã‚°ãƒã‚°ãªè¨å®šã¯ãªã„ã‹ã‚‚ã—ã‚Œãªã„ã‘ã©ã€‚
2ã¤ã®backendã®apacheãŒãã‚Œãžã‚Œportã‚’80/8080ã§listenã—ã¦ã„ãŸã®ã§ã€BalancerManagerã«æ›¸ãã¨ãã«portを明示的ã«æ›¸ã„ã¦ã„ãŸã€‚
- reverse proxyã«è¨å®šã—ãŸbalancer
<Proxy balancer://cluster > BalancerMember http://backend1.example.com:80 BalancerMember http://backend2.example.com:8080 </Proxy>
è‚心ã®Proxyã™ã‚‹è¨å®šã€‚ã“ã“ã‚’é–“é•ãˆãŸã€‚ã¦ã£ãã‚ŠBalancerMemberã¨åŒã˜å€¤ã§è‰¯ã„ã¨æ€ã„ã“ã‚“ã§æ¬¡ã®è¨å®šã«ã—ã¦ã„ãŸã‚‰backend1ã«ã„ã£ãŸã¨ãã¯æ£å¸¸ã«å‹•ã‹ãªã„。
ProxyPass /app balancer://cluster/app ProxyPassReverse /app http://backend1.example.com:80/app # 1 ProxyPassReverse /app http://backend2.example.com:8080/app
æ£è§£ã¯ã“ã£ã¡ã€‚
ProxyPass /app balancer://cluster/app ProxyPassReverse /app http://backend1.example.com/app # 2 ProxyPassReverse /app http://backend2.example.com:8080/app
ãªãœã‹ã€‚
reverse proxyãŒbackend1ã®apacheã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ãã«ã€http://backend1.example.com:80/ã¨port指定ã§
アクセスã—ãŸã¨ã—ã¦ã‚‚ã€backendã®ã‚µãƒ¼ãƒã¯port番å·ã‚’付ã‘ãšã«ã€
Location: http://backend1.example.com/app
ã§HTTPヘッダを返ã—ã¦ãる。ProxyPassReverseãŒæ›¸ãæ›ãˆã‚‹ã®ã¯ã€ã“ã®ã¨ãè¿”ã£ã¦ãるヘッダã®URLãªã®ã§ã€#1ã®è¨å®šã¯é–“é•ã„。apacheãŒdefaultã®80番ã§listenã—ã¦ã„ã‚‹å ´åˆã€URLã®æ„味ã¨ã—ã¦ã¯#1ã‚‚#2ã‚‚åŒã˜ã ã‘ã©ProxyPassReverseã®è¨å®šã¨ã—ã¦ã¯åˆ¥ã€‚
backendãŒajpã®å ´åˆ
ajpプãƒãƒˆã‚³ãƒ«ã®ä»•æ§˜ã‚’知らãªã„ã®ã§çµŒé¨“ã‚’å…ƒã«ã—ãŸæŽ¨æ¸¬ã§ã™ãŒã€ajpã§æ¸¡ã™å ´åˆã¯ã€
ProxyPass /app ajp://localhost:8009/app
ã¨æ›¸ã„ãŸã¨ã—ã¦ã‚‚tomcatã«æ¸¡ã•ã‚Œã‚‹hostヘッダã¯localhostã§ã¯ãªãã¦ã€clientãŒå…ƒã€…アクセスã—ã¦ã„ãŸwww.example.comã®ã¾ã¾ã£ã½ã„。ãªã®ã§ã€tomcatå´ã§redirectãŒç™ºç”Ÿã—ã¦ã‚‚ã€tomcatã‹ã‚‰reverse proxyã§ã‚ã‚‹apacheã«è¿”ã£ã¦ãã‚‹Locationヘッダã®hostã¯www.exmaple.comã®ã¾ã¾ã ã£ãŸã€‚
åŒã˜URLã®æ§‹æˆã§backendã«proxyã™ã‚‹å ´åˆ
URLã‚’åŒã˜æ§‹æˆã§backendã®ajpã«æ¸¡ã™å ´åˆã¯Locationヘッダã®èª¿æ•´ã¯å¿…è¦ãªã„ã®ã§ProxyPassReverseã‚‚ã„らãªã„ã½ã„?
- clientãŒhttp://www.example.com/app/dir ã«ã‚¢ã‚¯ã‚»ã‚¹
- リクエストをå—ã‘å–ã£ãŸreverse proxyãŒã€backendã®ajp://backend1.example.com:8009/app/dirã«ã‚¢ã‚¯ã‚»ã‚¹
- backendã®tomcatã¯301ã§Locationヘッダã«ã‚¹ãƒ©ãƒƒã‚·ãƒ¥ã‚’付ã‘ãŸURLã‚’reverse proxyã«è¿”ã™
- reverse proxyã¯backendã‹ã‚‰å—ã‘å–ã£ãŸHTTPレスãƒãƒ³ã‚¹ã‚’clientã«è¿”ã™
ã“ã®ã¨ãã®3ã®HTTPヘッダã¯
HTTP/1.1 302 Moved Temporarily Date: Sat, 05 Dec 2009 04:23:11 GMT Location: http://www.example.com/app/dir/ Content-Type: text/plain
ã ã£ãŸã®ã§ãƒ˜ãƒƒãƒ€ã®èª¿æ•´ã¯ä¸è¦ãªã®ã‹ã—ら。
ProxyPass /app ajp://backend1.example.com:8009/app #ProxyPassReverse /app http://www.example.com/app ## ã“ã‚ŒãŒä¸è¦
URLを変ãˆã¦æ¸¡ã™å ´åˆ
ã“ã®ã¨ãã¯ProxyPassReverseã¯å¿…è¦ãªã¯ãšã€‚例ãˆã° /app => backendã®/fooã«æ¸¡ã™å ´åˆ
ProxyPass /app ajp://backend1.example.com:8009/foo
- clientãŒhttp://www.example.com/app/dir ã«ã‚¢ã‚¯ã‚»ã‚¹
- リクエストをå—ã‘å–ã£ãŸreverse proxyãŒã€backendã®ajp://backend1.example.com:8009/foo/dirã«ã‚¢ã‚¯ã‚»ã‚¹
- backendã®tomcatã¯301ã§Locationヘッダã«ã‚¹ãƒ©ãƒƒã‚·ãƒ¥ã‚’付ã‘ãŸURLã‚’reverse proxyã«è¿”ã™
- reverse proxyã¯backendã‹ã‚‰å—ã‘å–ã£ãŸHTTPレスãƒãƒ³ã‚¹ã‚’clientã«è¿”ã™
ã“ã®ã¨ãã®3ã®HTTPヘッダã¯
HTTP/1.1 302 Moved Temporarily Date: Sat, 05 Dec 2009 04:26:25 GMT Location: http://www.example.com/foo/dir/ Content-Type: text/plain
ã ã£ãŸã€‚clientãŒã‚¢ã‚¯ã‚»ã‚¹ã—ãŸéš›ã®é ã®/appãŒ/fooã«å¤‰ã‚ã£ã¦ã—ã¾ã£ã¦ã„る。httpã¨é•ã£ã¦FQDNã¯backend1ã«ã¯ãªã£ã¦ãŠã‚‰ãšã€www.example.comã®ã¾ã¾ãªã“ã¨ã‚‚ãƒã‚¤ãƒ³ãƒˆã€‚
tomcatå´ã‹ã‚‰ã™ã‚‹ã¨ã€reverse proxyã®apacheãŒajp://backend1.example.com:8009/fooã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã‹ã‚‰ã€"/app"ãªã‚“ã¦ã‚‚ã®ã¯å…¨ã関知ã—ãªã„ã¨ã“ã‚ãªã®ã§ã€ãŸã¶ã‚“ã“ã†ãªã£ã¦ã„る? ã“ã®ã¾ã¾ã ã¨ã€clientãŒé–“é•ã£ãŸURLã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã™ã‚‹ã®ã§ã€
ProxyPass /app ajp://backend1.example.com:8009/foo ProxyPassReverse /app http://www.example.com/foo
ã®è¨å®šã‚’書ã„ã¦ã‚ã’ãªã„ã¨ã„ã‘ãªã„。
ã“ã®è¾ºã‚Šã¾ã§ç†è§£ã§ããŸããŸã®ã§ã€å†’é ã®2番ã€3番ã®ç”ãˆã‚‚出る。
ãªãœProxyPassReverseã«ajp://~~ ã‚’è¨å®šã§ããªã„ã®ã‹ã€ã®ç”ãˆ
何回も書ã„ã¦ã‚‹ã‘ã©ProxyPassReverseã«æ›¸ãã®ã¯backendã‹ã‚‰è¿”ã£ã¦ããŸLocationヘッダç‰ã‚’調整ã™ã‚‹ãŸã‚ã®è¨å®šã€‚client <=>(http) apache <=>(ajp) tomcatã¨é€šä¿¡ã—ã¦ã‚‚ã€Locationヘッダã¯clientãŒãã‚‚ãもアクセスã—ãŸhttp://www.exmaple.com/~~ ã«ãªã‚‹ã®ã§ProxyPassã«ajp://~~ã‚’è¨å®šã—ã¦ã‚‚æ„味ãŒãªã„。
ãªãœbackendãŒhttpã¨ajpã®å ´åˆã§ã€ProxyPassReverseã«è¨å®šã™ã‚‹URLãŒç•°ãªã‚‹ã®ã‹ã€ã®ç”ãˆ
backendãŒhttpã®å ´åˆã¯ProxyPassReverseã«è¨å®šã™ã‚‹ã®ã¯http://backend1.example.com/。ãã‚Œã«å¯¾ã—ã¦ã€ajpã®å ´åˆã¯ã€clientãŒã‚¢ã‚¯ã‚»ã‚¹ã—ãŸhttp://www.example.com/ 。
ã§ã€ã“ã‚Œã¯ç¢ºè¨¼ãŒãªãã¦äºˆæƒ³ãªã‚“ã ã‘ã©ã€‚ajpプãƒãƒˆã‚³ãƒ«ã®å ´åˆã€Locationヘッダç‰ã«ä½¿ç”¨ã•ã‚Œã‚‹FQDNã¯apacheãŒtomcatã«ajpã§æŽ¥ç¶šã™ã‚‹ã¨ãã®hoståã§ã¯ãªãã€å…ƒã€…clientãŒã‚¢ã‚¯ã‚»ã‚¹ã—ãŸãƒ˜ãƒƒãƒ€æƒ…å ±ãŒä½¿ã‚ã‚Œã¦ã„ã‚‹ã‹ã‚‰ã§ãªã„ã‹ã¨ã€‚
httpã®å ´åˆã¯ã€reverse proxyãŒbackendã«æŽ¥ç¶šã™ã‚‹å ´åˆã€
- client: reverse proxy
- server: backend apache server
ã¨ã„ã†é–¢ä¿‚ã«ãªã‚‹ã®ã§ã€(UseCannonicalNameã®è¨å®šã«ä¾å˜ã™ã‚‹ã‘ã©) reverse proxyã®apacheã¯ProxyPassã«è¨å®šã—ã¦ã„ã‚‹hoståã§backendã«æŽ¥ç¶šã—ã«ã„ãã®ã§ã€backendã®apacheã¯Locationヘッダã§http://backend1.example.com/~~ ã®URLã‚’è¿”ã™ã‚ˆã†ã«ãªã‚‹ã€‚ãã®é•ã„。
ãŠã¾ã‘
ã‚ã¨ã€ProxyPassReverseã«æ›¸ãURLã¯ãƒžãƒƒãƒã—ãŸé †ã«é©ç”¨ã•ã‚Œã‚‹ã®ã§ã€
(ã“ã‚“ãªproxyã®ä»•æ–¹ã—ãªã„ã‹ã‚‚ã—ã‚Œãªã„ã‘ã©)
ProxyPass /baz balancer://cluster ProxyPass /foo balancer://cluster/foo
ã“ã®å ´åˆã¯ã€/bazã«ã¤ã„ã¦ã®ProxyPassReverseを後ã«æ›¸ãå¿…è¦ãŒã‚る。
- é–“é•ã„
ProxyPassReverse /baz http://backend1.example.com:8080 ProxyPassReverse /foo http://backend1.example.com:8080/foo
- æ£è§£
ProxyPassReverse /foo http://backend1.example.com:8080/foo ProxyPassReverse /baz http://backend1.example.com:8080 # ã“ã£ã¡ã‚’後ã«
/bazã®è¨å®šã‚’å…ˆã«æ›¸ã„ã¦ã—ã¾ã†ã¨ã€/fooã¸ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«å¯¾ã—ã¦ã®Locationヘッダも調整ã•ã‚Œã¦ã—ã¾ã£ã¦ã€http://backend1.example.comã®éƒ¨åˆ†ãŒhttp://www.example.com/bazã«æ›¸ãæ›ãˆã‚‰ã‚Œã‚‹ã€‚çµæžœã¨ã—ã¦http://www.example.com/baz/foo ã«ãªã£ã¦ã—ã¾ã†ã€‚
è¨å®šã¾ã¨ã‚
上記ã®ã“ã¨ã‚’ã¾ã¨ã‚ã‚‹ã¨ã€ãŸã¶ã‚“ã“ã‚“ãªæ„Ÿã˜ã«ãªã‚‹ã€‚
backendãŒhttp
基本的ã«ProxyPassã¨åŒã˜ã‚‚ã®ã‚’書ã‘ã°è‰¯ã„。
- 1å°ã®å ´åˆ
ProxyPass /app http://backend1.example.com:8080/app ProxyPassReverse /app http://backend1.example.com:8080/app
- 複数å°ã§balancerã—ã¦ã‚‹ã¨ã
<Proxy balancer://cluster/ > BalancerMember http://backend1.example.com:8080 BalancerMember http://backend2.example.com:8080 </Proxy> ProxyPass /app blancer://cluster/app ProxyPassReverse /app http://backend1.example.com:8080/app ProxyPassReverse /app http://backend2.example.com:8080/app
backendãŒajp
URLを変æ›ã—ã¦proxyã—ã¦ã„ã‚‹å ´åˆã¯è¨å®šãŒå¿…è¦ã€‚URLã‚’ãã£ãã‚Šãã®ã¾ã¾æ¸¡ã—ã¦ã„ã‚‹å ´åˆã¯ProxyPassReverseã¯ã„らãªã„。ã¨ã¯ã„ãˆæ›¸ã„ã¦ã‚‚å•é¡Œã¯ãªã„ã¨æ€ã†ã®ã§ã€æ›¸ã„ã¦ã—ã¾ã£ã¦ã¦ã‚‚良ã„ã‹ã‚‚。
- 1å°ã®å ´åˆ: URLã‚’ãã®ã¾ã¾æ¸¡ã—ã¦ã„ã‚‹
ProxyPass /app ajp://backend1.example.com:8009/app ProxyPassReverse /app http://www.example.com/app ## ↑ã„らãªã„
- 1å°ã®å ´åˆ: URLを変更ã—ã¦ã„ã‚‹
ProxyPass /app ajp://backend1.example.com:8009/foo/app ProxyPassReverse /app http://www.example.com/foo/app
- 複数å°ã§balancer: URLã‚’ãã®ã¾ã¾æ¸¡ã—ã¦ã„ã‚‹
<Proxy balancer://cluster > BalancerMember ajp://backend1.example.com:8009 BalancerMember ajp://backend2.example.com:8009 </Proxy> ProxyPass /app blancer://cluster/app ProxyPassReverse /app http://www.example.com/app ## ↑ã„らãªã„
- 複数å°ã§balancer: URLを変更ã—ã¦ã„ã‚‹
<Proxy balancer://cluster > BalancerMember ajp://backend1.example.com:8009 BalancerMember ajp://backend2.example.com:8009 </Proxy> ProxyPass /app blancer://cluster/foo/app ProxyPassReverse /app http://www.example.com/foo/app
追記
ProxyPassReverseCookiePathã¨CookieDomain
- http://httpd.apache.org/docs/2.2/ja/mod/mod_proxy.html#proxypassreversecookiedomain
- http://httpd.apache.org/docs/2.2/ja/mod/mod_proxy.html#proxypassreversecookiepath
ProxyPassReverseã¯Locationヘッダを調整ã™ã‚‹ã€‚ãã‚Œã¨åŒæ§˜ã«ã€ã‚¢ãƒ—リã«ã‚ˆã£ã¦ã¯Cookie(Set-Cookieヘッダ)ã®pathã€domainも調整ã—ãªã„ã¨ã„ã‘ãªã„。仕組ã¿ã¯ProxyPassReverseã¨åŒã˜ã€‚
clientãŒã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã„ã‚‹URLã®pathã¨backendã®ã‚¢ãƒ—リãŒè¿”ã™Set-Cookieã®pathã¯å¿…ãšã—も一致ã—ãªã„。置æ›ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«ã€reverse proxyã—ã¦ã„ã‚‹apacheã«è¨å®šã™ã‚‹ã€‚
ProxyPass /foo http://backend.example.com/bar ProxyPassReverse /foo http://backend.example.com/bar
client㌠http://www.example.com/foo/hoge.cgiã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨reverse proxyã¯http://backend.example.com/bar/hoge.cgiã«ã„ã。ã“ã®cgiãŒ
Set-Cookie: id=100; path=/bar
ã®ã‚ˆã†ãªcookieヘッダを返ã™å ´åˆã€ã“ã®ã¾ã¾ã§ã¯pathãŒå¤‰ã‚ã£ã¦cookieãŒå‹•ã‹ãªã„ã®ã§ProxyPassReverseCookiePathを使ã†ã€‚
### 20140824 ä¿®æ£ ã‚³ãƒ¡ãƒ³ãƒˆã§æŒ‡æ‘˜ã„ãŸã ã„ãŸã®ã§ä¿®æ£ã—ã¾ã—ãŸï¼
ProxyPassReverseCookiePath /bar /foo
↓間é•ã£ã¦ã“ã†æ›¸ã„ã¦ã—ã¾ã£ã¦ã„ã¾ã—ãŸã€‚
ProxyPassReverseCookiePath /foo /bar
ã¾ãŸã€åŒæ§˜ã«Set-Cookie内ã®domainã‚‚ç½®æ›ã™ã‚‹å ´åˆã¯ã€ProxyPassReverseCookieDomainã§ã€‚ã“ã®è¨å®šã¯ä»–ã¨é•ã£ã¦ã€reverse proxyå…ˆã®domainã‚’å…ˆã«æ›¸ãã®ã§æ³¨æ„。
ProxyPassReverseCookieDomain backend.example.com www.example.com
