As a reverse proxy cache, Traffic Server serves requests on behalf of origin servers. Traffic Server is configured in such a way that it appears to clients like a normal origin server.
This chapter discusses the following topics:
With forward proxy caching, Traffic Server handles web requests to distant origin servers on behalf of the clients requesting the content. Reverse proxy caching (also known as server acceleration or virtual web hosting) is different because Traffic Server acts as a proxy cache on behalf of the origin servers that store the content. Traffic Server is configured to be the origin server that the user is trying to connect to (in contrast to a typical scenario inwhich the advertised hostname of the origin server resolves to Traffic Server, which acts as the real origin server).
There are many ways to use Traffic Server as a reverse proxy. Below are a few example scenarios.
You can use Traffic Server in reverse proxy mode to:
Traffic Server can absorb requests to the main origin server and improve the speed & quality of web serving by reducing load and hot spots on backup origin servers. For example, a web hoster can maintain a scalable Traffic Server serving engine with a set of low-cost, low-performance, less-reliable PC origin servers as backup servers. In fact, a single Traffic Server can act as the virtual origin server for multiple backup origin servers, as shown in the figure below.
Traffic Server as reverse proxy for a pair of origin servers
Traffic Server can be used in reverse proxy mode to accelerate origin servers that provide content to areas not located within close geographical proximity. Caches are typically easier to manage and are more cost-effective than replicating data. For example, Traffic Server can be used as a mirror site on the far side of a trans-Atlantic link to serve users without having to fetch the request and content across expensive international connections. Unlike replication, for which hardware must be configured to replicate all data and to handle peak capacity, Traffic Server dynamically adjusts to best utilize the serving and storing capacity of the hardware. Traffic Server is also designed to keep content fresh automatically, thereby eliminating the complexity of updating remote origin servers.
Traffic Server can be used in reverse proxy mode to provide security for an origin server. If an origin server contains sensitive information that you want to keep secure inside your firewall, then you can use a Traffic Server outside the firewall as a reverse proxy for that origin server. When outside clients try to access the origin server, the requests instead go to Traffic Server. If the desired content is not sensitive, then it can be served from the cache. If the content is sensitive and not cacheable, then Traffic Server obtains the content from the origin server (the firewall allows only Traffic Server access to the origin server). The sensitive content resides on the origin server, safely inside the firewall.
When a browser makes a request, it normally sends that request directly to the origin server. When Traffic Server is in reverse proxy mode, it intercepts the request before it reaches the origin server. Typically, this is done by setting up the DNS entry for the origin server (ie, the origin server’s 'advertised' hostname) so it resolves to the Traffic Server IP address. When Traffic Server is configured as the origin server, the browser connects to Traffic Server rather than the origin server. For additional information, see HTTP Reverse Proxy.
Note: To avoid a DNS conflict, the origin server’s hostname and its advertised hostname must not be the same.
In reverse proxy mode, Traffic Server serves HTTP requests on behalf of a web server. The figure below illustrates how Traffic Server in reverse proxy mode serves an HTTP request from a client browser.
HTTP reverse proxy
The figure above demonstrates the following steps:
www.host.com
on port 80. Traffic Server receives the request because it is acting as the origin server (the origin server’s advertised hostname resolves to Traffic Server). remap.config
file and remaps the request to the specified origin server (realhost.com
). To configure HTTP reverse proxy, you must perform the following tasks:
remap.config
file (refer to Creating Mapping Rules for HTTP Requests). In addition to the tasks above, you can also Set Optional HTTP Reverse Proxy Options.
In forward proxy caching, Traffic Server acts as a proxy server and receives proxy requests. In reverse proxy caching, however, Traffic Server must act as an origin server rather than a proxy server - this means that it receives server requests and not proxy requests. Therefore, to satisfy proxy requests, Traffic Server must construct a proxy request from the server request.
In HTTP, proxy requests specify the entire URL whereas server requests specify only the path. A server request might look like this:
GET /index.html HTTP/1.0 Host: real.dianes_books.com
However, the corresponding proxy request would look like this:
GET http://real.dianes_books.com/index.html HTTP/1.0 Host: real.dianes_books.com
Traffic Server can construct a proxy request from a server request by using the server information in the host header. However, the correct proxy request must contain the hostname of the origin server, not the advertised hostname that name servers associate to Traffic Server. The advertised hostname is the name that appears in the host header; for the origin server real.dianes_books.com
, the server request and host header would be:
GET /index.html HTTP/1.0 Host: www.dianes_books.com
GET http://real.dianes_books.com/index.html HTTP/1.0 Host: real.dianes_books.com
To translate www.dianes_books.com
to real.dianes_books.com
, Traffic Server needs a set of URL rewriting rules (mapping rules). Mapping rules are described in Using Mapping Rules for HTTP Requests.
In general, use reverse proxy mode to support more than one origin server. In this case, all of the advertised hostnames resolve to the IP address or virtual IP address of Traffic Server. Using host headers, Traffic Server is able to translate server requests for any number of servers into proxy requests for those servers. If Traffic Server receives requests from older browsers that do not support host headers, then Traffic Server can either route these requests directly to a specific server or send the browser to a URL containing information about the problem (refer to Setting Optional HTTP Reverse Proxy Options).
Origin servers often send redirect responses back to browsers that redirecting them to different pages. For example, if an origin server is overloaded, then it might redirect browsers to a less loaded server. Origin servers also redirect when web pages have moved to different locations. When Traffic Server is configured as a reverse proxy, it must readdress redirects from origin servers so that browsers are redirected to Traffic Server and not to another origin server.
To readdress redirects, Traffic Server uses reverse-map rules. In general, you should set up a reverse-map rule for each map rule. To create reverse-map rules, refer to Using Mapping Rules for HTTP Requests.
Traffic Server uses two types of mapping rules for HTTP reverse proxy:
remap.config
file. For the request URL to match a target URL, the following conditions must be true:
remap.config
file. /pub
on an origin server at www.molasses.com
and a client sends a request to that origin server for /pub
, then the origin server might reply with a redirect to http://www.test.com/pub/
to let the client know that it was a directory it had requested, not a document (a common use of redirects is to normalize URLs so that clients can bookmark documents properly). Both map and reverse-map rules consist of a target (origin) URL and a replacement (destination) URL. In a map rule, the target URL points to Traffic Server and the replacement URL specifies where the original content is located. In a reverse-map rule, the target URL specifies where the original content is located and the replacement URL points to Traffic Server. Traffic Server stores mapping rules in the remap.config
file located in the Traffic Server config
directory.
remap.config
file located in the Traffic Server config
directory. remap.config
file. bin
directory. traffic_line -x
to apply the configuration changes.To enable HTTP reverse proxy, follow the steps below.
records.config
file located in the config
directory. Variable | Description |
---|---|
proxy.config.reverse_proxy.enabled |
Set this variable to 1 to enable HTTP reverse proxy mode. |
records.config
file. bin
directory. traffic_line -x
to apply the configuration changes. Traffic Server provides several reverse proxy configuration options that enable you to:
Host
headers) are directedrecords.config
file located in the config
directory. Variable | Description |
---|---|
proxy.config.url_remap.pristine_host_hdr |
Set this variable to 1 to retain the client host header in the request. Set this variable to 0 (zero) if you want Traffic Server to translate the client host header. |
proxy.config.url_remap.remap_required |
Set this variable to 1 if you want Traffic Server to serve requests only to the origin servers listed in the mapping rules of the remap.config file. Set this variable to 0 (zero) if you want Traffic Server to serve requests to all origin servers. |
proxy.config.header.parse.no_host_url_redirect |
Enter the URL to which to redirect requests with no host headers. |
records.config
file. bin
directory. traffic_line -x
to apply the configuration changes. You can configure Traffic Server to redirect HTTP requests without having to contact any origin servers. For example, if you redirect all requests for http://www.ultraseek.com
to http://www.server1.com/products/portal/search/
, then all HTTP requests for www.ultraseek.com
go directly to www.server1.com/products/portal/search
.
You can configure Traffic Server to perform permanent or temporary redirects. Permanent redirects notify the browser of the URL change (by returning the HTTP status code 301
) so that the browser can update bookmarks. Temporary redirects notify the browser of the URL change for the current request only (by returning the HTTP status code 307
).
remap.config
file located in the Traffic Server config
directory. type
, target
, and replacement
. The following table describes the format for each field.Field | Description |
---|---|
type |
Enter either one of the following: redirect —redirects HTTP requests permanently without having to contact the origin server. redirect_temporary —redirects HTTP requests temporarily without having to contact the origin server. |
target |
Enter the origin or from URL. You can enter up to four components: scheme://host:port/path_prefix |
replacement |
Enter the destination or to URL. You can enter up to four components: scheme://host:port/path_prefix |
www.server1.com
to www.server2.com
:redirect http://www.server1.com http://www.server2.com
remap.config
file. bin
directory. traffic_line -x
to apply the configuration changes.