Skip to main content

Using Pound Reverse Proxy with Apache

Tags

Using Pound Reverse Proxy with Apache

When dealing with a high traffic web site it is often nice to implement some sort of caching mechanism or load balancer into your site architecture.  Varnish cache is often a popular caching daemon used to serve cached web pages.  Varnish in most cases also acts as a reverse proxy and detects values in the header of the request to delegate traffic in a specific way.  One example of this might be to route all traffic to slave servers, or to route all traffic to a failover server in a case of an emergency.  Varnish, in my opinion, does however have one draw back and that is that is does not play nicely with encrypted traffic.  So if you have an SSL in the mix, chances are you may need to find another option.  That is where Pound comes in.  The Pound daemon is also a light weight reverse proxy that sits in front of server software like Apache or nginx and distributes traffic, but in my opinion Pound edges out Varnish because of the SSL capabilities that come with Pound.  Pound is specifically built to be a load balancer and distribute secure and non-secure traffic across a cluster of servers.  One of those servers could be a caching server and another a write web server where user interaction takes place over an SSL.  That would be a perfect configuration for Pound.

In the following example below I am setting up a Pound configuration that works with Apache.  Pound listens for the inbound request on port 80 and on port 443.  If the request comes in on port 80 then Pound redirects the request to port 443 where the certificate handshake is performed by Pound.  Once Pound has successfully performed the handshake with the client, it hands the request off to Apache.  Apache in this case is listening off port 8000, but you could list off of any port except 443 and 80 for Apache.  After the request has been handed off, Apache serves the request the rest of the way based upon the web server it is routed to.   

To install Pound on RHEL/CentOS

$ rpm -ivh pound*

To install Pound on Ubuntu or Debian

$ sudo apt-get install pound

Here is an example of Pound configuration, usually found in /etc/pound.cfg

User        "pound"                 # this is the user and user group your daemon runs on
Group       "pound"
LogLevel    4                       # this is the log level that Pound log events at.  0 being the least and 5 being the most information
Alive       30                      # if a server goes down, Pound will check for 30 seconds to see if the server comes back up
Client      10                      # this is how long Pound will wait for a request from a client without closing the connection
TimeOut     10                      # this is how long Pound will wait for a response from the back end host
 
ListenHTTP
         Address 0.0.0.0            # Replace this IP address with the IP of your server
         Port         80            # Listen off port 80 for http traffic
         Service
                   Redirect    "https://example.com"   # This ensures that all http traffic is redirected to https
         End
End
 
ListenHTTPS
         Address  0.0.0.0           # Replace this IP address with the IP of your server
         Port  443
         Cert   "/path/to/your/pem/file.pem"          
End
 
Service
         HeadRequire  "(Host:  example.com | Host:  www.example.com)"
         BackEnd
                  Address  0.0.0.0  # Address where your web server is sitting
                  Port  8000        # Apache is listening off port 8000
         End
End

Here is our Apache configuration.  This is a pretty straight forward configuration that you would see on most web servers, except we are listening on port 8000 here instead of port 80.

# Make sure Apache is listening on port 8000 
Listen 8000
 
# The NameVirtualHost direction on port 8000
NameVirtualHost *:8000
 
# A pretty standard virtual host stanza
<VirtualHost *:8000>
   ServerAdmin you@yourEmai.com
   ServerName yourdomain.com
   DocumentRoot /var/www/html/mysite
   ServerAlias *.yourdomain.com
 
   ErrorLog /var/logs/yourdoamin-com-error-log
</VirtualHost>

Member for

3 years 5 months
Matt Eaton

Long time mobile team lead with a love for network engineering, security, IoT, oss, writing, wireless, and mobile.  Avid runner and determined health nut living in the greater Chicagoland area.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.