When dealing with a high traffic web site it is often nice to implement some sort of caching mechanism or load balancer into your site architecture. Varnish cache is often a popular caching daemon used to serve cached web pages. Varnish in most cases also acts as a reverse proxy and detects values in the header of the request to delegate traffic in a specific way. One example of this might be to route all traffic to slave servers, or to route all traffic to a failover server in a case of an emergency. Varnish, in my opinion, does however have one draw back and that is that is does not play nicely with encrypted traffic. So if you have an SSL in the mix, chances are you may need to find another option. That is where Pound comes in. The Pound daemon is also a light weight reverse proxy that sits in front of server software like Apache or nginx and distributes traffic, but in my opinion Pound edges out Varnish because of the SSL capabilities that come with Pound. Pound is specifically built to be a load balancer and distribute secure and non-secure traffic across a cluster of servers. One of those servers could be a caching server and another a write web server where user interaction takes place over an SSL. That would be a perfect configuration for Pound.
In the following example below I am setting up a Pound configuration that works with Apache. Pound listens for the inbound request on port 80 and on port 443. If the request comes in on port 80 then Pound redirects the request to port 443 where the certificate handshake is performed by Pound. Once Pound has successfully performed the handshake with the client, it hands the request off to Apache. Apache in this case is listening off port 8000, but you could list off of any port except 443 and 80 for Apache. After the request has been handed off, Apache serves the request the rest of the way based upon the web server it is routed to.
To install Pound on RHEL/CentOS
$ rpm -ivh pound*
To install Pound on Ubuntu or Debian
$ sudo apt-get install pound
Here is an example of Pound configuration, usually found in /etc/pound.cfg
User "pound" # this is the user and user group your daemon runs on Group "pound" LogLevel 4 # this is the log level that Pound log events at. 0 being the least and 5 being the most information Alive 30 # if a server goes down, Pound will check for 30 seconds to see if the server comes back up Client 10 # this is how long Pound will wait for a request from a client without closing the connection TimeOut 10 # this is how long Pound will wait for a response from the back end host ListenHTTP Address 0.0.0.0 # Replace this IP address with the IP of your server Port 80 # Listen off port 80 for http traffic Service Redirect "https://example.com" # This ensures that all http traffic is redirected to https End End ListenHTTPS Address 0.0.0.0 # Replace this IP address with the IP of your server Port 443 Cert "/path/to/your/pem/file.pem" End Service HeadRequire "(Host: example.com | Host: www.example.com)" BackEnd Address 0.0.0.0 # Address where your web server is sitting Port 8000 # Apache is listening off port 8000 End End
Here is our Apache configuration. This is a pretty straight forward configuration that you would see on most web servers, except we are listening on port 8000 here instead of port 80.
# Make sure Apache is listening on port 8000 Listen 8000 # The NameVirtualHost direction on port 8000 NameVirtualHost *:8000 # A pretty standard virtual host stanza <VirtualHost *:8000> ServerAdmin you@yourEmai.com ServerName yourdomain.com DocumentRoot /var/www/html/mysite ServerAlias *.yourdomain.com ErrorLog /var/logs/yourdoamin-com-error-log </VirtualHost>