Viewing post

Reverse proxying with FreeBSD

Being the geek I am, I have a nasty habbit of setting something up and then thinking “OK, so it runs, but what would happen if…“, and I then go on to think about the most unlikely, impossible, worse-case senario and try to figure a way around it.

The latest case of this occured 2 days ago, when I sat there looking at hedwig’s memory usage (our web/mail/everything-else-you-can-think-of server) and it occured to me “ouch, she’s pretty maxed out”. More RAM of course would be a solution, but it’d only be a solution upto a given point, beyond which I’d once again be stuffered.

So my trail of thought was “how can I lessen the load on hedwig without performing any hefty modifications to her”. The solution was simpler than I first imagined, why just throw a transparent reverse proxy infront!

So I’ve just finished configuring doriath (LOTR location, home to many Elves?) and I’m just awaiting the completion of squid’s compilation. doriath has no less than two network cards, one to join itself to the gateway (mordor) and one to pass traffic onto hedwig. So it’s effectively a very big, very powerful network switch. Well more precisely, a managed network switch.

My aim is to get squid running on doriath and setup some routing rules to redirect traffic destined for hedwig (which will be coming in on rl0) and rather than (as is now default) passing it straight onto rl1, it’ll instead pump it into lo on port 3128 (or whatever it is squid uses, I forget).

My hope is that doriath will be a drop-in addition to the network, silently proxying all HTTP traffic for hedwig. It’s also running an FTP server to serve up any common static content (prehaps sermons for example) to again lessen hedwig’s load. The solution is in my opinion elegant because I can at any point simply remove doriath and place a cable directly between hedwig and mordor, and everything will continue as per normal, just minus FTP and transparent proxying.

Might even hold up to a small slashdotting 😉

Leave a Reply