Table of Contents
This chapter describes the basic concepts of a reverse proxy and how to use a reverse proxy to improve the web application performance.
A reverse proxy is a server that receives requests and forwards them to other servers, and receives responses and sends them to the requesting servers on behalf of the actual servers. A reverse proxy is used for load balancing and providing security by hiding the actual servers.
For an example, a company named "example.com" has a web site at "www.example.com" with a public IP and DNS entry that can be accessed on the Internet.
The company has application servers with private IPs and unregistered DNS entries behind a firewall. The application servers are named "internal1.example.com" and "internal2.example.com". These servers do not have public DNS entries, so they cannot be accessed from outside the company. Attempts to access the "internal1.example.com" server will result in a "no such host" error.
The application servers cannot be directly accessed on the Internet. To integrate the application servers with the web server, internally map the following.
Map http://www.example.com/app1/any-path-here : http://internal1.example.com/any-path-here.
Map http://www.example.com/app2/other-path-here : http://internal2.example.com/other-path-here.
The following files must be created to use a reverse proxy.
| File name | Description |
|---|---|
| web.xml | Filter that provides the reverse proxy functions. File that contains the server information. |
| jeus-web-dd.xml | Path to the application in <jeus-web-dd><context-path>. |
| config/data.xml | Server that functions as the reverse proxy. |
| config/sample.xml | Sample file that can be used to create data.xml. |
The above files are located in the subdirectory of 'WEB-INF'.
To use a reverse proxy, the application that activates the reverse proxy must be deployed. The examples in this chapter assume that the application name is ReverseProxy.
The following steps are required to use a reverse proxy:
Configuring a proxy server
Configuring a context path
Configuring a proxy filter
Deployment
To use a reverse proxy, first create data.xml in the "ReverseProxy/WEB-INF/config/" directory. This file contains information about the server that will be used as the proxy. In the file, configure the address of the server that will be used by the proxy and the rules that will be applied to the server.
Refer to "8.3. Configuration Example" for examples of configuring a proxy server.
The following are two server types can be used.
This type is used when a server is used as a proxy for specific requests.
<server> has the following child settings.
The data.xml file must contain the following syntax definitions from "ReverseProxy/WEB-INF/config/proxy-config.dtd" that is used to verify the syntax of data.xml.
[Example 8.1] data.xml DTD: <<proxy-config.dtd>>
<?xml version="1.0" encoding="UTF-8"?>
<!ELEMENT config (single-server*, cluster-server*)>
<!-- single-server: Requests that are sent to the proxy -->
<!ELEMENT
single-server
(domain-name, rewriting?, path?, (directory-rule|accept-everything-rule))>
<!-- cluster-server: Sends requests sent to the proxy to muliple servers in a round-robin fashion -->
<!ELEMENT cluster-server (server*, (directory-rule|accept-everything-rule))>
<!-- server: A clustered server -->
<!ELEMENT server (domain-name, rewriting?, path?)>
<!-- directory rule: A rule that classifies requests for the proxy server
by directory name. If the path is set to '/dir', requests will be sent to 'HOSTNAME/dir'. -->
<!ELEMENT directory-rule (path)>
<!-- path: Directory configuration. Starts with '/'. -->
<!ELEMENT path (#PCDATA)>
<!-- accept-everthing-rule: A rule that sends all requests to the server.
This should be the last configuration element. -->
<!ELEMENT accept-everything-rule EMPTY>
<!-- domain-name: The server address in the form of HOSTNAME:PORT
ex) www.server1.com, www.server2.com:9999 -->
<!ELEMENT domain-name (#PCDATA)>
<!-- rewriting: Option to rewrite the absolute addresses of links among
the proxied contents. -->
<!ELEMENT rewriting (#PCDATA)>
The <jeus-web-dd><context-path> element in WEB-INF/jeus-web-dd.xml, can be configured to change the <context-path> to provide the proxy service. If it is set to '/', the configuration is applied to all requests for the server.
Refer to "3.3.1. jeus-web-dd.xml Configurations" for more information about the configuration.
JEUS supports two kinds of filter classes for reverse proxies.
Receives the requests that are defined in data.xml and returns the results from the server.
Rewrites links with its own address in the results from the server.
For example, to send "www.server1.com/index.html" as the response for the request "www.proxy.com/remote/index.html", an absolute path like href="www.server1.com/links.html" or an address that starts with "/" like href="/contents.html" must be modified based on the proxy server address such as "www.proxy.com/remote/links.html" and "/remote/contents.html".
The filter can be used in documents such as HTML, JavaScript, and CSS.
In JEUS, the rewrite filter cannot be used without a proxy filter.
The following are examples of configuring web.xml of the WEB-INF directory for each filter type.
Using only a proxy filter.
[Example 8.2] Using Only a Proxy Filter: <<web.xml>>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_3_1.xsd"
version="3.1">
<display-name>j2ep</display-name>
<description>
A J2EE application implementing a reverse proxy.
</description>
<filter>
<filter-name>Proxy</filter-name>
<filter-class>jeus.servlet.reverseproxy.ProxyFilter</filter-class>
<init-param>
<param-name>dataUrl</param-name>
<param-value>/WEB-INF/config/data.xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Using a proxy filter and a rewrite filter.
[Example 8.3] Using a Proxy Filter and a Rewrite Filter <<web.xml>>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_3_1.xsd"
version="3.1">
<display-name>j2ep</display-name>
<description>
A J2EE application implementing a reverse proxy.
</description>
<filter>
<filter-name>Rewriter</filter-name>
<filter-class>jeus.servlet.reverseproxy.RewriteFilter</filter-class>
<init-param>
<param-name>dataUrl</param-name>
<param-value>/WEB-INF/config/data.xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Rewriter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>Proxy</filter-name>
<filter-class>jeus.servlet.reverseproxy.ProxyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
After completing the previous configurations, deploy the application to JEUS.
Refer to JEUS Applications & Deployment Guide. "Chapter 4. Application Implementation and Deployment" for more information about deployment.
The following describe several cases of configuring Reverse Proxy/WEB-INF/config/data.xml.
If a proxy server at "www.proxy.com" is a proxy for "www.server1.com/content" for all requests and if "www.proxy.com/index.html" is requested, "www.server1.com/content/index.html" will be displayed. The following are the configurations for this example.
<config>
<single-server>
<domain-name>www.server1.com</domain-name>
<path>/content</path>
<rewriting>true</rewriting>
<accept-everything-rule/>
</single-server>
</config>
The requests to "www.proxy.com/remote" are forwarded to "www.server1.com", and requests to "www.proxy.com/internal" are forwarded to "www.server2.com:8080". Any other requests are forwarded to "www.server3.com". The following are the configurations for this example.
<config>
<single-server>
<domain-name>www.server1.com</domain-name>
<rewriting>true</rewriting>
<directory-rule>
<path>/remote</path>
</directory-rule>
</single-server>
<single-server>
<domain-name>www.server2.com:8080</domain-name>
<rewriting>true</rewriting>
<directory-rule>
<path>/internal</path>
</directory-rule>
</single-server>
<single-server>
<domain-name>www.server3.com</domain-name>
<rewriting>true</rewriting>
<accept-everything-rule/>
</single-server>
</config>