Chapter 8. Reverse Proxy

Table of Contents

8.1. Overview
8.1.1. Examples
8.2. Usage
8.2.1. Configuring a Proxy Server
8.2.2. Configuring the Context Path
8.2.3. Configuring Proxy Filters
8.2.4. Deployment
8.3. Configuration Example

This chapter describes the basic concepts of a reverse proxy and how to use a reverse proxy to improve the web application performance.

8.1. Overview

A reverse proxy is a server that receives requests and forwards them to other servers, and receives responses and sends them to the requesting servers on behalf of the actual servers. A reverse proxy is used for load balancing and providing security by hiding the actual servers.

8.1.1. Examples

For an example, a company named "example.com" has a web site at "www.example.com" with a public IP and DNS entry that can be accessed on the Internet.

The company has application servers with private IPs and unregistered DNS entries behind a firewall. The application servers are named "internal1.example.com" and "internal2.example.com". These servers do not have public DNS entries, so they cannot be accessed from outside the company. Attempts to access the "internal1.example.com" server will result in a "no such host" error.

The application servers cannot be directly accessed on the Internet. To integrate the application servers with the web server, internally map the following.

  • Map http://www.example.com/app1/any-path-here : http://internal1.example.com/any-path-here.

  • Map http://www.example.com/app2/other-path-here : http://internal2.example.com/other-path-here.

The following files must be created to use a reverse proxy.

File nameDescription
web.xmlFilter that provides the reverse proxy functions. File that contains the server information.
jeus-web-dd.xmlPath to the application in <jeus-web-dd><context-path>.
config/data.xmlServer that functions as the reverse proxy.
config/sample.xmlSample file that can be used to create data.xml.

The above files are located in the subdirectory of 'WEB-INF'.

8.2. Usage

To use a reverse proxy, the application that activates the reverse proxy must be deployed. The examples in this chapter assume that the application name is ReverseProxy.

The following steps are required to use a reverse proxy:

  1. Configuring a proxy server

  2. Configuring a context path

  3. Configuring a proxy filter

  4. Deployment

8.2.1. Configuring a Proxy Server

To use a reverse proxy, first create data.xml in the "ReverseProxy/WEB-INF/config/" directory. This file contains information about the server that will be used as the proxy. In the file, configure the address of the server that will be used by the proxy and the rules that will be applied to the server.

Refer to "8.3. Configuration Example" for examples of configuring a proxy server.

The following are two server types can be used.

  • <server>

    • This type is used when a server is used as a proxy for specific requests.

    • <server> has the following child settings.

      ItemDescription
      <domain-name>

      Actual server host name.

      Use a format like "host name:port " or "IP address:port".

      www.remote.com:8088
      <path>

      Provides a proxy for the path on the actual server.

      If this is set to "<path>/content</path>", "www.remote.com:8088/content" will be the proxy.

      <rewrite>Option to rewrite the absolute path. This must be either 'true' or 'false'.
      <rule>

      Defines the rules for the server. Requests that match the rule will use the proxy server.

      There are two types of proxy rules:

      • <directory-rule>: Rule that determines whether to add proxying for a specific directory. This is used when "www.proxy.com" is the proxy server and a specific server needs to be proxied for the "www.proxy.com/remote/" request.

      • <accept-everthing-rule>: Rule that applies to all requests except the rules defined in <directory-rule>. The rules are applied in order, so this rule must be inserted as the last item.

      <cluster-server>This is used when multiple servers are used as a proxy for the same request. This tag has the <server> tag as a child tag, and is configured like the previous <server> tag.

The data.xml file must contain the following syntax definitions from "ReverseProxy/WEB-INF/config/proxy-config.dtd" that is used to verify the syntax of data.xml.

[Example 8.1] data.xml DTD: <<proxy-config.dtd>>

<?xml version="1.0" encoding="UTF-8"?>

<!ELEMENT config (single-server*, cluster-server*)>

<!-- single-server: Requests that are sent to the proxy -->
<!ELEMENT
    single-server
    (domain-name, rewriting?, path?, (directory-rule|accept-everything-rule))>

<!-- cluster-server: Sends requests sent to the proxy to muliple servers in a round-robin fashion -->
<!ELEMENT cluster-server (server*, (directory-rule|accept-everything-rule))>  

<!-- server: A clustered server -->
<!ELEMENT server (domain-name, rewriting?, path?)>

<!-- directory rule: A rule that classifies requests for the proxy server
by directory name. If the path is set to '/dir', requests will be sent to 'HOSTNAME/dir'. -->
<!ELEMENT directory-rule (path)>

<!-- path: Directory configuration. Starts with '/'. -->
<!ELEMENT path (#PCDATA)>

<!-- accept-everthing-rule: A rule that sends all requests to the server. 
This should be the last configuration element. -->
<!ELEMENT accept-everything-rule EMPTY>

<!-- domain-name: The server address in the form of HOSTNAME:PORT
ex) www.server1.com, www.server2.com:9999 -->
<!ELEMENT domain-name (#PCDATA)>

<!-- rewriting: Option to rewrite the absolute addresses of links among
the proxied contents. -->
<!ELEMENT rewriting (#PCDATA)>


8.2.2. Configuring the Context Path

The <jeus-web-dd><context-path> element in WEB-INF/jeus-web-dd.xml, can be configured to change the <context-path> to provide the proxy service. If it is set to '/', the configuration is applied to all requests for the server.

Refer to "3.3.1. jeus-web-dd.xml Configurations" for more information about the configuration.

8.2.3. Configuring Proxy Filters

JEUS supports two kinds of filter classes for reverse proxies.

  • Proxy filter

    Receives the requests that are defined in data.xml and returns the results from the server.

  • Rewrite filter

    Rewrites links with its own address in the results from the server.

    For example, to send "www.server1.com/index.html" as the response for the request "www.proxy.com/remote/index.html", an absolute path like href="www.server1.com/links.html" or an address that starts with "/" like href="/contents.html" must be modified based on the proxy server address such as "www.proxy.com/remote/links.html" and "/remote/contents.html".

    The filter can be used in documents such as HTML, JavaScript, and CSS.

In JEUS, the rewrite filter cannot be used without a proxy filter.

The following are examples of configuring web.xml of the WEB-INF directory for each filter type.

  • Using only a proxy filter.

    [Example 8.2] Using Only a Proxy Filter: <<web.xml>>

    <?xml version="1.0" encoding="UTF-8"?>
    
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
                            http://java.sun.com/xml/ns/j2ee/web-app_3_1.xsd"
        version="3.1">
    
      <display-name>j2ep</display-name>
      <description>
                    A J2EE application implementing a reverse proxy.
      </description>
    
        <filter>
            <filter-name>Proxy</filter-name>
            <filter-class>jeus.servlet.reverseproxy.ProxyFilter</filter-class>
            <init-param>
             <param-name>dataUrl</param-name>
             <param-value>/WEB-INF/config/data.xml</param-value>
            </init-param>
        </filter>
    
        <filter-mapping>
            <filter-name>Proxy</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    </web-app>


  • Using a proxy filter and a rewrite filter.

    [Example 8.3] Using a Proxy Filter and a Rewrite Filter <<web.xml>>

    <?xml version="1.0" encoding="UTF-8"?>
    
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
                            http://java.sun.com/xml/ns/j2ee/web-app_3_1.xsd"
        version="3.1">
    
        <display-name>j2ep</display-name>
        <description>
                    A J2EE application implementing a reverse proxy.
        </description>
        <filter>
            <filter-name>Rewriter</filter-name>
            <filter-class>jeus.servlet.reverseproxy.RewriteFilter</filter-class>
            <init-param>
              <param-name>dataUrl</param-name>
              <param-value>/WEB-INF/config/data.xml</param-value>
            </init-param>
        </filter>
    
        <filter-mapping>
            <filter-name>Rewriter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <filter>
            <filter-name>Proxy</filter-name>
            <filter-class>jeus.servlet.reverseproxy.ProxyFilter</filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>Proxy</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    </web-app>

8.2.4. Deployment

After completing the previous configurations, deploy the application to JEUS.

Refer to JEUS Applications & Deployment Guide. "Chapter 4. Application Implementation and Deployment" for more information about deployment.

8.3. Configuration Example

The following describe several cases of configuring Reverse Proxy/WEB-INF/config/data.xml.

CASE 1

If a proxy server at "www.proxy.com" is a proxy for "www.server1.com/content" for all requests and if "www.proxy.com/index.html" is requested, "www.server1.com/content/index.html" will be displayed. The following are the configurations for this example.

<config>
   <single-server>
   <domain-name>www.server1.com</domain-name>
   <path>/content</path>
   <rewriting>true</rewriting>
      <accept-everything-rule/>
   </single-server>
</config>

CASE 2

The requests to "www.proxy.com/remote" are forwarded to "www.server1.com", and requests to "www.proxy.com/internal" are forwarded to "www.server2.com:8080". Any other requests are forwarded to "www.server3.com". The following are the configurations for this example.

<config>
   <single-server>
   <domain-name>www.server1.com</domain-name>
   <rewriting>true</rewriting>
   <directory-rule>
      <path>/remote</path>
   </directory-rule>
   </single-server>
 
   <single-server>
   <domain-name>www.server2.com:8080</domain-name>
   <rewriting>true</rewriting>
   <directory-rule>
      <path>/internal</path>
   </directory-rule>
   </single-server>

   <single-server>
   <domain-name>www.server3.com</domain-name>
   <rewriting>true</rewriting>
   <accept-everything-rule/>
   </single-server>
</config>