Zarafa multiserver reverse proxySteve Hardy
Cluster node proxy•   General idea    – Parts of the system        • HTTP(s) proxy        • Zarafa server    – Some detail...
Goal•   Single exposed ‘host’ to clients for cloud solutions•   Host may be:     – Single hostname, single IP     – Single...
Old situation
New situation
Why it doesn’t workClient                        Server (Node 1)                    Server (Node 2)What a nice day, let’sc...
Why it does work with reverse proxy supportClient                        Server (Node 1)                      Server (Node...
Configuration of nodes•   Node1    –   ipHost: node1.local    –   zarafaPort: 236    –   zarafaHttpsPort: 237    –   zaraf...
To revproxy or not to revproxy•   In some cases using the proxy is unnecessary     – Local connects between nodes     – No...
Proxy headers•   X-Forwarded-For header    – Used as originating IP address    – Used for session <-> IP locking    – Used...
Upcoming SlideShare
Loading in …5
×

Zarafa SummerCamp 2012 - Zarafa Cluster using a reverse proxy

897 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
897
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Zarafa SummerCamp 2012 - Zarafa Cluster using a reverse proxy

  1. 1. Zarafa multiserver reverse proxySteve Hardy
  2. 2. Cluster node proxy• General idea – Parts of the system • HTTP(s) proxy • Zarafa server – Some details • Session IP locking • Internal vs external connections• Network layouts – SSL offload – Loadbalancer• Configuration – Configuring – Testing (stats)
  3. 3. Goal• Single exposed ‘host’ to clients for cloud solutions• Host may be: – Single hostname, single IP – Single hostname, round-robin IP• Advantages: – Easier firewalling – Use off-the-shelf proxy / loadbalance hardware
  4. 4. Old situation
  5. 5. New situation
  6. 6. Why it doesn’t workClient Server (Node 1) Server (Node 2)What a nice day, let’sconnect to my fav serverrevproxy.zarafa.com“Hi, please give me john’sstore” “Uh, sorry, I don’t have that, you have to ask Node2, he’s at http://node2.internal.local:237/ zarafa”Dagnabbit, ok, I’ll connectto node2.internal.localand retryCONNECTIONREFUSED *snore*
  7. 7. Why it does work with reverse proxy supportClient Server (Node 1) Server (Node 2)What a nice day, let’sconnect to my fav serverrevproxy.zarafa.com“Hi, please give me john’sstore” “Uh, sorry, I don’t have that, you have to ask Node2, he’s at http:// node2.internal.local, but I see you connected through a proxy, in that case you should use http://revproxy.zarafa.com/node2 ”Dagnabbit, ok, I’ll connecttorevproxy.zarafa.com/node2and retry Here’s john’s store for you. Have fun.
  8. 8. Configuration of nodes• Node1 – ipHost: node1.local – zarafaPort: 236 – zarafaHttpsPort: 237 – zarafaProxy: http://proxy.domain.com/node1• Node2 – ipHost: node2.local – zarafaPort: 236 – zarafaHttpsPort: 237 – zarafaProxy: http://proxy.domain.com/node2
  9. 9. To revproxy or not to revproxy• In some cases using the proxy is unnecessary – Local connects between nodes – Not very frequent – One case: • Spooler uses ‘copy to delegated sent-items after send’ feature • After sending message, spooler must copy item to sent items folder, which is possible on other host • Spooler connects to other host • Proxy not needed• Strategy is: – Only return node’s proxy address if the originating request was itself proxied – Detected by looking at header, uses setting ‘proxy_header’
  10. 10. Proxy headers• X-Forwarded-For header – Used as originating IP address – Used for session <-> IP locking – Used in zarafa-stats (including –top)

×