Le document explique le fonctionnement d'un reverse proxy et de la gestion de cache web, en soulignant ses caractéristiques comme la sécurisation des serveurs, l'équilibrage de charge et la compression de données. Il présente les différents serveurs reverse proxy utilisés, notamment nginx, apache et varnish, ainsi que leurs architectures de gestion de connexions. Enfin, il aborde la gestion du cache et l'optimisation du load balancing, en détaillant les méthodes et les outils associés.

1. REVERSE PROXY & WEB CACHE
BY :ELMAHDI BENZEKRI

2. Proxy vs ReverseProxy

3. Reverseproxy in 4 questions–Whatis a reverseproxy ?
• Bridge between the local entreprise network and the external.
• Avoid to expose frontal servers.
• Intended to be securized and to absorb large loads of traffic.

4. Reverseproxy in 4 questions–What are it’s additionnal
features?
• Access logs
• Cache
• Load balancing
• Data compression, firewall
• Authenticationand SSL encryption

5. Reverse proxyin 4 questions – Can reduce the complexityof a
web architecture?
• Yes.

6. Reverse proxyin 4 questions – Can reduce the complexityof a
web architecture?
• Yes.
• Allthe requests pass trough => uniform error pages, access logs..
• Expose only one address to the external

7. Reverseproxy in 4 questions–What are the most used
reverseproxy?
• Depending of the majoritary web server
• Free
• Nginx
• Apache
• Squid
• HAProxy
• Proprietary
• Microsoft ISA Server
• Big IP
• Traffic management appliances that also fulfillthis task: F5 network, Cisco…

9. NGINX
• Global syntax
• C10K problem
• Open source writen in 2002 in C by Igor Sysoev
<section> {
<directive> <parameters>
}

10. ApacheHTTPD
• Hyper Text Transfer Protocol Daemon
• <> Tomcat
• The most popular (39% in 2015)
• Writen in C In 1995 as ad-on to NCSA HTTPd
• Version 2 comes with lot of features

11. Apachevs Nginx- Connectionhandeling architecture
• Apache httpd provide multi processing modules
• mpm_prefork
• mpm_worker
• mpm_event
• Nginx asynchronous, non blocking, event driver connection
• Onemaster andseveral workerprocesses

12. Apachevs Nginx- Connectionhandeling architecture

14. Webcaching management
• Improved responsiveness
• Increased performance on the same hardware
• Availability of content during network interruptions

15. Webcaching management
• Caching headers:
• Expires
• Cache-Control
• Etag
• Last-Modified
• Content-Length
• Cache-Control flag
• No-cache
• No-store
• What cannot be cached ?
• Dynamic pages
• Content with authentication cookie
• Content linked to user or cart…
• Terminology
• Origin server
• Cache hit ratio
• Stale content
• Validation
• invalidation

16. Webcaching management- nginx
• proxy_cache_valid any10m;
• proxy_cache_path /var/www/cachelevels=1:2 keys_zone=my-cache:8mmax_size=1000minactive=600m;
• proxy_temp_path /var/www/cache/tmp;
• proxy_cache_use_staleerrortimeoutupdatinghttp_500http_502http_503http_504;
• Location/{
• Proxy_cache my-cache
• }

17. Webcaching management-varnish
• By Paul Henning Kamp(FreeBSD dev) in
2006
• Reverse proxy cache server
• http processor
• Optimized for Linux
• Custom configuration langage

18. Webcaching management-varnish
DAEMON_OPTS="-a:6081
-Tlocalhost:6082
-f/etc/varnish/default.vcl
-S/etc/varnish/secret
-s malloc,256m“
Subroutines:
• subvcl_recv {}
• subvcl_hash {}
• subvcl_backend_response{}
• subvcl_deliver {}
…
RequestandresponseVCLobject:
• Req,bereq,beresp,resp,obj
Returnin each subroutine:
• Return(pass)
• Return(fetch)
• Return(deliver)
• …

19. Loadbalancing
• Trafficisintelligentlydistributedamongstmultipleservers(appinstances)
• Features
• Optimizing resource utilization
• Reducing latency
• Ensuring faulttolerance
• Someloadbalancingsolutions
• Open source
• Nginx
• Haproxy
• Corporate Standard
• F5
• Citrix

20. Loadbalancing- comparison
NGINX HAPROXY
ONLY HTTP TCP BASED
On request health check Out of band health check
Three algorithmes Multiple algorithmes
Complicated tasks based on HTTP infos -
HTTP2 & SSL in v 1,9 Only in dev version
Free & commercial version Free

21. Loadbalancingwith Nginx
• Load balancingmethods
• Round robin
• Least connected
• Ip-hash
• Session persistence
• Weighted load balancing
• Health check(passive)

22. Optimizing Nginx
• Numberofworkers
• grep processor /proc/cpuinfo | wc –l
• Worker_connections
• Ulimit –u
• LimitingtheBuffer size
• client_header_buffer_size 1k;
• client_max_body_size 8m;
• large_client_header_buffers 2 1k;
• Timeouts
• client_body_timeout 12;
• client_header_timeout 12;
• keepalive_timeout 15;
• Gzipcompression

23. DEMO
• 2 Tomcat
• Nginx > tomcat
• Nginx if / break / set / rewrite
• Nginx headers
• Nginx cache
• Nginx log + blacklist
• Nginx > 2tomcat
• Nginx > varnish > tomcat

24. DEMO
TOMCAT A
TOMCAT B

25. THANK U