Topic: Reverse proxy - the easy way

[jimski]

Fo those of you who have multiple Apache (or other) servers and need to reverse proxy to those servers based on domain/subdomain name or other specific rules, then there are two very nice and free reverse proxy servers that run on windows and linux. And they are by far much easier to use than Apache rev proxy.

Zoraxy
https://github.com/tobychui/zoraxy
Zoraxy is a very simple and clean rev proxy with web GUI on port:8000 which makes is very easy to use. It is so simple that a any person who is familiar with web servers can install and configure it in less than an hour. Zoraxy can also automatically manage obtaining SSL certificates from LetsEncrypt. The main drawback is poor documentation, as it is still a fairly new project, but if you only need simple reverse proxy on ports 80 and 443 then web GUI is self explanatory.

Caddy
https://caddyserver.com/
Caddy is more powerful and allows complex rev proxy rules but the syntax is very easy and can also be installed and configured for a simple proxy in less than an hour.
Caddy has excellent, clear, and in depth documentation with numerous examples. It can allso manage and obtain SSL certificates automatically. Caddy can also function as load balancer which is an excellent feature. Potential drawbacks are: NO GUI (everything is done through configuration file called caddyfile), another drawback is that if you start experimenting with Caddy without disabling automatic SSL cert generation, then you may run into problem where Caddy requests certs for the same website multiple times and LetsEncrypt will refuse to issue a certificate and you will have to wait some time to make another request

Here is a simple Caddy config for experimenting with reverse proxy (with SSL globally disabled). To enable SSL remove the line "auto_https off".

If you need logging to a file then use the directive below. by Default Caddy writes logs to standard error output which is console. The fist code block specifies general directives, and the code blocks below specify proxy directives for specific servers/domains.

{
log {
output file C:/Caddy/logs/access.log
}
auto_https off
}

http://domain1.com {
reverse_proxy 10.0.0.35:80
}

https://domain1.com {
reverse_proxy 10.0.0.35:443
}

http://domain2.com {
reverse_proxy 10.0.0.20:80
}

https://domain2.com {
reverse_proxy 10.0.0.20:443
}


P.S. For initial testing you may want to drop the firewall on your server, and for production bring the firewall up and open specific ports (for example 80, 443, and 8000 for GUI management). Both, Zoraxy and Caddy are written in Go language and their developers kept them as clean and simple as the Go language itself.

[James Blond]

Did you try yet https://github.com/ZoeyVid/NPMplus ?

[jimski]

[jimski]

Performance of Zoraxy and Caddy on Windows 10 and 11 is rather poor.
I did load testing using 10 concurent users generating continuous requests for 5 sec and the best I could get was 935 transactions per second on Caddy and 872 on Zoraxy. And when the siege load traffic lasted for more than 5 seconds then both, Caddy and Zoraxy, would choke to a halt.

The target was an Apache server on Windows capable of serving 1600 requests per second of phpinfo() page.

The testing software was Siege.

siege -b -c10 -t5s http://domain1.com/phpinfo.php

Transactions: 5043 hits
Availability: 100.00 %
Elapsed time: 5.78 secs
Data transferred: 0.01 MB
Response time: 0.01 secs
Transaction rate: 872.34 trans/sec
Throughput: 0.00 MB/sec
Concurrency: 5.88
Successful transactions: 5043
Failed transactions: 0
Longest transaction: 1.06
Shortest transaction: 0.00

It was very surprising that these rev proxies couldn't even match the performance of a single Apache server. Perhaps they have some tuning parameters to perform better, that I'm not aware of, if so then please post them below if you know. But out of the box both of these rev proxies are only good for a low traffic.