Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have searched the forums and have been unable to find much info on how to implement redirection in a bridge based on HTTP URI.
We currently use a iptables to direct traffic based on IP address which allows us to do subdomain redirection, but we would really like to push the traffic from a subdirectory off to a different server.
For instance, it would be great to have all traffic go to a default server, but have the traffic for http://www.domain.com/subdir to go to a different server.
I am aware of squid, but it doesn't seem like it will perform very well on a high traffic site. I should mention that we are a high traffic site (couple millions hits / day) so performance is very important.
I also know that iptables can do string pattern matching inside the packet. Is this a good solution? Is this the fastest, performance wise, solution?
Any thoughts or contributions are greatly appreciated. I really would like to learn more about this topic.
Well the normal method would be mod_proxy under apache, but if, as it'd assume, you're using a dedicated tier for the front end, try nginx to redirect and loadbalance http requests. LQ.org uses nginx quite prolifically and works really well. Things do get uglier with https of course...
Well the normal method would be mod_proxy under apache, but if, as it'd assume, you're using a dedicated tier for the front end, try nginx to redirect and loadbalance http requests. LQ.org uses nginx quite prolifically and works really well. Things do get uglier with https of course...
Cool, I'll look into nginx. It looks interesting, but not quite perfect.
We do have a dedicated tier, currently the server that all traffic comes in to is ONLY running iptables to do our load balancing. I'd like to run a service on that machine, preferably not a web server, that is capable of doing HTTP header inspection and redirection.
Perhaps I'm approaching this problem wrong and the solution is hard to find because there is a better way to do things. Here's our network layout:
Internet--> Dedicated iptables server (bridge) --> multiple HTTP servers
The iptables machine can load balance and route packets based on subdomains, but we'd like to have it route packets based on sub directory.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by scubanarc
The iptables machine can load balance and route packets based on subdomains, but we'd like to have it route packets based on sub directory.
Any thoughts?
You're approaching it wrong. Every other device and product that performs this function does so as a proxy or a layer 3 (well, more like layer 5) router, not as a layer 2 bridge. If you want to do application inspection, you need to move further up the stack. Iptables is really not the right tool for this kind of task.
You're approaching it wrong. Every other device and product that performs this function does so as a proxy or a layer 3 (well, more like layer 5) router, not as a layer 2 bridge. If you want to do application inspection, you need to move further up the stack. Iptables is really not the right tool for this kind of task.
quite substantially seconded. This is not what one does...
You're approaching it wrong. Every other device and product that performs this function does so as a proxy or a layer 3 (well, more like layer 5) router, not as a layer 2 bridge. If you want to do application inspection, you need to move further up the stack. Iptables is really not the right tool for this kind of task.
Quote:
Originally Posted by acid_kewpie
quite substantially seconded. This is not what one does...
Ok, I'll definitely take any advice that you guys can give me in this regard. What are the names of some proxies, or layer 5 routers that I can use in this configuration.
Any advice that you can give me as to products that would function in the role that I have defined, preferably running on the same machine that is using iptables, and able to route to multiple HTTP servers.
I'm also not opposed to adding a dedicated proxy machine between the bridge and the HTTP servers, but that seems like an unnecessary step.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Or Cisco Content Switch, or Citrix NetScaler, or stuff from RadWare, Alteon, etc...
Why do you have a dedicated bridge box any way? That is the part that seems unnecessary. You could simply have a front-end tier that is a reverse proxy. I do not understand the obsession with having a bridge.
well we already have. apache or nginx. if you've $80,000 to spare a pair of F5 6800 LTM's would be quite nice too.
Ah, I see. This is starting to make sense now.
I'm looking at the nginx docs, and it does look like it can do what I want it to do. I've also found a variety of reverse proxy examples online such as this one:
I have not quite figured out how to setup my conf to do what I want. If any one has any experience with setting up nginx to load balance based on subdirectory name I'd sure appreciate some help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.