Pound Proxy Server / Load Balancer Installation and Configuration


Hi Guys,

I recently had a chance to install and configure pound reverse proxy server and thought to share the steps that I have followed.

You may never heard of Pound before. It’s a powerful REVERSE-PROXY AND LOAD-BALANCER. According to the developers, Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively.

Lets do the installation.

Debian/Ubuntu can install the Pound using apt-get as follows.

apt-get install pound

If you are on a CentOS / RedHat machine, you can find the RPM here or source here

Here I’m on a Debian machine but the installation and configuration is almost same in both platforms. ( If you face any issues, feel free to ask us).

Change Port or Port Redirection

As you know, by default there will be Apache listening on port 80 and two services can’t run on same port. So either you can stop Apache ( if you are not using it ) or else you can change the port of Apache to something else. Here I’m going to change the port of Apache to “8080″.

vim /etc/apache2/ports.conf

Change:

NameVirtualHost *:80
Listen 80

To:

NameVirtualHost *:8000
Listen 8000

Restart Apache.

/etc/init.d/apache2 Restart

Verify

vps-1088279-8006:/var/www/vhosts/pound-proxy-server.tk/httpdocs# netstat -ntlp | grep 8080
tcp6       0      0 :::8080                 :::*                    LISTEN      -

Now you are all set to install Pound Proxy. Please follow the below steps.

Install pound using apt-get

apt-get install pound

After the successfully installation, edit the “/etc/default/pound” file and change the “startup” value from “0″ to “1″

vim /etc/default/pound

# Defaults for pound initscript
# sourced by /etc/init.d/pound
# installed at /etc/default/pound by the maintainer scripts

# prevent startup with default configuration
# set the below varible to 1 in order to allow pound to start
startup=1

That’s it!! Now you are all set to configure Pound in your system.

The configuration file is “/etc/pound/pound.cfg”. Below is some examples ( Verified the working )

 

Example 1

I have Pound installed in my server – 108.x.x.1. I also have a tomcat server that running on port 8080. Want to redirect all requests coming to 80 port (Pound) to 8080.

Login to 108.x.x.1 and edit the  “/etc/pound/pound.cfg” as follows.

vim /etc/pound/pound.cfg
######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/chroot/pound"

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################
## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
Address 108.x.x.1
Port    80

## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP           0

Service
BackEnd
Address 108.x.x.1
Port    8080
End
End
End

Now restart pound.

/etc/init.d/pound restart

Now on, all requests coming to 80 will redirect 8080 and Tomcat will serve the contents. ( You can do the same with Iptables. But it’s the pound way of doing it 🙂 )

 

Example 2

Create a proxy server ( IP : 108.x.x.1 ) that will forward all requests coming to 80 port to another WAN machine ( IP : 168.x.x.2 ) that running Apache on port 8080.

Login to Source server  108.x.x.1 where we installed the Pound Proxy and edit the  “/etc/pound/pound.cfg” as follows.

vim /etc/pound/pound.cfg
######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/chroot/pound"

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################
## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
Address 108.x.x.1
Port    80

## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP           0

Service
BackEnd
Address 168.x.x.2
Port    8080
End
End
End

Now restart pound.

/etc/init.d/pound restart

Example 3

I have Pound installed in my server – 108.x.x.1. Forward all HTTP/HTTPS coming to this server to server 168.x.x.2 and 168.x.x.3

Login to Source server  108.x.x.1 where we installed the Pound Proxy and edit the  “/etc/pound/pound.cfg” as follows.

vim /etc/pound/pound.cfg
######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/chroot/pound"

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################
## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
Address 108.x.x.1
Port    80

ListenHTTPS
Address 202.54.1.5
Port    443
Cert    "/etc/ssl/local.server.pem"

## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP           0

Service
BackEnd
Address 168.x.x.2
Port    80

BackEnd
Address 168.x.x.3
Port    80
End
End
End

That’s it!! Now restart Pound.

/etc/init.d/pound restart

Example 4

I have Pound installed in my server – 108.x.x.1. Configure it to forward all image requests to server – 168.x.x.2 ( Image server ) and other HTTP requests to local Apache server that running on port 8080.

Login to Source server  108.x.x.1 where we installed the Pound Proxy and edit the  “/etc/pound/pound.cfg” as follows.

vim /etc/pound/pound.cfg
######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/chroot/pound"

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################
## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
Address 108.x.x.1
Port    80

## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP           0

Service
URL ".*.(jpg|gif|jpeg|png)"
BackEnd
Address 168.x.x.2
Port    80

End

Service
BackEnd
Address 108.x.x.1
Port    8080
End
End
End

Now restart pound

/etc/init.d/pound restart

Example 5

I have Pound installed in my server – 108.x.x.1. Forward all requests coming for domain “bestinlinux.com” to server – 168.x.x.2. Forward all other Apache requests to Local Apache that running on port 8080.

Login to Source server  108.x.x.1 where we installed the Pound Proxy and edit the  “/etc/pound/pound.cfg” as follows.

vim /etc/pound/pound.cfg
######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/chroot/pound"

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################
## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
Address 108.x.x.1
Port    80

## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP           0

Service
URL         ".*sessid=.*"
HeadRequire "Host:.*www.bestinlinux.com.*"
BackEnd
Address  168.x.x.2
Port    80
End
Session
Type    PARM
ID      "sessid"
TTL     120
End

Service
BackEnd
Address 108.x.x.1
Port    8080
End
End
End

Now restart pound.

/etc/init.d/pound restart

That’s it!! 🙂

Please do let us know if you face any issues or if you need any further help on this regard.

Thank you,

Advertisements
Leave a comment

Leave your opinion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: