proxy-example.conf revision 1163
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# CDDL HEADER START
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# The contents of this file are subject to the terms of the
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Common Development and Distribution License (the "License").
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# You may not use this file except in compliance with the License.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# See the License for the specific language governing permissions
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# and limitations under the License.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# When distributing Covered Code, include this CDDL HEADER in each
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# If applicable, add the following below this CDDL HEADER, with the
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# fields enclosed by brackets "[]" replaced with your own identifying
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# information: Portions Copyright [yyyy] [name of copyright owner]
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# CDDL HEADER END
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Use is subject to license terms.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# The canonical (and most recent) version of this document resides in the image
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# packaging project source tree. To view it online, visit
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://src.opensolaris.org/source/xref/pkg/gate/src/util/apache2/
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# This file contains example apache configuration snippets to show you how to
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# configure apache as a reverse proxy with IPS package depot servers. The
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# document is divided into 2 main sections.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Section 1: Generic apache configuration settings we recommend.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Section 2a: A simple prefixed proxy config (http://pkg.example.com/myrepo)
0b7d39288e87555ded736acfeb15376da09b3b6cTimo Sirainen# Section 2b: A load balanced prefixed proxy config (http://pkg.example.com/myrepo)
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Sections 2a and 2b are two different configuration alternatives. Select
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# one which most closely matches your site's requirements.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# A word on non-prefixed proxy configurations: It is straightforward to run
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# a depot server at the "root" of a website hierarchy. However, in general,
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# we *do not* recommend this model. Instead, use the examples shown below.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# We found that depot urls like http://pkg.example.com are initially convenient
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# for users, but rapidly become very difficult to manage as soon as you want to
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# have two different repositories.
4307c886579381dbb1897ea1388ae6978c96f560Timo Sirainen# This configuration was most recently tested with Apache 2.2.11, and that
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# is the minimum version we recommend.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# In this example, substitute for "internal.example.com:10000" the name and port
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# number of your backend server.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Section 1: Here is some common configuration we use for our production servers.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Crank up MaxKeepAliveRequests so that clients can make a large number
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# of pipelined requests without closing the connection. This is
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# important for transport v1, so that we can do thousands of file
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# transfers over the same connection. Apache's default is too low: just
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://httpd.apache.org/docs/2.2/mod/core.html#maxkeepaliverequests
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# We set the proxy timeout to 30 seconds-- if CherryPy is taking longer
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# than that to respond, something is wrong.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Make sure that forward proxying is disabled. See
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Section 2a: Basic proxy configuration.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Here is the basic configuration for a non-load-balanced depot server.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# In this example, we connect
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://pkg.example.com/myrepo --> internal.example.com:10000
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Please note that the repository server (pkg.depotd) should also be configured
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# With a pkg/proxy_base setting which names the URL at which it can be accessed.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# This can be done as follows:
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# svccfg -s pkg/server:default "setprop pkg/proxy_base = astring: http://pkg.example.com/myrepo"
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# svcadm refresh pkg/server:default
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# svcadm restart pkg/server:default
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# We use disablereuse (which forces apache to reconnect to the backend all
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# the time) to work around a bug in CherryPy 3.1 in which it can send
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# inappropriate HTTP 408's. Track
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://defect.opensolaris.org/bz/show_bug.cgi?id=8903 for status.
2a628a8c90839439baff5b45116f89f2b3cd9e37Aki Tuomi# When we move to the new "GET" based transport (track bug
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://defect.opensolaris.org/bz/show_bug.cgi?id=8902 for status),
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# it will be important to have reuse enabled, or performance will suffer.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# We use nocanon to supress canonicalization of urls-- this is important
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# for properly working search (as of search v1).
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo SirainenProxyPass /myrepo/ http://internal.example.com:10000 nocanon disablereuse=On
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# Section 2b: Load balanced configurations.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# It may also be desirable to run servers behind an apache load balancer. In
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# this example, we connect:
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# http://pkg.example.com/myrepo -.---> internal1.example.com:10000
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# As in section 2a, depot servers must be configured with an appropriate
46b823ac3bce2c0f9f0fc73911e48d3a77b04fbeTimo Sirainen# proxy_base setting. See above.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # We use disablereuse (which forces apache to reconnect to the backend all
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # the damn time) to work around a bug in CherryPy 3.1 in which it
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # can send inappropriate HTTP 408's. Track
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # http://defect.opensolaris.org/bz/show_bug.cgi?id=8903 for status.
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # depot on internal1
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen BalancerMember http://internal1.example.com:10000 retry=5 disablereuse=On
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen # depot on internal2
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen BalancerMember http://internal2.example.com:10000 retry=5 disablereuse=On
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# We use nocanon to supress canonicalization of urls-- this is important
75d9024d9409f4710e51dbe40ffb338a84bb1446Timo Sirainen# for properly working search (as of search v1)