the hidden gem
play

The Hidden Gem Jim Jagielski @jimjag About Me Apache Software - PowerPoint PPT Presentation

Jul 19, 2023 •397 likes •863 views

Apache httpd v2.4 Reverse Proxy The Hidden Gem Jim Jagielski @jimjag About Me Apache Software Foundation Co-founder, Director, Member and Developer Director Outercurve, MARSEC-XL, OSSI, OSI (ex) Developer Mega

  1. Apache httpd v2.4 Reverse Proxy The “Hidden” Gem Jim Jagielski @jimjag

  2. About Me ➡ Apache Software Foundation ➡ Co-founder, Director, Member and Developer ➡ Director ➡ Outercurve, MARSEC-XL, OSSI, OSI (ex)… ➡ Developer ➡ Mega FOSS projects ➡ O’Reilly Open Source Award: 2013 ➡ European Commission: Luminary Award ➡ Sr. Director: Tech Fellows: Capital One @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  3. Apache httpd 2.4 ➡ Currently at version 2.4.23 (2.4.1 went GA Feb 21, 2012) ➡ Significant Improvements ➡ high-performance ➡ cloud suitability @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  4. Apache httpd 2.4 - design drivers ➡ Support for async I/O w/o dropping support for older systems ➡ Larger selection of usable MPMs: added event , motorz , etc... ➡ Leverage higher-performant versions of APR ➡ Increase performance ➡ Reduce memory utilization ➡ The Cloud and Reverse Proxy @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  5. 
 
 
 httpd is sooo old school (aka fud) ➡ Apache doesn’t scale (its SLOW) ➡ http://www.youtube.com/watch?v=bzkRVzciAZg 
 ➡ Apache is too generalized 
 vs ➡ Apache is too complex (config file) ➡ really? s Squagels ! It’ ➡ Apache is too old 
 (yeah, just like Linux) @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  6. Cloud and Dynamics ➡ The Cloud is a game changer for web servers ➡ The cloud is a dynamic place ➡ automated reconfiguration ➡ horizontal, not vertical scaling ➡ self-aware environments OK, maybe not THAT self-aware @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  7. Why Dynamic Proxy Matters ➡ Apache httpd still the most frequently used front-end ➡ Proxy capabilities must be cloud friendly ➡ Front-end must be dynamic friendly @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  8. Reverse Proxy ➡ Operates at the server end of the transaction ➡ Completely transparent to the Web Browser – thinks the Reverse Proxy Server is the real server Reverse Proxy Server Cloud Internet Browser Firewall Firewall Transactional Servers @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  9. Features of Reverse Proxy Server ➡ Security Uniform security policy can be administered The real transactional servers are behind the firewall ➡ Delegation, Specialization, Load Balancing ➡ Caching ➡ Performance, HA @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  10. Proxy Design Drivers ➡ Becoming a robust but generic proxy implementation ➡ Support various protocols ➡ HTTP, HTTPS, HTTP/2, CONNECT, FTP ➡ AJP, FastCGI, SCGI, WSGI ➡ Load balancing ➡ Clustering, failover ➡ Performance @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  11. Apache httpd 2.4 proxy ➡ Reverse Proxy Improvements ➡ Supports FastCGI, SCGI, Websockets in balancer ➡ Additional load balancing mechanisms ➡ Runtime changing of clusters w/o restarts ➡ Support for dynamic configuration ➡ mod_proxy_express ➡ mod_fcgid and fcgistarter ➡ Brand New: Support for Unix Domain Sockets ➡ Brand New: HTTP/2 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  12. Configuring Reverse Proxy ➡ Set ProxyRequests Off ➡ Apply ProxyPass, ProxyPassReverse and possibly RewriteRule directives @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  13. Reverse Proxy Directives: 
 ProxyPass ➡ Allows remote server to be mapped into the space of the local (Reverse Proxy) server ➡ There is also ProxyPassMatch which takes a regex ➡ Example: ➡ ProxyPass /secure/ http://secureserver/ 
 ➡ Presumably “secureserver” is inaccessible directly from the internet 
 ➡ ProxyPassMatch ^/(.*\.js)$ http://js - storage.example.com/bar/$1 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  14. Reverse Proxy Directives: 
 ProxyPassReverse ➡ Used to specify that redirects issued by the remote server are to be translated to use the proxy before being returned to the client. ➡ Syntax is identical to ProxyPass; used in conjunction with it ➡ Example: ➡ ProxyPass /secure/ http://secureserver/ ➡ ProxyPassReverse /secure/ http://secureserver/ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  15. Simple Rev Proxy ➡ All requests for /images to a backend server ProxyPass /images http://images.example.com/ ProxyPass < path > < scheme >://< full url > ➡ Useful, but limited ➡ What if: images.example.com dies? traffic for /images increases @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  16. Load Balancing ➡ mod_proxy_balancer.so ➡ mod_proxy can do native load balancing ➡ weight by actual requests ➡ weight by traffic ➡ weight by busyness ➡ lbfactors @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  17. Create a balancer “cluster” ➡ Create a balancer which contains several host nodes ➡ Apache httpd will then direct to each node as specified < Proxy balancer://foo> BalancerMember http://www1.example.com:80/ loadfactor=1 BalancerMember http://www2.example.com:80/ loadfactor=1 BalancerMember http://www3.example.com:80/ loadfactor=4 status=+h ProxySet lbmethod=bytraffic </ Proxy > @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  18. Some config params ➡ For BalancerMembers: ➡ loadfactor normalized load for worker [1] ➡ ➡ lbset worker cluster number [0] ➡ ➡ retry retry timeout, in seconds, for non-ready workers [60] ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  19. Some config params ➡ For BalancerMembers (cont): ➡ connectiontimeout/timout Connection timeouts on backend [ProxyTimeout] ➡ flushpackets * ➡ Does proxy need to flush data with each chunk of data? ➡ on : Yes | off : No | auto : wait and see ➡ flushwait * ➡ ms to wait for data before flushing ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  20. Some config params ➡ For BalancerMembers (cont): ping ➡ Ping backend to check for availability; value is time to wait for ➡ response status (+/-) ➡ D : Disabled ➡ S : Stopped ➡ I : Ignore errors ➡ H : Hot standby ➡ E : Error ➡ N: Drain ➡ C: Dynamic Health Check ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  21. Some config params ➡ For Balancers: ➡ lbmethod load balancing algo to use [byrequests] ➡ ➡ stickysession sticky session name (eg: PHPSESSIONID) ➡ ➡ maxattempts # failover tries before we bail ➡ ➡ growth Extra BalancerMember slots to allow for ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  22. Some config params ➡ For Balancers: ➡ nofailover pretty freakin obvious ➡ ➡ For both: ➡ ProxySet Alternate method to set various params ➡ ProxySet balancer://foo timeout=10 ... ProxyPass / balancer://foo timeout=10 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  23. Connection Pooling ➡ Backend connection pooling ➡ Available for named workers: ➡ eg: ProxyPass /foo http://bar.example.com ➡ Reusable connection to origin ➡ For threaded MPMs, can adjust size of pool (min, max, smax) ➡ For prefork: singleton ➡ Shared data held in shared memory @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  24. Some config params ➡ For BalancerMembers - connection pool: ➡ min Initial number of connections [0] ➡ ➡ max Hard maximum number of connections [1|TPC] ➡ smax : ➡ soft max - keep this number available [max] ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  25. Some config params ➡ For BalancerMembers - connection pool: disablereuser/enablereuse : ➡ bypass/enable the connection pool (firewalls) ➡ ➡ ttl time to live for connections above smax ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  26. Sessions ➡ Sticky session support ➡ aka “session affinity” ➡ Cookie based ➡ stickysession=PHPSESSID ➡ stickysession=JSESSIONID ➡ Natively easy with Tomcat ➡ May require more setup for “simple” HTTP proxying ➡ Use of mod_session helps @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  27. Failover control ➡ Cluster set with failover ➡ Group backend servers as numbered sets ➡ balancer will try lower-valued sets first ➡ If no workers are available, will try next set ➡ Hot standby @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients Input f But, it is not always on Hidden s f Introducing gates: Input f Allow or disallow input Hidden Allow or

641 views • 28 slides
LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY RNNs/LSTMs? Can we operate over sequences of inputs? Limitations of vanilla Neural Networks z t Output Outputs a fixed size vector. B Hidden

737 views • 32 slides
The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a state of ruin. Starting off.. St Fagans Llandaff Cathedral Laura Edgar www.lauraedgar.co.uk A little bit of history.. First ever Bute Docks,

661 views • 20 slides
Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in two ways binary space partitioning (BSP) tree algorithm SIGGRAPH 1980 paper by Henry Fuchs (now at UNC) zbuffering Ed Catmull SIGGRAPh 1978 (now at

597 views • 15 slides
Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays Bank Plc. ASA-4 Edinburgh 2010 Crypomathic Logo Here Hidden Semantics: Why Why worry about it: Hidden semantics is important to the API analysis

647 views • 33 slides
Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Introduction Nondeterministic Hidden Logic Nondeterministic Hidden Logic with Sharing Conclusion Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU University Amsterdam CMCS 2012, Tallinn 1 / 14

548 views • 30 slides
LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

Introduction To and From the Hidden Valley Hidden Sector Parameter Scan Five Sample Points Conclusions LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low 2 David Morrissey 3 Andrew Spray 3 1

757 views • 50 slides
MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden Treasure [12:37] Introduction: For the next six weeks we re going to examine six different parables of Jesus. I hope this will be an exciting time of

247 views • 3 slides
1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

Hidden Markov Models 1 Hidden Markov Models Markov chains not so useful for most agents Need observations to update your beliefs Hidden Markov models (HMMs) Underlying Markov chain over states X You observe outputs (effects) at

617 views • 7 slides
ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka Poster #28 In the 90s: Universal approximation theorem Output Hidden Layer Input . . . 1 hidden layer, width go to infinity universal

472 views • 9 slides
Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis CIS 781 This set of slides reference slides used at Ohio State for instruction by Prof. Machiraju and Prof. Han-Wei Shen. Hidden Lines Hidden

384 views • 22 slides
The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise

The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise

New Caledonia: The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise Sascha Bullen DATE 2016 Your local support team Lorraine Rozario Sascha Bullen Aircalin USA Aircalin USA Customer Service Manager

524 views • 35 slides
1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

Hidden Markov Models CSE 473: Artificial Intelligence Markov chains not so useful for most agents Hidden Markov Models Eventually you dont know anything anymore Need observations to update your beliefs Hidden Markov models

567 views • 9 slides
Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O December 12, 2007 Abelian hidden subgroup problem Outline Basic concepts in quantum computing Statement of the hidden subgroup problem (HSP)

439 views • 22 slides
Future Software Resources Ltd Story Story!!!! When was the last time you paused and took an

Future Software Resources Ltd Story Story!!!! When was the last time you paused and took an

Future Software Resources Ltd Story Story!!!! When was the last time you paused and took an advert seriously? Can you remember why? The average African is wired to respond to stories, remember Tales by Moonlight. Your brand story is a

344 views • 22 slides
Lists in Funnel Lists are sequences of values They are one of the most important data type

Lists in Funnel Lists are sequences of values They are one of the most important data type

Lists in Funnel Lists are sequences of values They are one of the most important data type for functional programming A lot of functional programming languages have lists as a built-in data type In Funnel, lists are not primitive

437 views • 17 slides
Lean Enterprise In Action @barryoreilly @execcamp #leanenterprise 2 BARRY OREILLY In a time

Lean Enterprise In Action @barryoreilly @execcamp #leanenterprise 2 BARRY OREILLY In a time

1 BARRY OREILLY Lean Enterprise In Action @barryoreilly @execcamp #leanenterprise 2 BARRY OREILLY In a time of drastic change it is the learners who inherit the future. The learned usually find themselves equipped to live in a world

828 views • 59 slides
Case Study We Convert Problematic Biomass Waste Into Solid Biofuel Creating Communities

Case Study We Convert Problematic Biomass Waste Into Solid Biofuel Creating Communities

Case Study We Convert Problematic Biomass Waste Into Solid Biofuel Creating Communities Embracing Clean Energy How has this come along? Think of fundraising like a Flask instead of a Funnel - Convert Your Advocates into a Fundraiser! How

443 views • 4 slides
Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner

Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Browser Security Model] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

810 views • 24 slides
Wrap-up Whats the output? What we heard Observations DNT and Policy

Wrap-up Whats the output? What we heard Observations DNT and Policy

Wrap-up Whats the output? What we heard Observations DNT and Policy and Beyond Observations EU cookie directive, legal aspects of behavioral targeting user studies: attitudes, usability, what do

297 views • 8 slides
go out and fix privacy! Some citizens complain about being under surveillance, but they are told

go out and fix privacy! Some citizens complain about being under surveillance, but they are told

go out and fix privacy! Some citizens complain about being under surveillance, but they are told that if they have nothing to hide, they have nothing to fear. @KirilsSolovjovs, 2019. https://kirils.org Still, news media regularly cover cases

1.21k views • 74 slides
T odays lecture: Introduction to objects and classes Announcements: Try to

T odays lecture: Introduction to objects and classes Announcements: Try to

Previous lecture: File I/O, sort T odays lecture: Introduction to objects and classes Announcements: Try to finish Exercise 11 during DIS section ahead of Thursdays lecture. Test 2A will be released on Canvas at

396 views • 23 slides

More recommend