Reverse Proxying on Windows for Plone

I have finally gotten a reverse proxy app to work on the Windows Server 2003 machine.

The solution:

  1. Install cygwin. This by far was the biggest stumbling block, as I didn’t want to install cygin on a production server. However, after scouring the web (and google) for free/open source reverse proxy apps for Windows, I came to the conclusion that the only ones available require cygwin.
  2. Get Pound. I’ve looked at a variety of reverse proxys (nginx, lighttpd, apache, etc.) and each one seemed to have some disadvantage that I couldn’t ignore. Not to mention many of the alternatives weren’t dedicated reverse proxys but web servers. More details are here.
    • One caution is that the most recent version of pound (2.4.2) would not compile, as it required some IPv6 support in the headers. I chose to download the previous version (2.3.2) and it did compile smoothly.
    • ./configure –without-ssl –disable-log –disable-dynscale
    • Strangely enough, even with the –without-ssl option the openssl library is linked into the pound.exe executable.
    • make
    • Copy the pound.exe and the associated DLLs ( cygssl-0.9.8.dll, cygcrypto-0.9.8.dll, cygrunsrv.exe, cygwin1.dll, cygpcre-0.dll, cygpcreposix-0.dll) to a new directory (e.g. c:\apps\pound)
  3. Create a pound.cfg file in the c:\apps\pound directory. Note that the sample config files shown in this site do not work. I am assuming they use commands for an older version of pound that have since been removed
    • A sample config file that works for me is:

    • # Set pound to run like a normal app, so that cygrunsrv can daemonize it
      Daemon 0
      ListenHTTP
      Address 1.2.3.4
      Port 80# Prevent any access to the ZMI from outside
      Service
      URL ".*/manage"
      End# If you have multiple domains, repeat the Service block
      Service
      HeadRequire "Host: .*A.edu.*"
      BackEnd
      Address 127.0.0.1
      Port 8123
      End
      End
      End

    • Note that for this to make sense, the web server (Zope in this case) should be configured to listen only on the localhost ip address (127.0.0.1), and the firewall to block port 8123, otherwise the intent of having only pound exposed to the internet will not be realized.
    • By the way, adding multiple BackEnd directives allows for load balancing, even with prioritization. Really simple and cool!
  4. Once you have pound running and have tested it on the command line (pound -f pound.cfg), you want to install it as a service so that it will be automatically started on startup.
    • cygrunsrv –install Pound –path C:\Apps\Pound\pound.exe –args “-f
      C:\Apps\Pound\pound.cfg” –stdout C:\Apps\Pound\pound.log –stderr
      C:\Apps\Pound\pound.log
  5. I haven’t configured it yet, but I will be adding additional URL filters to reverse proxy to the IIS server.

May 24, 2008 · Filed under Site Admin, Web

Comments are closed.