Pound Reverse Proxy

After moving my website to a linux box recently I tried using IIRF on IIS to reverse proxy the different websites I was running but I had a few issues with IIRF so I set about looking for an alternative.  I considered using Forefront Threat Management Gateway as I was familiar with it but it was end of life and a little bloated for what I needed.  A bit out of my comfort zone I found Pound that runs on Ubunutu and it seemed to suggest it would do what I need.  I created a new ubuntu server on my VMware boxes and gave it 256mb of ram and 12 gb of disk and installed ubuntu server with the defaults.

Once it was loaded I set up a static IP address on it

Next step was to install pound

sudo apt-get update && sudo apt-get install pound

pound needed its config file editied rather than use nano I tried winscp to edit the config file.  First I installed SSH server

sudo apt-get install openssh-server	

Then I opened up sudo for my account so it didnt require a password bit of a security hold but just wanted it to be as easy to edit in the future as possible to do this I edited the file

/etc/sudoers

and added the line

yourusername ALL=NOPASSWD: ALL

replaceing yourusername with my username

Then I fired up winscp and in the connection options turned on advanced and under environment win/scp shell I changed the shell to sudo su and connected to the server.  This way i had permission to edit files that I needed superuser access for.

This was the config file that I created

 

## Minimal sample pound.cfg
##
## see pound(8) for details

######################################################################
## global options:

User  "www-data"
Group  "www-data"
#RootJail "/chroot/pound"

## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1

## check backend every X secs:
Alive  30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

######################################################################

## listen, redirect and ... to:

## redirect all requests on port 8080 ("ListenHTTP") to the local webserver (see "Service" below):
ListenHTTP
 Address 192.168.99.61
 Port 80

 ## allow PUT and DELETE also (by default only GET, POST and HEAD)?:

 Service
 HeadRequire "Host:.*www.jwarburton.com.*"  
   BackEnd
   Address 192.168.99.64
   Port 80
  End
 End

Service
    HeadRequire "Host:.*www.dianewarburton.co.uk.*"
    BackEnd
      Address 192.168.99.1
      Port    80
    End
  End

Service
    HeadRequire "Host:.*ix.jwarburton.com.*"
    BackEnd
      Address 192.168.99.1
      Port    80
    End
  End

Service
    HeadRequire "Host:.*prs.jwarburton.com.*"
    BackEnd
      Address 192.168.99.1
      Port    80
    End
  End

End

The important bits

Changed these lines to the IP of the ubuntu server and port 80 which was the port I wanted it to listen on

ListenHTTP
 Address 192.168.99.61
 Port 80

Then for each web site i created an entry like

Service
    HeadRequire "Host:.*prs.jwarburton.com.*"
    BackEnd
      Address 192.168.99.1
      Port    80
    End
  End

HeadRequire specifys the host head that I am expecting in the URL

Address is the website that I want to forward to

Once nice thing is that it maintains the host headers on the passthrough so the windows server I have on 192.168.99.1 reads the hosts headers and then delivers the correct site.

Once I had edited the file and saved it I then

Enabled Pound to start

sudo nano /etc/default/pound

Change it from startup=0 to startup=1. Before doing this, Pound will refuse to start.

startup=1

I rebooted the server before pound seemed to start to work

Any changes I made to the config file I restarted pound by using

 sudo /etc/init.d/pound restart

 

 

 

Tags: 

Zircon - This is a contributing Drupal Theme
Design by WeebPal.
Drupal 7 Appliance - Powered by TurnKey Linux