Pound

Installation
Create a directory to work in:

mkdir -p /extra/src
cd /extra/src

Download and unpack the source:

wget http://www.apsis.ch/pound/Pound-2.8.tgz
tar zxf Pound-2.8.tgz
cd Pound-2.8

Configure it, then build and install:

./configure --with-ssl
make
make install

Basic Configuration
Create a config file /usr/local/etc/pound.cfg for a basic setup to proxy requests to an internal server:

## sample pound.cfg
#
User  "nobody"
Group  "nobody"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
## Log to stdout
LogFacility -
## check backend every X secs:
Alive 30
## Run in foreground for daemontools startup
Daemon 0

ListenHTTP
  Address 1.2.3.4
  Port  80

  Service
    HeadRequire "Host: .*www.server0.com.*"

    #Enable WebDAV
    #xHTTP 2

    BackEnd
      Address 192.168.0.10
      Port    80
    End
  End

  Service
    HeadRequire "Host: .*www.server1.com.*"

    BackEnd
      Address 192.168.0.11
      Port    80
    End
  End
End

Automatic Startup
We're going to use daemontools.
If you haven't already, install daemontools.

Create a directory for the Pound service:

mkdir -m 1755 /var/service/pound
cd /var/service/pound

Create the run script and make it executable:

echo '#!/bin/sh' > run
echo 'exec /usr/local/sbin/pound' >> run
chmod 755 run

Our log script comes from John Simpson:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/pound /service/pound

Confirm that the service is running:

svstat /service/pound /service/pound/log

IP addresses and X-Forwarded-for
When running behind the Pound proxy, the web server will see the proxy's IP address as the source of the traffic. To get the actual IP address, adjust the program's logging to use the X-Forwarded-for.

  • Apache - edit /usr/local/apache2/conf/http.conf and add a new log format for Pound:

    LogFormat ""%{X-Forwarded-for}i" %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{forensic-id}n"" poundcombined

    Then adjust AccessLog directive in your VirtualHost configuration in

    /usr/local/apache2/conf/extra/httpd-vhosts.conf<code>:
    <code>
    CustomLog /var/websites/domain/logs/domain-access_log poundcombined
  • Drupal
    Edit your site's settings.php file to enable using the X-Forwarded-for header:

    $conf['reverse_proxy'] = TRUE;
    $conf['reverse_proxy_addresses'] = array('1.2.3.4');

Recent Updates

  • PHP
    6 months 3 weeks ago
    PHP 7.4
  • 7 months 1 week ago
    MariaDB 10.4.12
  • 7 months 1 week ago
    Dovecot 2.3.10
  • 7 months 1 week ago
    CentOS 6 revisions
  • 7 months 1 week ago
    Copy of the revision from Wed, 08/22/2018 - 13:39.