Revision of Pound from Fri, 05/04/2012 - 11:11

Revisions allow you to track differences between multiple versions of your content, and revert back to older versions.

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers.

Installation
Create a directory to work in:

mkdir -p /extra/src
cd /extra/src

Download and unpack the source:

wget http://www.apsis.ch/pound/Pound-2.6.tgz
tar zxf Pound-2.6.tgz
cd Pound-2.6

Configure it, then build and install:

./configure --with-ssl
make
make install

Basic Configuration
Create a config file /usr/local/etc/pound.cfg for a basic setup to proxy requests to an internal server:

## sample pound.cfg
#
User  "nobody"
Group  "nobody"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
## check backend every X secs:
Alive 30
## Run in foreground for daemontools startup
Daemon 0

ListenHTTP
  Address 1.2.3.4
  Port  80

  Service
    HeadRequire "Host: .*www.server0.com.*"

    #Enable WebDAV
    xHTTP 2

    BackEnd
      Address 192.168.0.10
      Port    80
    End
  End

  Service
    HeadRequire "Host: .*www.server1.com.*"

    BackEnd
      Address 192.168.0.11
      Port    80
    End
  End
End

Automatic Startup
We're going to use daemontools.
If you haven't already, install daemontools.

Create a directory for the Pound service:

mkdir -m 1755 /var/service/pound
cd /var/service/pound

Create the run script and make it executable:

echo '#!/bin/sh' > run
echo 'exec /usr/local/sbin/pound' >> run
chmod 755 run

Our log script comes from John Simpson:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/pound /service/pound

Confirm that the service is running:

svstat /service/pound /service/pound/log

IP addresses and X-Forwarded-for
When running behind the Pound proxy, the web server will see the proxy's IP address as the source of the traffic. To get the actual IP address, adjust the program's logging to use the X-Forwarded-for.

  • Apache - edit /usr/local/apache2/conf/http.conf and add a new log format for Pound:

    LogFormat ""%{X-Forwarded-for}i" %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{forensic-id}n"" poundcombined

    Then adjust AccessLog directive in your VirtualHost configuration in

    /usr/local/apache2/conf/extra/httpd-vhosts.conf<code>:
    <code>
    CustomLog /var/websites/domain/logs/domain-access_log poundcombined
  • Drupal
    Edit your site's settings.php file to enable using the X-Forwarded-for header:

    $conf['reverse_proxy'] = TRUE;
    $conf['reverse_proxy_addresses'] = array('1.2.3.4');

Recent Updates

  • Apache
    1 year 12 months ago
  • Apache
    1 year 12 months ago
  • lighttpd
    1 year 12 months ago
    php 8.x
  • MariaDB
    1 year 12 months ago
    10.6.7
  • CentOS
    2 years 1 day ago
    Drop Centos 5/6 stuff