top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Reverse proxy to http 1.0 origin server

+1 vote
869 views

1) I'd have a question on how to set up a reverse proxy to a http 1.0 in the cleanest most standard conforming way.

AFAIU, strict HTTP 1.0 has neither persistent connections / keep-alives
- a connection ends after a single request has been responded. Neither does it have Host: headers.

a) Do I need to tell the reverse-proxy about this? Do I have to set:
- ProxyPass' disablereuse=on and/or
- force-proxy-request-1.0 and/or
- proxy-nokeepalive and/or
- proxy-sendcl

Or is one of them enough? E.g. when I set force-proxy-request-1.0... all the others are implicitly set?

b) Do I need to set proxy-initial-not-pooled?
Cause I get the error mentioned there,... interestingly that seems to be independent of the backend/origin server... and dependent on the client.

c) So, strictly speaking, I could not use name-based vhosting, right?

2) Further, when a client talks to the reverse proxy in HTTP 1.0 it should get the reply in 1.0 either. And when it talk to it in 1.1, it should get it in 1.1.

Would Apache do this automatically, or would it answer a 1.0 request with a 1.1 response?
So do I have to set: force-response-1.0 ?

3) The origin server to which I connect is single threaded, i.e. it will only process one request at a time. So Apache shouldn't connect more than once concurrently, as it would simply block. How do I get this? The keep-alive options above probably don't help here... Is the solution to set ProxyPass' max=1 ?

posted Aug 5, 2013 by Abhay Kulkarni

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
AFAIU, strict HTTP 1.0 has neither persistent connections / keep-alives
- a connection ends after a single request has been responded. Neither does it have Host: headers.

No, it has keepalives and Host headers. But the former are more limited than in 1.1 because there's no chunked encoding, and the latter are technically optional (though in practice pretty-much universal since about 1995 or 96).

a) Do I need to tell the reverse-proxy about this?

Try it and see what your backend is happy with! Chances are, the only thing you'll need to worry about
is to avoid sending it chunked encoding.

answer Aug 5, 2013 by Amit Parthsarthi
Similar Questions
+6 votes

I have a reverse proxy (apache 2.2) with mod_proxy_balancer with https visible to the outside world.

The question is: from the proxy performance/scalability point of view is it better to configure backends (origin servers) with http or with https?

Is it true that if proxy is setup https->http then it only has to decrypt/encrypt the headers and the body is encrypted/decrypted on the backend? I do not use mod_proxy_html (but maybe there are other modules which affect this behaviour on the proxy?.

How either setup affects latency of handling requests? With https->https do I have to do two handshakes (on the proxy and on the backend) for every connection? I have KeepAlive both on the proxy and the backends.

+1 vote

I have an idea how to setup Apache for doing load balancer based on mod_proxy and mod_balance modules. But in my case the backend server requires ssl client certificate authentication and therefore the Apache Server cannot terminate the ssl connection.

I do no need http session cookie stickyness. The application is stateless. Can I somehow configure Apache as a transparent balancer?

Or I should use even another software - squid, iptables? The backend application is a web service running on Tomcat.

0 votes

Is that possible create a http tunnel to remote http tunnel server via a middle http proxy?

Here is my situation :
My Company only allow http protocol and they created a http proxy server. So when we want to access internet we have to set the http proxy settings for the browser or application.

Now I want to access outside without restrictions of http protocol and also not limited to 80 port. As they blocked the ssh, so the SSH reverse binding is not possible. So is that possible to create a http tunnel via the http proxy of my company and aim to my own server outside?

+2 votes

(a) HTTP/1.0 vs HTTP/1.1. What are the dierences between these versions? what the methos (HTTP
commands) that are supported by HTTP/1.0 and that are supported by HTTP/1.1?
(b) WebSocket: What is a WebSocket (namely with HTML5) and what they are being used for?

+1 vote

We're developing webapp running on Tomcat 7. The apps use third-party components that we can't modify and those components connect to external sites using HTTP.

We have a policy of routing all outbound traffic through an authenticating HTTP proxy. This is a bit of problem for us since the Oracle Java 7 JVM doesn't support configuring proxy authentication on the JVM level (using e.g. system properties).

One possible workaround I could think of is to create a custom javaagent that would set a default java.net.Authenticator in premain() method. This approach appears to work in a command line program that uses HttpURLConnection, but are there any potential caveats to this method when used with webapps running in Tomcat? One shortcoming is that the same Authenticator would be used for all webapps in the JVM, but this is something we can live with.

...