Reverse Proxy Configuration

Owned by Vaishnavi Sridhar (Unlicensed)
Last updated: Apr 16, 2019

Canvas uses HA Proxy as a reverse proxy that is established in the internal network to filter the valid requests and direct those to the appropriate backend server.

Any reverse proxy server can be chosen based on your requirement. The reverse proxy configuration varies accordingly to enable Microservices. Refer the following configuration details for HA proxy for guidance only.

HA Proxy contains the port and IP details of the application server where the microservices are deployed. It acts as a mediator and routes the incoming requests appropriately to the microservices based on internal patterns.

HA Proxy has a frontend where the request pattern is captured and routed to the appropriate backend. And has a backend where the request is forwarded to the appropriate IP. This therefore helps in avoiding cross-origin requests by providing extra layer of security. It supports both TCP and HTTP requests.


Set up a reverse proxy and do the URL replacement to enable the microservice. Refer the following sample HA proxy configuration file for more details.
haproxy.cfg


Perform the following steps to configure HA Proxy:

  1. Configure the connection timeout, client and server timeouts as shown in the code snippet.

    global
    #log /prd/log local0
    #log /prd/log local1 notice
    #ichroot /dev/log
    #log /dev/log local1 notice
    log 127.0.0.1 local0

defaults
    mode http
    option httplog
    log global
    timeout connect 10000000ms
    timeout client 10000000ms
    timeout server 10000000ms

listen stats 
    bind *:9029
    mode http
    log global
    maxconn 10
    clitimeout 100s
    srvtimeout 100s
    contimeout 100s
    timeout queue 100s
    stats enable
    stats hide-version
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri  /haproxy?stats

  2. Configure the request pattern capturing in the front-end module as shown in the following example of the front-end module of Notification microservice.

    frontend http-in
    bind *:80
    mode http
    #stick-table type ip   size 200k   expire 100s store http_req_rate(60s)
    #tcp-request content track-sc0 src
    #acl whitelist src 172.19.32.91
    #acl http_rate_abuse sc0_http_req_rate gt 5 
    #use_backend error401 if !whitelist
    #use_backend error429 if http_rate_abuse

    acl is_noti url_reg  [a-zA-Z]+\/NotificationService\/
    #reqrep (.*)\/[a-zA-Z]+(\/NotificationService\/)(.*) \1\2\3 if is_noti
    use_backend bk_noti if is_noti
    acl is_metadata_java url_reg  [a-zA-Z]+\/ddm\/
    use_backend bk_metadata_java if is_metadata_java
    acl use_java_metadata_backup nbsrv(bk_metadata_node) lt 1
    acl is_metadata_node url_reg  [a-zA-Z]+\/sdk\/
    use_backend bk_metadata_node if is_metadata_node !use_java_metadata_backup
    use_backend bk_metadata_java if is_metadata_node use_java_metadata_backup
    acl is_datacache url_reg [a-zA-Z]+\/CTDataCache\/
    use_backend bk_datacache if is_datacache
    acl is_sessionservice url_beg  /SessionService
    use_backend bk_sessionservice if is_sessionservice
    acl is_modelservice url_beg  /ctmodelhouse
    use_backend bk_modelservice if is_modelservice
    acl is_autho_service url_beg  /CTAuthorizationService
    use_backend bk_authoservice if is_autho_service  
    #option httpchk
    #option forwardfor
    # default_backend bk_model

    If the request follows a specific regular expression (regex) URL pattern, it is sent to the respective back-end module. For example, the screen shot shows the configuration of Notification microservice where the request is routed to the IP mentioned in the back-end module bk_noti if the request follows certain alphabetical pattern appended by /NotificationService.

    The reverse proxy can also be configured to route the incoming requests to fetch the metadata through Node service to Java metadata service when the Node service is down.

  3. Configure the routing details such as port number and IP of the application server in the backend module as shown in the following example of the backend module of Notification microservice.

    backend bk_noti
    http-response set-header Server canvasserver
    http-response del-header X-Powered-By
    #balance roundrobin
    #cookie SERVER insert
    #acl is_noti url_reg  [a-zA-Z]+\/NotificationService\/
    #reqrep (.*)\/[a-zA-Z]+(\/NotificationService\/)(.*) \1\2\3 if is_noti
    server Not9080 172.19.32.91:51001 check
    server Not9088 172.19.32.91:51001 check
    #server notification_server web3:8080 cookie S3 check

    Similarly you can configure all other Canvas microservices that you want to use in your reverse proxy server configuration file (e.g. haproxy.cfg) as shown in the example.