11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

Main menu BASH Shell Troubleshooting Nginx Networking MySQL Google Cloud Platform Amazon Cloud Computing Rackspace Cloud Computing Linux CentOS Debian / Ubuntu Ubuntu Linux Suse RedHat and Friends Slackware Linux UNIX AIX Mac OS X FreeBSD FreeBSD Jails (VPS) Openbsd Solaris See all tutorial topics Blog About Contact us Forum RSS/FEED Linux FAQ / Howtos

Linux install and configure pound reverse proxy for Apache http / https web server
by nixCraft on December 11, 2007 22 comments LAST UPDATED December 13, 2007 in Apache, CentOS, Debian / Ubuntu Q. How do I install and configure pound reverse proxy for Apache web sever under Debian Linux? A. Pound is a reverse-proxy load balancing server. It accepts requests from HTTP / HTTPS clients and distributes them to one or more Web servers. The HTTPS requests are decrypted and passed to the back-ends as plain HTTP. It will act as: a) Server load balancer b) Reverse proxy server c) Apache reverse proxy etc d) It can detects when a backend server fails or recovers, and bases its load balancing decisions on this information: if a backend server fails, it will not receive requests until it recovers e) It can decrypts https requests to http ones f) Rejects incorrect requests h) It can be used in a chroot environment (security feature) If more than one back-end server is defined, Pound chooses one of them randomly, based on defined priorities. By default, Pound keeps track of associations between clients and back-end servers (sessions).

Install Pound Software

Type the following command to install pound:
$s u d oa p t g e ti n s t a l lp o u n d

If you are using RHEL / CentOS, grab pound rpm here and type the command:
#r p mi v hp o u n d *

If you are using FreeBSD, enter:

#c d/ u s r / p o r t s / w w w / p o u n d /& &m a k ei n s t a l lc l e a n

How it works?
Let us assume your public IP address 202.54.1.5. Pound will run on 202.54.1.5 port 80 It will forward all incoming http requests to internal host 192.168.1.5 and 192.168.1.10 port 80 or 443 Pound keeps track of associations between clients and back-end servers
www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/ 1/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

Pound configuration file

Under Debian / Ubuntu default file located at /etc/pound/pound.cfg Under FreeBSD it is located at /usr/local/etc/pound.cfg (you need to create this file) Under RHEL / CentOS you need to create file at /etc/pound.cfg

Sample configuration: HTTP Proxy

Forward all incoming request at 202.54.1.5 port 80 request to 192.168.1.5 Apache server running at 8080 port: Open /etc/pound/pound.cfg file:
#v i/ e t c / p o u n d / p o u n d . c f g

To translate HTTP requests to a local internal HTTP server, enter (make sure 192.168.1.5 Apache running listing on port 8080):
L i s t e n H T T P A d d r e s s2 0 2 . 5 4 . 1 . 5 P o r t 8 0 S e r v i c e B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 5 P o r t 8 0 8 0 E n d E n d E n d

Save and close the file. Restart pound:

#/ e t c / i n i t . d / p o u n dr e s t a r t

Following example will distribute the all HTTP/HTTPS requests to two Web servers:
L i s t e n H T T P A d d r e s s2 0 2 . 5 4 . 1 . 5 P o r t 8 0 E n d L i s t e n H T T P S A d d r e s s2 0 2 . 5 4 . 1 . 5 P o r t 4 4 3 C e r t " / e t c / s s l / l o c a l . s e r v e r . p e m " E n d S e r v i c e B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 5 P o r t 8 0 E n d B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 6 P o r t 8 0 E n d E n d

For testing purpose you may generate self signed ssl certificate (/etc/ssl/local.server.pem), by entering the following command:
#c d/ e t c / s s l& &o p e n s s lr e qx 5 0 9n e w k e yr s a : 1 0 2 4k e y o u tl o c a l . s e r v e r . p e mo u tl o c a l . s e r v e r . p e md a y s3 6 5n o d e s

Pound log file

By default pound log message using syslog:
#t a i lf/ v a r / l o g / m e s s a g e s #g r e pp o u n d/ v a r / l o g / m e s s a g e s

Sample complete configuration file

# #M i n i m a ls a m p l ep o u n d . c f g # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #g l o b a lo p t i o n s : U s e r " w w w d a t a " G r o u p " w w w d a t a " # R o o t J a i l " / c h r o o t / p o u n d " # #L o g g i n g :( g o e st os y s l o gb yd e f a u l t ) # # 0 n ol o g g i n g # # 1 n o r m a l # # 2 e x t e n d e d # # 3 A p a c h e s t y l e( c o m m o nl o gf o r m a t ) L o g L e v e l 1 # #c h e c kb a c k e n de v e r yXs e c s : A l i v e 3 0 # #u s eh a r d w a r e a c c e l l e r a t i o nc a r ds u p p o r t e db yo p e n s s l ( 1 ) : # S S L E n g i n e " " # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #l i s t e n ,r e d i r e c ta n d. . .t o : #H e r ei sam o r ec o m p l e xe x a m p l e :a s s u m ey o u rs t a t i ci m a g e s( G I F / J P E G )a r et ob es e r v e df r o m a s i n g l e b a c k e n d 1 9 2 . 1 6 8 . 0 . 1 0 . I n # a d d i t i o n , 1 9 2 . 1 6 8 . 0 . 1 1 i s t o d o t h e h o s t i n gf o rw w w . m y s e r v e r . c o mw i t hU R L b a s e ds e s s i o n s ,a n d1 9 2 . 1 6 8 . 0 . 2 0( a1 G H zP I I I )a n d # 1 9 2 . 1 6 8 . 0 . 2 1( 8 0 0 M h zD u r o n )a r ef o ra l lo t h e rr e q u e s t s( c o o k i e b a s e ds e s s i o n s ) . T h el o g g i n gw i l lb ed o n eb yt h eb a c k e n ds e r v e r s . # T h ec o n f i g u r a t i o nf i l em a yl o o kl i k et h i s : #M a i nl i s t e n i n gp o r t s

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/

2/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server
L i s t e n H T T P A d d r e s s2 0 2 . 5 4 . 1 . 1 0 P o r t 8 0 C l i e n t 1 0 E n d L i s t e n H T T P S A d d r e s s2 0 2 . 5 4 . 1 . 1 0 P o r t 4 4 3 C e r t " / e t c / p o u n d / p o u n d . p e m " C l i e n t 2 0 E n d #I m a g es e r v e r S e r v i c e U R L" . * . ( j p g | g i f ) " B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 1 0 P o r t 8 0 E n d E n d #V i r t u a lh o s tw w w . m y s e r v e r . c o m S e r v i c e U R L " . * s e s s i d = . * " H e a d R e q u i r e" H o s t : . * w w w . n i x c r a f t . c o m . * " B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 1 1 P o r t 8 0 E n d S e s s i o n T y p e P A R M I D " s e s s i d " T T L 1 2 0 E n d E n d #E v e r y b o d ye l s e S e r v i c e B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 2 0 P o r t 8 0 P r i o r i t y5 E n d B a c k E n d A d d r e s s1 9 2 . 1 6 8 . 1 . 2 1 P o r t 8 0 P r i o r i t y4 E n d S e s s i o n T y p e C O O K I E I D " u s e r i d " T T L 1 8 0 E n d E n d

Suggested readings:
=> Pound project => Man pages : pound and poundctl
Tw eet 0 Like 2 2

StumbleUpon

If you would like to be kept up to date with our posts, you can follow us on Twitter, Facebook, Google+, or even by subscribing to our RSS Feed. Featured Articles: 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X Top 30 Nmap Command Examples For Sys/Network Admins 25 PHP Security Best Practices For Sys Admins 20 Linux System Monitoring Tools Every SysAdmin Should Know 20 Linux Server Hardening Security Tips Linux: 20 Iptables Examples For New SysAdmins Top 20 OpenSSH Server Best Security Practices Top 20 Nginx WebServer Best Security Practices 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors 15 Greatest Open Source Terminal Applications Of 2012 My 10 UNIX Command Line Mistakes Top 10 Open Source Web-Based Project Management Software
www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/ 3/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

Top 5 Email Client For Linux, Mac OS X, and Windows Users The Novice Guide To Buying A Linux Laptop { 22 comments read them below or add one } 1 `ariel December 11, 2007 at 1:38 pm Nice !!! a few weeks ago i was googling for something like this for hours !!! Reply 2 nixCraft December 11, 2007 at 1:45 pm Pound is simple and very nice. Many large site such as wordpress.com uses pound. Reply 3 Calomel December 12, 2007 at 4:35 pm I would highly suggest pound or lighttpd as a reverse proxy. As of version 2.4e, Pound is extremely fast and stable. Lighttpd did have some problems in the past and most of those have been fixed. Memeory managment has been greatly improved. I have to agree about the documentation, but there are examples like the following to help everyone out: Pound Reverse Proxy how to http://calomel.org/pound.html Light webserver how to http://calomel.org/lighttpd.html Reply 4 nixCraft December 12, 2007 at 5:06 pm Calomel, Thanks for sharing your links. You got some pretty good stuff :) Reply 5 Babar December 14, 2007 at 3:48 pm I am having the same thing using squid as reverse proxy. Seems to be doing pretty well for the time being. Reply 6 Erik December 15, 2007 at 2:48 am To bad it doesnt do caching. Also crossraods is a good LB as-well. Reply 7 ajay December 31, 2007 at 7:37 am i have a linux system white box loaded. tell me how to configure its lan card for internet connection while server proxy address= 192.168.10.1 port : 6080 Reply 8 McKeder April 16, 2008 at 2:59 pm I am extremely happy to have a tutorial like this. Until Recently, I had no idea what a Reverse Proxy was and this really helped me to understand it. Thanks! and keep up all the great work! Reply 9 shashank August 10, 2008 at 8:01 pm HI Folks, I have a deadline and the time is ticking. i am setting up pound as a reverser proxy for a site that runs on port 8080. I m trying to run pound on 80 and direct all the traffic to port 8080. i have pound up and running and the redirect happens fine just that when it redirects it gives me this error The service is not available. Please try again later i believe i need to add some directive under the pound.cfg fine but not sure what. this is what i have for pound.cfg
U s e r " p o u n d " G r o u p " p o u n d " L o g F a c i l i t yd a e m o n L o g L e v e l 4 A l i v e 3 0 C l i e n t 1 0

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/

4/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server
T i m e O u t 1 0 G r a c e 1 0 L i s t e n H T T P A d d r e s s 0 . 0 . 0 . 0 C h e c k U R L " ( ^ \ / | \ . h t m l | \ . c s s | \ . j p g | f a v i c o n \ . i c o | r o b o t s \ . t x t | \ . p n g ) $ " H e a d R e m o v e" X F o r w a r d e d F o r " M a x R e q u e s t1 0 2 4 P o r t 8 0 x H T T P 0 #E r r 4 1 4" / v a r / w w w / h t d o c s / e r r o r / g e n e r i c _ e r r o r _ p a g e " #E r r 5 0 0" / v a r / w w w / h t d o c s / e r r o r / g e n e r i c _ e r r o r _ p a g e " #E r r 5 0 1" / v a r / w w w / h t d o c s / e r r o r / g e n e r i c _ e r r o r _ p a g e " #E r r 5 0 3" / v a r / w w w / h t d o c s / e r r o r / g e n e r i c _ e r r o r _ p a g e " S e r v i c e U R L " . * s e s s i d = . * " H e a d R e q u i r e" H o s t : . * w e b 2 4 9 . s o l u t i o n s e t . c o m . * " B a c k E n d A d d r e s s 1 2 7 . 0 . 0 . 1 P o r t 8 0 8 0 E n d E m e r g e n c y A d d r e s s 1 2 7 . 0 . 0 . 1 P o r t 8 8 8 8 E n d E n d E n d

i am very new to pound so any help would be really appreciated. Thank you Reply 10 Techi November 14, 2008 at 3:34 pm Guys, First I must say thank you for making reverse proxy so easy to configure and making techs life easy. I am running Pound 2.4.3 on RHEL5 server. I have three websites each running on separate webserver in internal network. I would like to reverse proxy them via one Pound server in DMZ. All three websites require secure connections for client and I like to install the certificates on the pound server for them. I have assigned three IPs on the pound server, one for each website. But these sites are not working. Below is my configuration.
L i s t e n H T T P A d d r e s s2 0 2 . 1 6 8 . 1 . 1 P o r t 8 0 S e r v i c e R e d i r e c t" h t t p s : / / w w w . a b c . c o m " E n d E n d L i s t e n H T T P S A d d r e s s2 0 2 . 1 6 8 . 1 . 1 P o r t 4 4 3 C e r t " / u s r / l o c a l / o p e n s s l / l o c a l . s e r v e r . p e m " E n d S e r v i c e B a c k E n d A d d r e s s1 7 2 . 1 7 . 1 . 1 P o r t 8 0 E n d E n d L i s t e n H T T P A d d r e s s2 0 2 . 1 6 8 . 2 . 2 P o r t 8 0 S e r v i c e R e d i r e c t" h t t p s : / / w w w . d e f . c o m " E n d E n d L i s t e n H T T P S A d d r e s s2 0 2 . 1 6 8 . 2 . 2 P o r t 4 4 3 C e r t " / u s r / l o c a l / o p e n s s l / l o c a l 1 . s e r v e r . p e m " E n d S e r v i c e B a c k E n d A d d r e s s1 7 2 . 1 7 . 2 . 2 P o r t 8 0 E n d E n d L i s t e n H T T P A d d r e s s2 0 2 . 1 6 8 . 3 . 3 P o r t 8 0 S e r v i c e R e d i r e c t" h t t p s : / / w w w . g h i . c o m " E n d E n d L i s t e n H T T P S A d d r e s s2 0 2 . 1 6 8 . 3 . 3 P o r t 4 4 3 C e r t " / u s r / l o c a l / o p e n s s l / l o c a l 2 . s e r v e r . p e m " E n d S e r v i c e

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/

5/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server
B a c k E n d A d d r e s s1 7 2 . 1 7 . 3 . 3 P o r t 8 0 E n d E n d

I am redirecting HTTP requests to HTTPS as I would only like to serve clients on secure channel. This works fine if I run each website on a separate pound server but I like to have them on one reverse proxy server. I will really appreciate if you can provide me any help in this regard. If it is not possible with this configuration is there any way to achieve this on a single pound server. Thanks, Farhan Reply 11 sameera December 1, 2008 at 6:49 am Thanks Vivek Finally i found a resource which is working thankx again Reply 12 Kunal May 5, 2009 at 4:29 am How to run pound in HA mode, and running it parallel so that both the servers can share session (In case if one is down) and how to maintain the sticky session in pound. Thanks in Advance Kunal Reply 13 Nishad September 10, 2009 at 4:12 pm I am beating around the bush for more than 4 days. I am a newbie for Linux. My management given me the deadline for setting Pound. If anybody please please help me out. I installed as listed. I installed CentOS 5 and installed Pound. Well its not forwarding the requests to the internal webservers. Kindly give the instructions. Reply 14 mark September 18, 2009 at 10:16 am we cannot seem to edit our pound.cfg file its none wrieable and we cannot chmode it either does anyone have any ideas how we can make this file writable ? Reply 15 mair October 13, 2009 at 7:35 pm its really easy to configure i want to track the call record and email record as per proxy server can any body sugggest me the way? itsyllabus@live.com Reply 16 amit August 4, 2010 at 6:08 am Why not to use apache http server as reverse proxy itself? Reply 17 Clyde August 25, 2010 at 12:32 am Hi, How about the gateway of the back-end servers, do I point it to the Pound as gateway and configure Pound as transparent Reply 18 carl October 31, 2010 at 3:14 am So can data on any port be sent to the BackEnd? And how would it be setup? Would it be done like this for other ports? Service HeadRequire Host:.*domain.com.* BackEnd Address 192.168.1.201 Port 80
www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/ 6/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

Port 1812 Port 1813 End Reply 19 carl October 31, 2010 at 3:29 am or would it be in the Listen group also?: ListenHTTP Address 192.168.1.150 Port 80 Port 1812 Port 1813 End Reply 20 Sri March 21, 2011 at 7:03 am Hi, This is an Excellent Website.. I searched a lot about this topic, and found today!!! Can any one please clarify my doubt? Does pound supports dynamic configuration reload like NGINX ?(Restarting master process alone will reload the configuration file) I am required to do this. Thanks in advance, Sri Reply 21 Danny C April 14, 2011 at 9:35 am I am new to reverse proxy using Pound, I would like to know how the Client Http request & response data flow in a scenarios as below: # Let assume our Server public ip is 202.54.1.5. # Pound will run on 202.54.1.5 port 80 . Let us call this Pound Server. # A Http-Request-A from a Client (Internet Browser) came into the Pound Server # Pound Server will forward the Http-Request-A to list of internal Hosts eg. 192.168.1.11, 192.168.1.12, . all on port 80. Let say, it pick the Host-192.168.1.11 # After the Host-192.168.1.11 process it, how does the Http-Response -A flow back to that Client (Internet Browser) ? Does it flow back DIRECTLY to that Client without going through the Pound Server ? OR Does it flow back first to the Pound Server and then to that Client ? I just want to investigate if there is some network bandwidth toll (incoming & outgoing) at the Pound Server which is used as a load balancer in a Cloud environment since Cloud eg.Amazon or Azure charge for incoming as well as outgoing data transfer. All I want is just the load balancing features using Pound Server inside a high availability nature of the Cloud. Anyone, pls help. Thank a lot in advance . Reply 22 Gene August 28, 2012 at 9:59 pm HI, We are currently using apache as proxy server and redirecting all request innto our webserver. The problem we have is that our webserver only sees the internal IP address of the apache proxy server. We would like to see the original IP address of the incoming request. Is this possible with POUND? Reply Leave a Comment Name * E-mail * Website

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/

7/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <kbd> <blockquote> <pre> <a href="" title=""> Notify me of followup comments via e-mail
Submit

Tagged as: /etc/pound/pound.cfg, apache reverse proxy, linux load balancer, load balancer, openssl, pound http proxy, pound https proxy, poundctl command, pund, reverse proxy Previous Faq: How do I find out my DHCP server address? Next Faq: ICMP IP Network Scanning / Probing using a Shell Commands

GET FREE LINUX TIPS

Sign up for our newsletter to get howto & news
you@example.com Sign Up

nixCraft
Like You like this.

You and 40,056 others like nixCraft.

Facebook social plugin

Related Faqs

nginx: Setup SSL Reverse Proxy (Load Balanced SSL Proxy)

CentOS / Redhat: Install nginx As Reverse Proxy Load Balancer

FreeBSD Install Nginx Webserver

Red Hat / CentOS Install nginx PHP5 FastCGI Webserver

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/ 8/9

11/2/13

Linux install and configure pound reverse proxy for Apache http / https web server

Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and Configuration

HowTo: Merge Apache / Lighttpd / Nginx Server Log Files

CentOS / Redhat Apache mod_ssl Configuration

How To Run Linux Web Server / Service on Private IP Network

CentOS / Redhat Linux: Install Keepalived To Provide IP Failover For Web Cluster mod_extforward: Lighttpd Log Clients Real IP Behind Reverse Proxy / Load Balancer

Latest posts from our blog

Valve SteamOS: A Linux-based Gaming Operating System Announced Download of the day: Half-Life 2 For Steam on Linux Download of The Day: Debian Linux 7 ( Wheezy ) Apache / Nginx: Visualize Web Server Access Log In Real Time Amazon AWS Route 53 GEO DNS Configurations 2006-2013 nixCraft. All rights reserved. Cannot be reproduced without written permission. Privacy Policy | Terms of Service | Questions or Comments | Sitemap

www.cyberciti.biz/faq/linux-http-https-reverse-proxy-load-balancer/

9/9