Revproxy

Revproxy is a reverse proxy for Ocsigen.

This module allows to transmit some requests to another Web server using the HTTP or HTTPS protocol. For example if you want to use Ocsigen together with another Web server (Apache, Tomcat, etc. or even another Ocsigen).

Configuration

To use the reverse proxy, first load the extension from the configuration file:

<extension findlib-package="ocsigenserver.ext.revproxy"/>

Then configure your hosts as in these examples:

<revproxy suburl="(.*)" dest="http://my.newaddress.org:8080/\1"/>
<revproxy suburl="dir/(.*)\.html" dest="https://my.newaddress.org/\1.php"/>
<revproxy fullurl="http://(.*).mydomain.org:(80|8080)/(.*)" dest="http://\1.my.newdomain.org:\2/\3"/>

regexp is a regular expression using PERL syntax (PCRE). The destination URL is built from dest, where \i corresponds to the i-th part between parenthesis of the regular expression (was $i in older versions).

Add the attribute keephost="keephost" if you want to send the original Host header to the distant server. Otherwise, it will be computed from dest.

Add the attribute nopipeline="nopipeline" if for some reason you don't want to pipeline reverse proxy's requests. With that option, the reverse proxy will open a new connection for all requests, instead of trying to reuse connections. You probably don't need that, but if you do, please contact us to tell us what is the problem. Thank you!

You probably also need to rewrite locations in the output (if the server is doing redirections). For example:

<outputfilter header="location" regexp="http://my.newaddress.org/(.*)" dest="http://my.publicaddress.org/\1"/>

Note that if you are using ocsigen behind a reverse proxy handling X-Forward-For and X-Forward-Proto headers ( like the revproxy module ), you should allow ocsigen to use those informations, using accesscontrol extension

<if>
	<ip value="ip of the proxy"/>
	<then>
	 	<allow-forward-for/>
    		<allow-forward-proto/>
	</then>
</if>

Technical details

  • The reverse proxy does no caching for now.
  • The reverse proxy does pipeline the requests for server it trusts for pipelining. But current trusting criteria are probably too strong. They will probably evolve soon.

The old syntax was (before 1.2):

<revproxy regexp="(.*)" server="my.newaddress.org" port="8080" uri="$1"/>
<revproxy regexp="dir/(.*)\.html" protocol="https" server="my.newaddress.org" uri="$1.php"/>