about summary refs log tree commit homepage
path: root/site/src/docs/pound.page
diff options
context:
space:
mode:
Diffstat (limited to 'site/src/docs/pound.page')
-rw-r--r--site/src/docs/pound.page148
1 files changed, 148 insertions, 0 deletions
diff --git a/site/src/docs/pound.page b/site/src/docs/pound.page
new file mode 100644
index 0000000..a4e166b
--- /dev/null
+++ b/site/src/docs/pound.page
@@ -0,0 +1,148 @@
+---
+title: Pound
+inMenu: true
+directoryName: Pound
+---
+
+h1. Pound Best Practice Deployment<br>
+<small><small>By Austin Godber</small></small>
+
+"Pound":http://www.apsis.ch/pound/ is a load-balancing reverse HTTP proxy.  It
+can also handle SSL connections.  Pound, itself, does not serve content but
+just acts as a front end to servers that do.  In this case pound will sit in
+front of a cluster of mongrel servers.  This arrangement is similar to that
+illustrated on the "Using Lighttpd with Mongrel":lighttpd.html page, except
+pound replaces lighttpd.
+
+h2. Requirements
+
+We assume that the following:
+
+* Pound and the mongrel cluster are running on the same machine[1].
+* *Pound 2.0.4* is built and installed, including SSL support if desired.
+* The *mongrel* gem is installed.
+* The *mongrel_cluster* gem is installed.
+
+These instructions were performed on CentOS 4.3 using Ruby 1.8.4 from the
+CentOS 4 test repository.  They should apply on other Linux distributions.
+They may work for other OSes, but please see the "pound
+website":http://www.apsis.ch/pound/ for additional information.
+
+h2. Mongrel Cluster Setup
+
+First we need to prepare our rails application to run in a mongrel cluster.  In
+this example we will use mongrel_cluster to run three mongrel instances on
+ports 8000, 8001, and 8002.  We then launch the mongrel cluster:
+
+ $ cd railsapp/
+ $ mongrel_rails cluster::configure -p 8000 -N 3
+ $ mongrel_rails cluster::start
+
+We should now have three instances of our rails app running on ports 8000,
+8001, and 8002.
+
+h2. Configuring Pound
+
+Now we configure pound to proxy requests to the rails cluster we just created.
+We will configure pound to accept both HTTP and HTTPS traffic on ports 80 and
+443 respectively.  Pound will then proxy requests to the *Service*s listed in
+the configuration file.  Our configuration file (/usr/local/etc/pound.cfg)
+looks like this:
+
+<pre>
+<code>
+ListenHTTP
+  Address 0.0.0.0
+  Port    80
+  Service
+    BackEnd
+      Address 127.0.0.1
+      Port    8000
+    End
+    BackEnd
+      Address 127.0.0.1
+      Port    8001
+    End
+    BackEnd
+      Address 127.0.0.1
+      Port    8002
+    End
+  End
+End
+
+ListenHTTPS
+  Address 0.0.0.0
+  Port    443
+  Cert    "/usr/local/etc/test.pem"
+  # pass along https hint
+  AddHeader "X-Forwarded-Proto: https"
+  HeadRemove "X-Forwarded-Proto"
+  Service
+    BackEnd
+      Address 127.0.0.1
+      Port    8000
+    End
+    BackEnd
+      Address 127.0.0.1
+      Port    8001
+    End
+    BackEnd
+      Address 127.0.0.1
+      Port    8002
+    End
+  End
+End
+</code>
+</pre>
+
+Before starting pound, we need to make sure our SSL certificate is present.  If
+not we can quickly generate a test certificate:
+
+ $ openssl req -x509 -newkey rsa:1024 -keyout test.pem \
+   -out test.pem -days -nodes
+
+It should now be safe to start pound:
+
+ $ sudo pound -f /usr/local/etc/pound.cfg
+
+Our Rails application should now be available at http://127.0.0.1/ and https://127.0.0.1/ .
+
+h2. Testing SSL in Rails
+
+The line @AddHeader "X-Forwarded-Proto: https"@ in the ListenHTTPS section
+tells pound to add a header to the request as it is passed back to the mongrel
+servers[2].  This will tell the rails application that the request was
+originally an SSL request.  We can test this with the following simple Rails
+controller, app/controller/test_controller.rb:
+
+<pre>
+<code>
+class TestController < ApplicationController
+  def index
+    @sslyn = request.ssl?
+  end
+end
+</code>
+</pre>
+
+And the accompanying view, app/views/test/index.rhtml:
+
+<pre>
+<h1>test</h1>
+SSL: < %= @sslyn %>
+</pre>
+
+Visiting @http://127.0.0.1/Test/@ should show @SSL: false@ while visiting
+@https://127.0.0.1/Test/@ should return @SSL: true@.
+
+h2. Building Pound on OSX
+
+OSX has specific problems when building pound, but you can follow "Trotter Cashion's":http://lifecoding.com/blog/?p=29
+to get everything working.
+
+<hr>
+
+fn1. It is not required that pound run on the same machine as the mongrel
+servers.  It was just chosen for this example.
+
+fn2. Thanks to Joshua Harvey's post on the Mongrel mailing list for this fix.