OpenLiteSpeed dapat dikonfigurasi sebagai reverse proxy untuk meneruskan trafik ke server backend atau aplikasi yang berjalan pada layanan HTTP.
Contoh arsitektur reverse proxy.
flowchart LR
subgraph "Reverse Proxy Flow"
direction LR
%% Nodes definition
D1["user's device (D)
example.com"]
D2["user's device (D)
example.com"]
D3["user's device (D)
example.com"]
Internet(("Internet"))
E["reverse proxy (E)"]
F1["origin server (F)"]
F2["origin server (F)"]
%% Connections
D1 --> Internet
D2 --> Internet
D3 --> Internet
Internet --> E
E --> F1
E --> F2
%% Styling (Optional, to match the visual hierarchy)
style Internet fill:#ffffff,stroke:#0000ff,stroke-width:2px
style E fill:#ffffff,stroke:#0000ff,stroke-width:2px
style F1 fill:#ffffff,stroke:#0000ff,stroke-width:2px
style F2 fill:#ffffff,stroke:#0000ff,stroke-width:2px
end
Install OpenLiteSpeed #
Tambahkan repository resmi LiteSpeed:
curl -s https://repo.litespeed.sh | bashKemudian install OpenLiteSpeed:
yum -y install openlitespeedKonfigurasi Reverse Proxy #
Edit atau buat file virtual host, misalnya:
/usr/local/lsws/conf/vhosts/app3.example.com-443/vhost.confKemudian tambahkan konfigurasi berikut.
docRoot /home/web1/public_html
vhAliases *
listeners app3.example.com-443
adminEmails [email protected]
enableGzip 1
enableIpGeo 1
index {
useServer 0
indexFiles index.php index.php8 index.php7 index.php5 index.perl index.pl index.plx index.ppl index.cgi index.jsp index.jp index.phtml index.shtml index.xhtml index.html index.htm index.js
autoIndex 0
}
vhssl {
keyFile /etc/letsencrypt/live/app3.example.com/privkey.pem
certFile /etc/letsencrypt/live/app3.example.com/fullchain.pem
certChain 1
sslProtocol 30
enableSpdy 15
sslSessionCache 1
sslSessionTickets 1
sslSessionTimeout 86400
ocspEnable 1
ocspRespMaxAge 86400
ocspOverlapPeriod 3600
quicEnable 1
quicShmDir /dev/shm
sslCipherSuite EECDH+AESGCM:EECDH+CHACHA20:!aNULL:!MD5:!DSS:!RSA
sslCipherSuiteTLS13 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
}
errorlog /usr/local/lsws/logs/app3.example.com.err {
useServer 0
logLevel ERROR
rollingSize 10M
}
accesslog /usr/local/lsws/logs/app3.example.com.log {
useServer 0
logFormat %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}
rewrite {
enable 1
autoLoadHtaccess 1
RewriteRule ^/(.*) HTTP://30002//$1 [P,L,E=PROXY-HOST:app3.example.com]
}
websocket / {
address 127.0.0.1:30002
}
scripthandler {
add lsapi:php82 php
}
extprocessor php82 {
type lsapi
address UDS://tmp/lshttpd/php82.sock
maxConns 10
env PHP_INI_SCAN_DIR=:/home/web1/public_html:/home/web1/php82
env LSPHP_ENABLE_USER_INI=on
env LSAPI_CHILDREN=10
initTimeout 600
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 1
respBuffer 0
autoStart 2
path /usr/local/apps/php82/bin/lsphp
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}
extprocessor 30002 {
type proxy
address 127.0.0.1:30002
maxConns 50
initTimeout 30
retryTimeout 0
keepAlive 1
keepAliveTimeout 30
respBuffer 0
}
header {
set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
set X-Frame-Options "SAMEORIGIN"
set X-Content-Type-Options "nosniff"
set Referrer-Policy "strict-origin-when-cross-origin"
set Content-Security-Policy "upgrade-insecure-requests"
}
module cache {
storagePath /usr/local/lsws/cachedata/$VH_NAME
}
module mod_security {
ls_enabled 0
}
module modpagespeed {
ls_enabled 0
}Menggunakan .htaccess untuk Reverse Proxy (Alternatif) #
Anda dapat menggunakan aturan .htaccess seperti berikut:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) HTTP://127.0.0.1:30002/$1 [P,QSA,L,E=PROXY-HOST:app3.example.com]Hubungkan ke Listener (Port 80/443) #
Edit file /usr/local/lsws/conf/httpd_config.conf lalu tambahkan virtual host
virtualhost web1.example.com-80 {
vhRoot /home/web1/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
user web1
group web1
}
virtualhost web1.example.com-443 {
vhRoot /home/web1/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
user web1
group web1
}
listener default-192.168.244.5 {
address [ANY]:80
secure 0
map example.com, www.example.com, mail.example.com
map web1.example.com-80
}
listener SSL-192.168.244.5 {
address [ANY]:443
secure 1
keyFile /path/to/certs/private.key
certFile /path/to/certs/bundle.crt
certChain 1
sslProtocol 30
map example.com, www.example.com, mail.example.com
map web1.example.com-443
}Restart Gracefully #
Restart OpenLiteSpeed
/usr/local/lsws/bin/lswsctrl restartLoad Balancing #
OpenLiteSpeed juga dapat dikonfigurasi sebagai load balancing ke beberapa backend memakai extprocessor + loadBalancer.
Tambahkan extprocessor untuk masing-masing backend.
extprocessor backend1 {
type proxy
address 127.0.0.1:30001
maxConns 20
}
extprocessor backend2 {
type proxy
address 127.0.0.1:30002
maxConns 20
}Lalu buat load balancer group.
extprocessor app_lb {
type loadbalancer
workers backend1, backend2
# Algoritma load balancing:
# 0 = Round Robin (default)
# 1 = Least Connections
# 2 = Locality
lbAlgo 1
sessionSticky 1
retryTimeout 1
initTimeout 1
}Rewrite ke load balancer.
rewrite {
enable 1
autoLoadHtaccess 1
RewriteEngine On
RewriteRule (.*) app_lb:$1 [P,QSA,L]
}Backend akan dibagi otomatis (balanced) antara:
- 127.0.0.1:30001
- 127.0.0.1:30002
