Dynamic Reverse Proxy

Objective

This guide provides instructions on how to create a Dynamic Reverse Proxy (DRP) using the guided wizards in VoltConsole.

A Dynamic Reverse Proxy operates between the sending Web server and your receiving Web client. It starts by attracting the requests to itself, instead of the final destination (meaning that traffic from a client will hit the Proxy itself) and then triggers a dynamic discovery of the requested endpoint by doing SNI routing or by using host headers.

Dynamic Reverse Proxy solves the problem of connecting to SaaS providers privately without the need of creating complex routing relationships and especially without the need to advertise Public IP Space inside Organizations' Corporate Networks.

On the reverse direction, Dynamic Reverse Proxy also solves the problem related to the need of advertising Organizations' Private IP Space into the SaaS Provider's Network by implementing Forward Proxy and NAT Capabilities

image1
Figure: DRP Overview

Using the instructions provided in this guide, you will be able to create a Dynamic Reverse Proxy.


Prerequisites

The following prerequisites apply:

Note: If you do not have an account, see Create a VES Account.


Configuration

The following video shows a Dynamic Reverse Proxy configuration workflow:

Create a Dynamic Reverse Proxy (DRP)

Perform the following steps:

Step 1: Log into the VoltConsole and start start DRP object creation.

Change to your application namespace in the namespace selector in the primary navigation bar. Select Manage -> Load Balancer from the configuration section tabs. Select HTTP Connect & DRP from the pages. Click Add HTTP Connect & DRP.

image6
Figure: Add HTTP Connect & DRP

Step 2: Configure meta data and proxy type.

Enter the configuration parameters as per the following guidelines:

  • Set a name for your DRP object in the Name field.
  • Optionally, set label key-value pairs in the Labels field.
  • Go to Proxy type section. The field HTTP Connect Proxy or Dynamic Proxy has HTTP Connect Proxy and Dynamic Proxy as the options. In this case, select Dynamic Proxy. Configure the rest of the fields as per the following guidelines:
  • Enter list of domains to be proxies in the Domains field. Wildcards are supported. Click Add Item to add more domains to your list.
  • Select one of the following for the Select Method to determine Destination field:

    • SNI Proxy - Destination discovered based on SNI in TLS Connections
    • HTTP Proxy - Destination discovered based on Host Header in HTTP Connections
    • HTTPS Proxy - Destination discovered based on SNI in TLS Connections and Host Headers in HTTP Connections
  • Select one of the following for the Select DNS Masquerade for Domains field:

    • Enable DNS Masquerade - DNS requests towards domains configured will resolve in the Proxy interface IP or VIP.
    • Disable DNS Masquerade - DNS requests towards domains configured will resolve to the real destination endpoint.

image2
Figure: Proxy Type

Step 3:Set sites or virtual sites for proxy.

Select sites or virtual sites where you want to install this proxy. Go to Sites or Virtual Sites section and do the following:

  • The Select Sites for Proxy field has Sites or Virtual Sites populated by default. Click Configure to open the Custom Advertise VIP Configuration page and do the following:
  • Select an option for the Select Where to Advertise and configure as per the following guidelines:

    • Select Site to install the proxy on a site.
    • Select Virtual Site to install the proxy on a virtual site.
    • Select one of the following options for the Site Network field:

      • Inside Network
      • Outside Network
      • Inside and Outside Network
    • Select a site or virtual site for the Site Reference or Virtual Site Reference field.
  • Enable the Show Advanced Fields toggle option. The TCP Listen Port Choice is populated with TCP Listen Port option by default. Select the port for your DRP in the TCP Listen Port field. Default is port 80 for HTTP requests or port 443 for HTTPS requests.

image4
Figure: Advertise policy configuration

  • Click Apply.

Note: You can add more sites or virtual sites to advertise using the Add item option.

Step 4:Set network for upstream connections.

Go to Upstream Network section and do the following:

  • Select which network is going to be used to discover and send the request to your final endpoint. Select the option for the Select Upstream Network field as per the following guidelines:

    • Site Local Network (Outside) - Real endpoint is reachable via outside interface.
    • Site Local Inside Network - Real endpoint is reachable via inside interface.

image5
Figure: Upstream Network

Step 5:Configure proxy policy.

Configure policies for this proxy. Go to Proxy Policy section and select an option for the Manage Proxy Policy field as per the following guidelines:

  • Select Disable proxy policy. With this option, no policies are installed on this proxy.
  • Select Active proxy policies to set a policy. From the options for the Forward Proxy Policies field, select an existing forward proxy policy or click Create new forward proxy policy to create and apply a new policy.

image3
Figure: Proxy Policy

Step 6:Complete creating the DRP object.

Click Save and Exit to complete creating the DRP object.

Note: You can monitor the DRP in VoltConsole. Navigate to the Virtual Hosts -> HTTP Connect & DRP page in your application namespace and click on your DRP object in the displayed list of objects.


Concepts


API References