In previous topics, I shown how to deploy a standalone or a cluster of Kemp Load Master. Now your load balancer is ready, we can configure some virtual services (VS) to provide access to your web applications through Kemp.

A lot of templates are available to configure nearly automatically services such as Exchange, Sharepoint or Remote Desktop Service. In this topic, I’ll show how to configure a reverse proxy manually to provide access to several web applications through a single IP address / port.

How it works?

Most of the time, web applications are accessible through port 80 (HTTP) or 443 (HTTPS). If these applications must be accessible from the Internet, you have to consume one public IP address per web applications or change the default HTTP(S) port and play with NAT.

The other way is to use a reverse proxy. Through a single IP address / Port we are able to provide access to dozens of web applications. To redirect the user to the right application behind a single IP address/port, we use a content switching based on the HTTP name of the application. The following schema describes this behaviour:

The above schema describes a user who is trying to reach myapp.starwindblog.com (HTTPS). This DNS entry is bound to the IP address 90.91.92.93 which is the IP of the virtual service (VS) configured in Kemp. Content switching is configured in this VS. Some content rules are configured to redirect user to the right applications. These content rules look into the field host of the HTTP header and redirect to the web application (Sub VS) where this content rule is bound. Let’s see how it works in Kemp.

Content rules

Connect to the Kemp Load Master and navigate to Content rules.

Kemp LoadMaster - Content Rules

Then create a rule as the following screenshot. This rule tries to match the string in the header field (myservice1.starwinddemo.com). I specified a string but you can use RegEx as well.

Kemp LoadMaster - Create Rule

Create one rule for each web applications accessible through the Kemp LoadMaster.

Virtual services

Navigate to Virtual Services | View / Modify Services. Then click on Add New.

Kemp LoadMaster - View/Modify Services

Provide an IP address, a port and a service name.

Kemp LoadMaster - Provide an IP address

Because my services behind this VS are HTTPS, I assign a certificate and I enable the option Reencrypt to present this certificate to clients instead of the web app certificate.

Kemp LoadMaster - SSL Properties

In Real Servers, I click on Add SubVS to be able to manage several web apps. Create one subVS for each web apps.

Kemp LoadMaster - Add Sub VS

Then in advanced properties, click on enable content switching.

Kemp LoadMaster - Enable Content Switching

Now if you go back to SubVS, you’ll see a column rules. Click on None to bind a content rule.

Kemp LoadMaster - Sub VS - Column Rules

Select the content rule you want and click on back.

Kemp LoadMaster - SubVS - Content Rule - Back

Once you have bound a content rule to each SubVS, click on Modify on a SubVS.

Kemp LoadMaster - SubVS - Modify

Provide a SUbVS Name and click on Set Nickname.

Kemp LoadMaster - SubVS - Name

Then in Real Servers, click on Add New.

Kemp LoadMaster - Real Servers

Provide the name or the IP address of the server that host the web application. If the web application is HA and hosted by several web servers, you can add a real server for each of them.

Kemp LoadMaster - Real Servers - Parameters

Once you have finished to configure SubVS and real server, the Virtual Service should be up:

Kemp LoadMaster - Virtual Service

StarWind Virtual SAN eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows StarWind Virtual SAN to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.

Learn more about ➡ StarWind Virtual SAN

DNS configuration

Now that SubVS is set, you have to configure your DNS. In the zone Starwinddemo.com I created the following entries:

Reverseproxy: Type A bound to the virtual service IP address

Myservice1: Type CNAME bound to ReverseProxy

Myservice2: Type CNAME bound to Reverse Proxy

Kemp LoadMaster - DNS Configuration

Now I try in a web browser to reach my service (the certificate error is due to the domain name. The CN of my wildcard is SeromIT.com while the domain specify below is starwinddemo.com).

Kemp LoadMaster - MyService - Browser

Related materials:

Views All Time
7
Views Today
19
Appreciate how useful this article was to you?
No Ratings Yet
Loading...
Back to blog
The following two tabs change content below.
Romain Serre
Romain Serre
Senior consultant at Exakis
Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).