In previous topics, I shown how to deploy a standalone or a cluster of Kemp Load Master. Now your load balancer is ready, we can configure some virtual services (VS) to provide access to your web applications through Kemp.
A lot of templates are available to configure nearly automatically services such as Exchange, Sharepoint or Remote Desktop Service. In this topic, I’ll show how to configure a reverse proxy manually to provide access to several web applications through a single IP address / port.
How it works?
Most of the time, web applications are accessible through port 80 (HTTP) or 443 (HTTPS). If these applications must be accessible from the Internet, you have to consume one public IP address per web applications or change the default HTTP(S) port and play with NAT.
The other way is to use a reverse proxy. Through a single IP address / Port we are able to provide access to dozens of web applications. To redirect the user to the right application behind a single IP address/port, we use a content switching based on the HTTP name of the application. The following schema describes this behaviour:
The above schema describes a user who is trying to reach myapp.starwindblog.com (HTTPS). This DNS entry is bound to the IP address 90.91.92.93 which is the IP of the virtual service (VS) configured in Kemp. Content switching is configured in this VS. Some content rules are configured to redirect user to the right applications. These content rules look into the field host of the HTTP header and redirect to the web application (Sub VS) where this content rule is bound. Let’s see how it works in Kemp.
Content rules
Connect to the Kemp Load Master and navigate to Content rules.
Then create a rule as the following screenshot. This rule tries to match the string in the header field (myservice1.starwinddemo.com). I specified a string but you can use RegEx as well.
Create one rule for each web applications accessible through the Kemp LoadMaster.
Virtual services
Navigate to Virtual Services | View / Modify Services. Then click on Add New.
Provide an IP address, a port and a service name.
Because my services behind this VS are HTTPS, I assign a certificate and I enable the option Reencrypt to present this certificate to clients instead of the web app certificate.
In Real Servers, I click on Add SubVS to be able to manage several web apps. Create one subVS for each web apps.
Then in advanced properties, click on enable content switching.
Now if you go back to SubVS, you’ll see a column rules. Click on None to bind a content rule.
Select the content rule you want and click on back.
Once you have bound a content rule to each SubVS, click on Modify on a SubVS.
Provide a SUbVS Name and click on Set Nickname.
Then in Real Servers, click on Add New.
Provide the name or the IP address of the server that host the web application. If the web application is HA and hosted by several web servers, you can add a real server for each of them.
Once you have finished to configure SubVS and real server, the Virtual Service should be up:
DNS configuration
Now that SubVS is set, you have to configure your DNS. In the zone Starwinddemo.com I created the following entries:
Reverseproxy: Type A bound to the virtual service IP address
Myservice1: Type CNAME bound to ReverseProxy
Myservice2: Type CNAME bound to Reverse Proxy
Now I try in a web browser to reach my service (the certificate error is due to the domain name. The CN of my wildcard is SeromIT.com while the domain specify below is starwinddemo.com).
Related materials:
