the hidden gem
play

The Hidden Gem Jim Jagielski @jimjag About Me Apache Software - PowerPoint PPT Presentation

Jul 19, 2023 •397 likes •863 views

Apache httpd v2.4 Reverse Proxy The Hidden Gem Jim Jagielski @jimjag About Me Apache Software Foundation Co-founder, Director, Member and Developer Director Outercurve, MARSEC-XL, OSSI, OSI (ex) Developer Mega

  1. Apache httpd v2.4 Reverse Proxy The “Hidden” Gem Jim Jagielski @jimjag

  2. About Me ➡ Apache Software Foundation ➡ Co-founder, Director, Member and Developer ➡ Director ➡ Outercurve, MARSEC-XL, OSSI, OSI (ex)… ➡ Developer ➡ Mega FOSS projects ➡ O’Reilly Open Source Award: 2013 ➡ European Commission: Luminary Award ➡ Sr. Director: Tech Fellows: Capital One @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  3. Apache httpd 2.4 ➡ Currently at version 2.4.23 (2.4.1 went GA Feb 21, 2012) ➡ Significant Improvements ➡ high-performance ➡ cloud suitability @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  4. Apache httpd 2.4 - design drivers ➡ Support for async I/O w/o dropping support for older systems ➡ Larger selection of usable MPMs: added event , motorz , etc... ➡ Leverage higher-performant versions of APR ➡ Increase performance ➡ Reduce memory utilization ➡ The Cloud and Reverse Proxy @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  5. 
 
 
 httpd is sooo old school (aka fud) ➡ Apache doesn’t scale (its SLOW) ➡ http://www.youtube.com/watch?v=bzkRVzciAZg 
 ➡ Apache is too generalized 
 vs ➡ Apache is too complex (config file) ➡ really? s Squagels ! It’ ➡ Apache is too old 
 (yeah, just like Linux) @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  6. Cloud and Dynamics ➡ The Cloud is a game changer for web servers ➡ The cloud is a dynamic place ➡ automated reconfiguration ➡ horizontal, not vertical scaling ➡ self-aware environments OK, maybe not THAT self-aware @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  7. Why Dynamic Proxy Matters ➡ Apache httpd still the most frequently used front-end ➡ Proxy capabilities must be cloud friendly ➡ Front-end must be dynamic friendly @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  8. Reverse Proxy ➡ Operates at the server end of the transaction ➡ Completely transparent to the Web Browser – thinks the Reverse Proxy Server is the real server Reverse Proxy Server Cloud Internet Browser Firewall Firewall Transactional Servers @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  9. Features of Reverse Proxy Server ➡ Security Uniform security policy can be administered The real transactional servers are behind the firewall ➡ Delegation, Specialization, Load Balancing ➡ Caching ➡ Performance, HA @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  10. Proxy Design Drivers ➡ Becoming a robust but generic proxy implementation ➡ Support various protocols ➡ HTTP, HTTPS, HTTP/2, CONNECT, FTP ➡ AJP, FastCGI, SCGI, WSGI ➡ Load balancing ➡ Clustering, failover ➡ Performance @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  11. Apache httpd 2.4 proxy ➡ Reverse Proxy Improvements ➡ Supports FastCGI, SCGI, Websockets in balancer ➡ Additional load balancing mechanisms ➡ Runtime changing of clusters w/o restarts ➡ Support for dynamic configuration ➡ mod_proxy_express ➡ mod_fcgid and fcgistarter ➡ Brand New: Support for Unix Domain Sockets ➡ Brand New: HTTP/2 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  12. Configuring Reverse Proxy ➡ Set ProxyRequests Off ➡ Apply ProxyPass, ProxyPassReverse and possibly RewriteRule directives @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  13. Reverse Proxy Directives: 
 ProxyPass ➡ Allows remote server to be mapped into the space of the local (Reverse Proxy) server ➡ There is also ProxyPassMatch which takes a regex ➡ Example: ➡ ProxyPass /secure/ http://secureserver/ 
 ➡ Presumably “secureserver” is inaccessible directly from the internet 
 ➡ ProxyPassMatch ^/(.*\.js)$ http://js - storage.example.com/bar/$1 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  14. Reverse Proxy Directives: 
 ProxyPassReverse ➡ Used to specify that redirects issued by the remote server are to be translated to use the proxy before being returned to the client. ➡ Syntax is identical to ProxyPass; used in conjunction with it ➡ Example: ➡ ProxyPass /secure/ http://secureserver/ ➡ ProxyPassReverse /secure/ http://secureserver/ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  15. Simple Rev Proxy ➡ All requests for /images to a backend server ProxyPass /images http://images.example.com/ ProxyPass < path > < scheme >://< full url > ➡ Useful, but limited ➡ What if: images.example.com dies? traffic for /images increases @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  16. Load Balancing ➡ mod_proxy_balancer.so ➡ mod_proxy can do native load balancing ➡ weight by actual requests ➡ weight by traffic ➡ weight by busyness ➡ lbfactors @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  17. Create a balancer “cluster” ➡ Create a balancer which contains several host nodes ➡ Apache httpd will then direct to each node as specified < Proxy balancer://foo> BalancerMember http://www1.example.com:80/ loadfactor=1 BalancerMember http://www2.example.com:80/ loadfactor=1 BalancerMember http://www3.example.com:80/ loadfactor=4 status=+h ProxySet lbmethod=bytraffic </ Proxy > @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  18. Some config params ➡ For BalancerMembers: ➡ loadfactor normalized load for worker [1] ➡ ➡ lbset worker cluster number [0] ➡ ➡ retry retry timeout, in seconds, for non-ready workers [60] ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  19. Some config params ➡ For BalancerMembers (cont): ➡ connectiontimeout/timout Connection timeouts on backend [ProxyTimeout] ➡ flushpackets * ➡ Does proxy need to flush data with each chunk of data? ➡ on : Yes | off : No | auto : wait and see ➡ flushwait * ➡ ms to wait for data before flushing ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  20. Some config params ➡ For BalancerMembers (cont): ping ➡ Ping backend to check for availability; value is time to wait for ➡ response status (+/-) ➡ D : Disabled ➡ S : Stopped ➡ I : Ignore errors ➡ H : Hot standby ➡ E : Error ➡ N: Drain ➡ C: Dynamic Health Check ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  21. Some config params ➡ For Balancers: ➡ lbmethod load balancing algo to use [byrequests] ➡ ➡ stickysession sticky session name (eg: PHPSESSIONID) ➡ ➡ maxattempts # failover tries before we bail ➡ ➡ growth Extra BalancerMember slots to allow for ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  22. Some config params ➡ For Balancers: ➡ nofailover pretty freakin obvious ➡ ➡ For both: ➡ ProxySet Alternate method to set various params ➡ ProxySet balancer://foo timeout=10 ... ProxyPass / balancer://foo timeout=10 @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  23. Connection Pooling ➡ Backend connection pooling ➡ Available for named workers: ➡ eg: ProxyPass /foo http://bar.example.com ➡ Reusable connection to origin ➡ For threaded MPMs, can adjust size of pool (min, max, smax) ➡ For prefork: singleton ➡ Shared data held in shared memory @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  24. Some config params ➡ For BalancerMembers - connection pool: ➡ min Initial number of connections [0] ➡ ➡ max Hard maximum number of connections [1|TPC] ➡ smax : ➡ soft max - keep this number available [max] ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  25. Some config params ➡ For BalancerMembers - connection pool: disablereuser/enablereuse : ➡ bypass/enable the connection pool (firewalls) ➡ ➡ ttl time to live for connections above smax ➡ @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  26. Sessions ➡ Sticky session support ➡ aka “session affinity” ➡ Cookie based ➡ stickysession=PHPSESSID ➡ stickysession=JSESSIONID ➡ Natively easy with Tomcat ➡ May require more setup for “simple” HTTP proxying ➡ Use of mod_session helps @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

  27. Failover control ➡ Cluster set with failover ➡ Group backend servers as numbered sets ➡ balancer will try lower-valued sets first ➡ If no workers are available, will try next set ➡ Hot standby @jimjag This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Recommend

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients Input f But, it is not always on Hidden s f Introducing gates: Input f Allow or disallow input Hidden Allow or

641 views • 28 slides
LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY RNNs/LSTMs? Can we operate over sequences of inputs? Limitations of vanilla Neural Networks z t Output Outputs a fixed size vector. B Hidden

737 views • 32 slides
The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a state of ruin. Starting off.. St Fagans Llandaff Cathedral Laura Edgar www.lauraedgar.co.uk A little bit of history.. First ever Bute Docks,

661 views • 20 slides
Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in two ways binary space partitioning (BSP) tree algorithm SIGGRAPH 1980 paper by Henry Fuchs (now at UNC) zbuffering Ed Catmull SIGGRAPh 1978 (now at

597 views • 15 slides
Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays Bank Plc. ASA-4 Edinburgh 2010 Crypomathic Logo Here Hidden Semantics: Why Why worry about it: Hidden semantics is important to the API analysis

647 views • 33 slides
Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Introduction Nondeterministic Hidden Logic Nondeterministic Hidden Logic with Sharing Conclusion Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU University Amsterdam CMCS 2012, Tallinn 1 / 14

548 views • 30 slides
LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

Introduction To and From the Hidden Valley Hidden Sector Parameter Scan Five Sample Points Conclusions LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low 2 David Morrissey 3 Andrew Spray 3 1

757 views • 50 slides
MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden Treasure [12:37] Introduction: For the next six weeks we re going to examine six different parables of Jesus. I hope this will be an exciting time of

247 views • 3 slides
1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

Hidden Markov Models 1 Hidden Markov Models Markov chains not so useful for most agents Need observations to update your beliefs Hidden Markov models (HMMs) Underlying Markov chain over states X You observe outputs (effects) at

617 views • 7 slides
ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka Poster #28 In the 90s: Universal approximation theorem Output Hidden Layer Input . . . 1 hidden layer, width go to infinity universal

472 views • 9 slides
Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis

Visibility Determination AKA, hidden surface elimination Visibility Algorithms Roger Crawfis CIS 781 This set of slides reference slides used at Ohio State for instruction by Prof. Machiraju and Prof. Han-Wei Shen. Hidden Lines Hidden

384 views • 22 slides
The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise

The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise

New Caledonia: The South Pacifics New Caledonia: Hidden Paradise The South Pacifics Hidden Paradise Sascha Bullen DATE 2016 Your local support team Lorraine Rozario Sascha Bullen Aircalin USA Aircalin USA Customer Service Manager

524 views • 35 slides
1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

Hidden Markov Models CSE 473: Artificial Intelligence Markov chains not so useful for most agents Hidden Markov Models Eventually you dont know anything anymore Need observations to update your beliefs Hidden Markov models

567 views • 9 slides
Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O

Abelian Hidden Subgroup Problem Laura Mancinska University of Waterloo, Department of C&amp;O December 12, 2007 Abelian hidden subgroup problem Outline Basic concepts in quantum computing Statement of the hidden subgroup problem (HSP)

439 views • 22 slides
1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

1 Real HMM Examples Real HMM Examples Speech recognition HMMs: Machine translation HMMs:

Hidden Markov Models CSE 473: Artificial Intelligence Hidden Markov Models Markov chains not so useful for most agents Eventually you dont know anything anymore Need observations to update your beliefs Hidden Markov models (HMMs)

253 views • 7 slides
Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Continuous Quantum Continuous Quantum Hidden Subgroup Hidden Subgroup Algorithms Algorithms This work is in collaboration with This work is in collaboration with Samuel J. Lomonaco, Jr. Louis H. Kauffman Louis H. Kauffman Dept. of Comp.

317 views • 12 slides
The Positive Hidden Curriculum within the Curriculum DR FAY TURETSKY DR DALIT BLUM PROF

The Positive Hidden Curriculum within the Curriculum DR FAY TURETSKY DR DALIT BLUM PROF

The Positive Hidden Curriculum within the Curriculum DR FAY TURETSKY DR DALIT BLUM PROF ELIEZER KITAI ACADEMIC CENTER FOR CME SACKLER FACULTY OF MEDICINE TEL AVIV UNIVERSITY Hidden Curriculum in Medical Literature Undercurrent

603 views • 15 slides
A spectral algorithm for learning hidden Markov models . . . h 3 h 2 h 1 x 3 x 2 x 1 Daniel Hsu

A spectral algorithm for learning hidden Markov models . . . h 3 h 2 h 1 x 3 x 2 x 1 Daniel Hsu

A spectral algorithm for learning hidden Markov models . . . h 3 h 2 h 1 x 3 x 2 x 1 Daniel Hsu Sham M. Kakade Tong Zhang UCSD TTI-C Rutgers A spectral algorithm for learning hidden Markov models Nr. 1 Motivation Hidden Markov Models

715 views • 25 slides
Hidden en s secto ctor search ches at NA t NA62 and S SHiP HiP Hidden sector searches at

Hidden en s secto ctor search ches at NA t NA62 and S SHiP HiP Hidden sector searches at

Hidden en s secto ctor search ches at NA t NA62 and S SHiP HiP Hidden sector searches at NA62 and SHiP Philippe Merm Ph rmod, on behalf of the SHiP Collabora ration Philippe Mermod, on behalf of the SHiP Collaboration NUFACT, Uppsa

320 views • 30 slides
The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan

The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan

The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan Boneh, S tanford Philippe Golle, PARC Benny Pinkas, HP Labs Our contribution A key recovery syst em which is Hidden Unfilterable

594 views • 22 slides
Searching for Hidden Particles &amp; getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch

Searching for Hidden Particles &amp; getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch

Searching for Hidden Particles &amp; getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch ] ic student seminar 3rd November 2016 Hidden Particles Searching for Hidden Particles The catch: s Conclusion Oliver Lantwin (Imperial

968 views • 28 slides
Outline depmixS4: an R-package for hidden Markov models Hidden Markov Models Ingmar Visser 1

Outline depmixS4: an R-package for hidden Markov models Hidden Markov Models Ingmar Visser 1

Hidden Markov Models Hidden Markov Models DepmixS4 DepmixS4 Examples Examples Conclusions Conclusions Outline depmixS4: an R-package for hidden Markov models Hidden Markov Models Ingmar Visser 1 &amp; Maarten Speekenbrink 2 DepmixS4 1

121 views • 10 slides

More recommend