# enable reverse proxy proxy_redirect off proxy_set_header Host $http_host proxy_set_header X-Real-IP $remote_addr proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for client_max_body_size 10 m client_body_buffer_size 128 k client_header_buffer_size 64 k proxy_connect_timeout 90 proxy_send_timeout 90 proxy_read_timeout 90 proxy_buffer_size 16 k proxy_buffers 32 16 k proxy_busy_buffers_size 64 k upstream hrz-view-cluster I assume you have your linux VM installed (say Ubuntu), static IP assigned and DNS setup point to this address. So to get down to it, here’s a rough topology of what your config would look like: Why is this important? It means you can use one address e.g: to act as a proxy for all the backend security and/or connection servers for your users, one address is simpler to use and remember, for you, it streamlines configuration. For our case, using NginX is more than adequate - please note some people use HAProxy, I don’t recommend this as it does not have native SSL (so HTTPS) support until v1.5 which is yet to be released. You could buy a hardware or VM load balancer from F5, Citrix, Barracuda but that will run into the £1,000’s if not £10,000’s. ![]() ![]() The best way I have found to load-balance incoming connections (both internally and externally) is to set up a linux VM and run NginX ↗, which is a reverse caching proxy - it allows us to terminate the SSL connections and load-balance across our backend View Security Servers in a DMZ. I have been deploying a VDI solution recently based on the fantastic VMWare Horizon Suite ↗, one of the important points of deploying the Horizon View ↗ component of this is making it highly available and accessible from the outside for on-the-road users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |