How to Configure Reverse Proxy?

Q: How to Configure Reverse Proxy?

SSLcat domain-based intelligent reverse forwarding configuration methods, supporting HTTP/HTTPS/WebSocket full protocols, providing connection pool management and load balancing.

SSLcat's reverse forwarding functionality performs intelligent forwarding based on domain names, supporting multiple protocols and load balancing strategies. Below are the detailed configuration methods.

Basic Configuration Structure

SSLcat configuration files use YAML format. The basic structure is as follows:

# sslcat.conf
server:
  port: 443
  http_port: 80

# Reverse forwarding configuration
proxies:
  - domain: "example.com"
    target: "http://localhost:3000"
    protocol: "http"
  
  - domain: "api.example.com"
    target: "https://backend.example.com"
    protocol: "https"
    ssl_verify: false

Domain Configuration

Each proxy rule needs to specify the domain and target server:

domain - The domain name accessed by clients
target - The backend server address
protocol - The protocol for backend communication (http/https)
ssl_verify - Whether to verify backend SSL certificates

Multi-Domain Configuration

You can configure multiple domains to point to different backend services:

proxies:
  # Main site
  - domain: "www.example.com"
    target: "http://localhost:3000"
    protocol: "http"

  # API service
  - domain: "api.example.com"
    target: "http://localhost:8080"
    protocol: "http"

  # Admin panel
  - domain: "admin.example.com"
    target: "http://localhost:9000"
    protocol: "http"

  # Static resources
  - domain: "static.example.com"
    target: "http://localhost:4000"
    protocol: "http"

Load Balancing Configuration

SSLcat supports multiple load balancing strategies:

proxies:
  - domain: "app.example.com"
    targets:
      - "http://backend1.example.com:3000"
      - "http://backend2.example.com:3000"
      - "http://backend3.example.com:3000"
    protocol: "http"
    load_balance: "round_robin"  # Round robin
    # load_balance: "least_conn"  # Least connections
    # load_balance: "ip_hash"     # IP hash

WebSocket Support

SSLcat natively supports WebSocket proxy:

proxies:
  - domain: "ws.example.com"
    target: "ws://localhost:8080"
    protocol: "ws"
    websocket:
      enabled: true
      ping_interval: 30
      pong_timeout: 10

Health Check Configuration

Configure health checks for backend services:

proxies:
  - domain: "app.example.com"
    target: "http://localhost:3000"
    protocol: "http"
    health_check:
      enabled: true
      path: "/health"
      interval: 30
      timeout: 5
      retries: 3

Request Headers Configuration

You can add or modify request headers:

proxies:
  - domain: "api.example.com"
    target: "http://localhost:8080"
    protocol: "http"
    headers:
      add:
        X-Forwarded-Proto: "https"
        X-Real-IP: "$remote_addr"
      remove:
        - "X-Forwarded-For"

Path Rewriting

Supports URL path rewriting:

proxies:
  - domain: "api.example.com"
    target: "http://localhost:8080"
    protocol: "http"
    path_rewrite:
      "/v1/api": "/api"
      "/old": "/new"

Connection Pool Configuration

Optimize connection pool performance:

proxies:
  - domain: "app.example.com"
    target: "http://localhost:3000"
    protocol: "http"
    connection_pool:
      max_connections: 100
      max_idle_connections: 10
      idle_timeout: 90
      keep_alive: true

Failover Configuration

Configure failover for backend services:

proxies:
  - domain: "app.example.com"
    targets:
      - "http://primary.example.com:3000"
      - "http://backup1.example.com:3000"
      - "http://backup2.example.com:3000"
    protocol: "http"
    failover:
      enabled: true
      max_failures: 3
      recovery_time: 60

SSL Configuration

Configure SSL connections to backend:

proxies:
  - domain: "secure.example.com"
    target: "https://backend.example.com"
    protocol: "https"
    ssl:
      verify: true
      cert_file: "/path/to/ca.crt"
      key_file: "/path/to/ca.key"
      insecure_skip_verify: false

Configuration Validation

Validate configuration before starting:

# Validate configuration file syntax
sslcat --config sslcat.conf --check

# Test configuration
sslcat --config sslcat.conf --test

# Start service
sslcat --config sslcat.conf

Monitoring and Debugging

SSLcat provides detailed proxy statistics:

Connection Statistics - Shows connection count for each proxy
Response Time - Shows backend response time statistics
Error Rate - Shows proxy error rate
Health Status - Shows backend service health status

Best Practices

Recommendations for configuring reverse forwarding:

Set Reasonable Timeouts - Set appropriate timeout based on backend service performance
Enable Health Checks - Ensure backend service availability
Configure Load Balancing - Improve service availability and performance
Monitor Logs - Regularly check proxy logs to optimize configuration
Backup Configuration - Backup important configuration files

With the above configurations, you can flexibly set up SSLcat's reverse forwarding functionality to meet various complex business requirements.