VMware Networking Community
Carlos_E
Enthusiast
Enthusiast
‎05-09-2017 09:01 AM
Jump to solution

NSX - Reverse Proxy Adventures and Questions

Hi all,

So I´ve spent the last week trying to answer the question :

- Is NSX Load Balancer supposed to be able to be configured as a reverse proxy ?

What we are looking is Nginx or HAProxy kind of reverse proxy functionality, particularly with rules suchs as (HAProxy example) :

- reqrep ^([^\ ]*\ /)example1[/]?(.*)  \1\2

Our interest is in offering NSX Load Balancing with the reverse proxy role for our customers in order to spare them from having to run VM´s with Linux and HAproxy or Nginx on them.

I have learned a lot about NSX and reverse proxies in general, I have learned that underneath, NSX Load Balancer runs HAProxy, but I also have learned that the fact that is based on HAProxy doesn´t necessarily means that one can do anything that it´s possible with HAProxy in NSX, or at least if it´s possible it´s kind of an obscure skill with almost no information available on the web.

I have crashed against this scenario :

I have a Virtual Server IP with the following Application Rules :

acl host_app1 hdr(Host) -i web.customer.com

acl host_app2 hdr(Host) -i admin.customer.com

acl site_example1 path_beg -i /example1

acl site_example2 path_beg -i /example2

use_backend CUSTOMER_POOL_01 if host_app1

use_backend CUSTOMER_POOL_02 if host_app2

use_backend CUSTOMER_POOL_03 if site_example1

use_backend CUSTOMER_POOL_04 if site_example2

I took that from VMware example application rules, and it works, the thing is, that example is the closest that I got to be able to do something like this :

- reqrep ^([^\ ]*\ /)example1[/]?(.*)  \1\2

Our objective would be to be able to take only 1 Virtual Server IP and have the flexibility to forward to any of the Customer Pools (we got that working with Pool_01 and Pool_02), particularly if the request comes like this :

- web.customer.com/example1

We want to be able to send it to CUSTOMER_POOL_03 (same case with example2), with the case above we redirect from web.customer.com/example1 to memberserverofpool3/example1, but we are trying to mimic HAProxy functionality found in this rule :

- reqrep ^([^\ ]*\ /)example1[/]?(.*)  \1\2  (this link expains this regex load balancing - HAProxy reqrep remove URI on backend request - Server Fault )

Were the request is taken by the reverse proxy and then rewritten to directly memberserverofpool3/  (and not /example1).

The funny thing is that this exact rule is able to be handled by NSX Load Balancer but it works only on the Default Pool, I cannot use that rule to work on a particular Pool (or at least I haven´t found a way to do it).

Well...if anyone has any ideas regarding something like this I would appreciated it, even if it´s something like, No, Hell NO, NSX it´s never supposed to be used as a reverse proxy for complex scenarios ; )

Thanks in advanced to anyone reading this.

Regards,

Carlos.

0 Kudos
1 Solution

Accepted Solutions
lhoffer
VMware Employee
VMware Employee
‎05-09-2017 01:18 PM
Jump to solution

Carlos-

As you've observed, you can do both the pool selection/rewrite of the path and the syntax you're using for the rules is all good, however, application rules in NSX get applied as frontend rules in the underlying HAproxy component so there isn't away to apply them at an individual pool level.

View solution in original post

0 Kudos
2 Replies
lhoffer
VMware Employee
VMware Employee
‎05-09-2017 01:18 PM
Jump to solution

Carlos-

As you've observed, you can do both the pool selection/rewrite of the path and the syntax you're using for the rules is all good, however, application rules in NSX get applied as frontend rules in the underlying HAproxy component so there isn't away to apply them at an individual pool level.

0 Kudos
Carlos_E
Enthusiast
Enthusiast
‎05-09-2017 02:14 PM
Jump to solution

Hi,

First of all thanks for taking the time to answer!

Based on your answer and all the hours I have spent googling this issue, doesn´t seem that NSX Load Balancing is a good answer to a reverse proxy role, I´m I correct in saying this ?

Or perhaps NSX Load Balancing is a right fit for a reverse proxy role but in cases where there´s only one pool needed ?

I´m trying to push for NSX to play the reverse proxy role but there´s so little info on the web mentioning the reverse proxy role and NSX that it would appear as if nobody is using it like that, in which case I think I need to drop the issue and just go with another option.

What would you use if you were developing a solution needing a reverse proxy role ?

Thanks again for your feedback!.

Regards,

Carlos.

0 Kudos