Perlbal in less than 5 minutes
Perlbal is something I always wanted to learn. A recent DDOS made sure I learned it in an hour or so. Apparently the regular stuff take about 4-5 minutes with it. This post will try to make it shorter.
Suppose you have three servers:
Web1 - webserver number 1 - 10.2.3.1.
Web2 - webserver number 2 - 10.2.3.2.
GW - your gateway server, which you want to use as a reverse proxy for Web1 and Web2.
What you basically need is 2 things:
- Perlbal configured for Web1 and Web2.
- Web1 and Web2's Apache (which is what I'm using) should set the forward headers correctly. This is optional but most people will want this. Also, it might be supported in Perlbal, but I didn't find it yet.
For the Apache, on Web1 and Web2 you just download and compile mod_rpaf using:
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
Then you follow the simple 5 config lines available at the mod_rpaf page.
On GW you install Perlbal from CPAN using cpan Perlbal
. You'll need gcc and a few libraries (gzip and bzip2 devel, for example).
Then you create a folder "/etc/perlbal" and create inside it a file called "perlbal.conf", with this content:
CREATE POOL the_webs
POOL the_webs ADD 10.2.3.1
POOL the_webs ADD 10.2.3.2CREATE SERVICE http_balancer
SET listen = 0.0.0.0:80
SET role = reverse_proxy
SET pool = the_webs
SET persist_client = on
SET persist_backend = on
SET verify_backend = on
ENABLE http_balancer
That's it!
Now you can direct everyone to the IP of GW.
UPDATE:
I found the Perlbal documentation in a folder called "doc" in the distribution. Unfortunately it's rather slim. Oh well.
Leave a comment