Star Hackademy

Hacking and configuring, IT's a long and secret story…

Reverse proxy for high trafic website —

As previously explained, I had as part of a customer’s mission to propose a solution to accelerate a web site. The challenge was to replace an aging Juniper appliance by a reverse proxy for high trafic website. This appliance was accelerating the traffic by caching data (max. 100Mb), and balancing the traffic between 4 front end servers. I also wanted to reorganize the whole DMZ infrastructure to improve the security. The existing architecture had all servers (front-ends, database and application servers) in the same LAN behind the firewall and the Junipers (see HLD image for As-Is solution below).

As-Is solution

As-is solution

Don’t laugh, those websites receive more than 45.000.000 visits per month, with more than 4 pages seen at each visit (in normal traffic) and expect to receive more than 100.000.000 visits a month on special occasions. So, to improve this, I decided for a classical layered system (see HLD To-be solution below).

HLD To-be solution

HLD To-be solution

Once the design for this reverse proxy for high trafic website was accepted, the evaluation process for the acceleration platform began.
While working on the different platforms possible for this project, I thought that it would be better to be ready to give access to other protocols than http to Frontends servers zone.

My credo in consulting is to be solution minded, instead of product minded. This means that each time I have to propose a new solution, I’ll make a survey of existing solutions, test them, and verify how they can fulfil the mission assigned. I will always promote the solutions with the shortest learning curve (taking in account the knowledge and sensibility of the existing IT team), and in this case, if possible using open source products. (This is opposed to the product mind that will propose the product he knows the best, or where he’s got the better margin). One drawback to this, is that the time to design a proposed solution is longer (due to tests and probable learnings), but the solution is generally more accurate to the needs of the customer.

In this case, I had to find a good reverse caching proxy for HTTP and a load balancer for the other protocols (and if possible in open source products). I did start from a white page and began by looking for a product able to fulfill both roles. Believe it or not, I couldn’t find a distro dedicated to this role. So, I started evaluating different “reverse proxy” solutions:

And after that evaluate the best solution to load balance traffic other than HTTP.

To be continued…

This article was entirely written with my iPad, and the drawings were “deigned” with QuickDiag app.

Categorised as: DevOps


  1. Toto says:


  2. David McHale says:

    My money is going to be on either Squid or Varnish as the top performers here, even now in 2022.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.