- Must have excellent working knowledge of Linux (RHEL 5.x), nginx and squid proxy software.
- Should have mastery of TCP/IP, web servers and HTTP protocol.
- Should have mastery of HTTP load balancing techniques and configurations.
- Must be able to explain previous experience configuring reverse proxy configurations using nginx.
Purpose of project:
We currently use Cisco hardware to protect and deliver our SOAP based web services API to customers. We now have an initiative to replace this hardware using open source software running on Linux.
A fully detailed Visio drawing of the network, IP addresses and data flow will be provided. Our Linux admins will install nginx and squid software. You will need to provide nginx and squid configurations based on the network drawing and descriptions. It may be possible to allow SSH access to assist our admins troubleshooting issues/problems.
Description of environment:
Nginx and squid will be run on the same server with single NIC. The nginx/squid server(s) will sit in a DMZ, accept incoming SOAP based web service requests (HTTP POSTs) and then forward requests to SunOne application servers that will consume the web service call. The SunOne application servers will also be located in the same DMZ. When the application servers need to make an outbound web service call they will need to use the squid proxy to be allowed outbound access through the firewall.
1. Need an nginx configuration for reverse proxy and load balance of three SunOne application servers that provide SOAP based web services.
- nginx should only accept four allowable URLs to be proxied (reject all others)
- nginx will need to rewrite URLs before passing to application servers
- nginx should use round robin load balancing
- nginx should handle availability (up/down) of application servers
2. Need simple squid configuration for outbound proxy.
- Squid should only proxy for approved list of source IPs (the application servers)
3. Need to have nginx and squid logging enable to allow us to fully track inbound and outbound transactions.
4. Time will be allotted for knowledge transfer and Q&A sessions discussing the configuration.
If project goes smoothly and I am satisfied with the level work provided, the possibility of additional hours for completing a future phase II of this project will include:
- Building additional capability of logging SOAP headers and XML payload.
- Build a query tool (querying logs) to provide internal staff a means of examining data flow.