Double Tall Iced Mocha, Lite on the Chocolate

March 31, 2005

A ninja pays half my rent

Filed under: /friends — @ 10:27 am

Ok, so my roomate (who finally moved in somewhat) is not a ninja. But be warned of what could happen when A Ninja Pays Half My Rent.

March 3, 2005

Building <a href="http://http://www.apsis.ch/pound/">Pound</a> on <A href="http://www.openbsd.org">OpenBSD 3.6</a>

Filed under: /geek — @ 1:01 am

Pound is open source http load balancer. It acts as a reverse proxy in front of multiple web servers to distribute load across multiple web servers and also detects when a web server goes down and stops sending requests to that box.

Unlike Balance (a tcp load balancer/proxy server), Pound can do more http specifc things such as:

  • Reverse SSL Proxying - This allows you to use pound as an ssl-enabled gateway to web servers not using SSL.
  • Regular Expression request routing - This allows you to send certain requests to a particular farm or group of servers. For example you write a regex looking for .jpg and .gif and send those requests to specific “image” servers.
  • Forwarding client ip address in headers - Alot of proxies have to rewrite the source ip address of the request before sending to the web server (to insure it gets routed back throgh the proxy), pound passes the original source ip address along in a http header, so you can still log the actual address in your web server/application t using SSL.

    So on to the subject which is building pound on openbsd. Someone from the pound mailing list emailed me a question about building pound on openbsd, and since I remember how much of pain it was at first, I decided it is probably worth documenting somewhere.

    There is a how-to in .rtf format that I found here. It is specifc to openbsd version 3.3 and some typos (not to mention its in .rtf) in the compile and make options which threw me for a loop since I am not a everyday C jockey. However this document did provide me with the info I needed , and I thank the author a ton since its the only doc I find on the subject.

    Pound requires a version OpenSSL that is built with threading. Most BSD’s to my knowledge (OpenBSD, FreeBSD, not sure about NetBSD or Mac OSX) do not ship with a thread enabled OpenSSL (if you know why, let me know). So this means that you need to build a copy of OpenSSL with threads to build pound against. Lets start with that. OpenBSD 3.6 ships with OpenSSL 0.9.7d which is what I am going to use for this demo, I see to remember their being a bug with 0.9.7e that breaks this process so if you try 7e and fails, try 7d.

  • Get the source, stick it in /tmp/openssl : cd /tmp; wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz
  • Untar: tar -xzf openssl-0.9.7d.tar.gz
  • Configure: cd /tmp/openssl/openssl-0.9.7d; ./config no-hw threads no-asm –openssldir=/tmp/openssl
  • Edit the Makefile, insert “-pthread” into the line that reads “CFLAG= -DOPENSSL_THREADS …” so that it reads “CFLAG=-pthread -DOPENSSL_THREADS …”
  • run “make”, then “make test”, then “make install”. This worked fine for me, so if you have any problems compiling, I dont know what to tell you, other than make sure you are using the same version of OpenSSL.
  • Get the source for pound: wget http://www.apsis.ch/pound/Pound-current.tgz
  • Untar: tar -xzf Pound-current.tgz
  • cd Pound-current
  • configure: ./configure –with-ssl=/tmp/openssl
  • Edit the Makefile so the line that read CFLAGS=-DF_CONF… reads CFLAGS=-DNEED_STACK -DF_CONF…
  • make, make install

    •