Proxy servers
- Proxy Servers
Proxy servers are crucial components in a robust and scalable MediaWiki deployment. This article details their purpose, configuration, and benefits within the context of a MediaWiki 1.40 environment. We'll cover forward proxies, reverse proxies, and their impact on performance, security, and load balancing. This guide is aimed at administrators new to configuring proxy servers with MediaWiki.
What is a Proxy Server?
A proxy server acts as an intermediary between clients (users browsing the wiki) and the MediaWiki server(s). It receives requests from clients and forwards them to the MediaWiki server. The MediaWiki server then sends its response back to the proxy, which in turn delivers it to the client. This seemingly simple process unlocks significant advantages, detailed below. Understanding the difference between forward and reverse proxies is essential.
Forward Proxy
A forward proxy sits *in front of* the clients, typically used to control or monitor outbound access. While less common in a direct MediaWiki setup, it’s useful in environments with strict internet access policies. Clients must be configured to explicitly use the forward proxy.
Reverse Proxy
A reverse proxy sits *in front of* the MediaWiki server(s). Clients are unaware they are interacting with a proxy; they connect to the proxy’s address as if it *were* the MediaWiki server. This is the most common proxy configuration for MediaWiki.
Benefits of Using a Proxy Server with MediaWiki
- Improved Performance: Caching frequently accessed content (images, CSS, JavaScript) reduces the load on the MediaWiki servers and speeds up page load times for users.
- Enhanced Security: A proxy can hide the internal structure of your MediaWiki deployment, protecting against direct attacks. It can also handle SSL encryption/decryption, reducing the load on the MediaWiki server.
- Load Balancing: Distributing traffic across multiple MediaWiki servers prevents overload and ensures high availability.
- SSL Termination: Handling SSL/TLS encryption and decryption at the proxy level can offload computational expense from the web servers.
- Content Filtering: (Less common in standard MediaWiki setups, but possible) Blocking access to certain URLs or content types.
Common Proxy Servers
Several proxy server solutions are well-suited for use with MediaWiki. Here’s a comparison of a few popular choices:
| Proxy Server | Operating System Support | Key Features | Complexity |
|---|---|---|---|
| Nginx | Linux, Windows, macOS | High performance, reverse proxy, load balancing, caching, SSL termination | Moderate |
| Apache HTTP Server (with `mod_proxy`) | Linux, Windows, macOS | Versatile, reverse proxy, load balancing, caching, SSL termination | Moderate |
| HAProxy | Linux, FreeBSD | Dedicated load balancer, high availability, health checks | Moderate - High |
| Varnish Cache | Linux | HTTP accelerator, caching focused, high performance | High |
Configuring Nginx as a Reverse Proxy
Nginx is a popular choice due to its performance and flexibility. Here's a basic configuration example. Adapt this to your specific setup. This assumes your MediaWiki server is running on `localhost:8080`.
```nginx http {
upstream wiki_backend {
server localhost:8080;
}
server {
listen 80;
server_name yourwiki.example.com;
location / {
proxy_pass http://wiki_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Static file caching (optional)
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires 30d;
proxy_pass http://wiki_backend;
}
}
} ```
Important notes:
- Replace `yourwiki.example.com` with your actual domain name.
- The `upstream` block defines your MediaWiki server(s). You can add multiple servers for load balancing.
- The `proxy_set_header` directives are crucial for passing the correct information to the MediaWiki server. See Special:MyLanguage/Configuration_settings#HTTP_headers for more details on header requirements.
Configuring Apache as a Reverse Proxy
Apache can also serve as a reverse proxy using the `mod_proxy` module. Ensure `mod_proxy`, `mod_proxy_http`, and potentially `mod_proxy_ajp` are enabled.
```apache <VirtualHost *:80>
ServerName yourwiki.example.com
ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/
<Location />
Require all granted
</Location>
# Example caching configuration
<FilesMatch "\.(jpg|jpeg|png|gif|css|js|ico)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</VirtualHost> ```
Again, remember to replace `yourwiki.example.com` with your domain. `ProxyPassReverse` is vital for correctly rewriting redirects.
MediaWiki Configuration Changes
After setting up the proxy, you might need to configure MediaWiki to be aware of it. Edit your `LocalSettings.php` file.
| Setting | Description | Default Value |
|---|---|---|
| `$wgServer` | The URL of your MediaWiki installation as seen by the outside world. This *must* match the address of your proxy server. | `http://yourwiki.example.com` (example) |
| `$wgScriptPath` | The path to the `index.php` file. | `/` |
| `$wgUploadDirectory` | The directory where uploaded files are stored. | `/images` |
These settings *must* reflect the public-facing URL of your wiki through the proxy. Incorrect settings will lead to broken links and functionality. See Configuration settings for a complete list of available options.
Load Balancing Considerations
For high availability and scalability, consider load balancing across multiple MediaWiki servers. Both Nginx and HAProxy are excellent choices for this. Here's a simplified Nginx upstream example:
```nginx upstream wiki_backend {
server server1.example.com:8080; server server2.example.com:8080;
} ```
HAProxy provides more advanced health checking and session persistence options. Refer to the HAProxy documentation for detailed configuration instructions. See also Scalability for more general advice.
Security Considerations
- Always keep your proxy server software up to date with the latest security patches.
- Configure appropriate firewall rules to restrict access to the proxy server.
- Use SSL/TLS encryption to protect communication between the client, proxy, and MediaWiki server. See Secure configuration.
- Regularly review proxy logs for suspicious activity.
- Consider using a Web Application Firewall (WAF) in conjunction with your proxy server for enhanced security.
See Also
- Configuration settings
- Scalability
- Secure configuration
- Installation guide
- Maintenance and administration
- Troubleshooting
- Caching
- Web servers
- Load balancing
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️