It’s OK—You Just Configure a Reverse Proxy, and You’re Good to Go. Simples!

We have all heard those words from the great and wise when we were starting out in our IT journey, the intimation being that it is a simple process—so simple that even a child can do it. In fact, I bet you can hear yourself saying that exact statement, maybe regarding a different service: “It’s OK—you just configure an iSCSI VMkernel port, and you’re good to go.” I know I have been guilty of saying this as an off-the-cuff comment to imply that something is simple, and it does not need my input. I’d be thinking, “You should be able to do this yourself; why are you bothering me with this?” I know you do not mean it like that. In your mind, you feel that you are empowering your staff to just get on with it. You know that they can do the work, and you do not want to belittle your colleagues, embarrassing them by aiding them in completing such a simple process.

Well, today I was on the receiving end of this statement, and do you know what? There is no such thing as a simple process. If you do not understand how to do a process, all things are difficult. Cast your mind back to when your child or your younger sibling was learning to tie their laces or put their shoes on the correct feet.

The task before me was something simple: configure a server as a reverse proxy to terminate SSL and then configure it to front-end two internal web servers.

Reverse Proxy
It’s simple—just configure a reverse proxy, and off you go

If you examine the diagram above, you can see a simple environment: three servers and two firewalls. The task is to configure the front-end server as a reverse proxy, then terminate SSL and proxy traffic to the two back-end servers. On paper, this looks like a very simple task, and to those who do it every day, it most likely is. In fact, they probably have a couple of scripts they’ve customized that can automatically deploy these environments with a couple of clicks. However, I have not looked at a web server in several years, so off to the web I went. My first thought was that surely IIS should be able to do this out of the box—but no, there are extra modules that need to be installed, ARR and URL Rewrite, and the documentation is less than adequate. Of course, I was told this was a simple task. I did not like the concept of so many moving parts with bad documentation, so I thought, “Let’s look at open source to do this; it will save license fees for a start.”

Unfortunately, things got even worse when I moved to open-source software: Apache 2.4 running on CentOS 7. At the back of my head, I kept hearing, “This should be simple.”

When you move into the open-source arena, you are walking with lions. However, those lions do not see you, the noob, as a potential equal: they see you as prey. Trawling the Linux blogs and boards for answers results in a feeling of completely inadequacy. I mean, this is all easy, isn’t it?

Conflicting information on different blogs appears to exist solely to confuse and beguile the reader, elevating the writer’s ego to that of a demigod. There are massive changes in functionality between versions, features depreciated, feature functionality changed. Writers assume you have a vast amount of knowledge, which leads to massive logic gaps in their written processes—gaps that appear as large as the Grand Canyon if you were to try to jump it on a bicycle. This information should be understandable and easy to follow, right? But you can read entire threads or posts and think you have gained understanding, only to find that the article you were reading referred to a depreciated version. I soon started to look for dates on the threads before reading their content.

What about the official documentation on the relevant foundations’ sites? Unfortunately, these are even more opaque, and full of confusing examples that have no basis in reality.

Dare to ask a question on some boards, and you will most likely be ridiculed for your lack of “basic” knowledge.

Perhaps I have been cosseted these last few years swimming the pond that is virtualization, cloud, and EUC, a sea that has been civilized and where there is no such thing as a silly question. However, the adage “It’s a jungle out there” certainly applies to the open-source communities. I had firmly believed that this sort of behavior had died, together with the caricature of the fat, long-haired, smelly, socially inept sysadmin, but they are still there. Those sysadmins may be slightly more elitist and better dressed, but some are still socially inept in their approach and still disdainful of people who are attempting to acquire knowledge—especially so with regard to knowledge they consider simple, like how to do a reverse proxy on Apache.

It has been a sobering experience. The next time somebody asks me a question and I feel the urge to say, “Just do this and that, and you’re good to go,” I will stop and remember my recent feelings of fumbling in the dark to do something simple and take a couple of minutes out of my day to reattach myself to that thoughtful person who just answers a question with a sensible answer. We are all busy folks, but knowledge reigns, and it is better to be a fountain than a font. This is an analogy that I used to live by. A fountain is continually refreshing its pool of water and is a pleasant place to visit; a font becomes stagnant without use. Sometimes it is good to reacquaint oneself with humility and understand that there are no stupid questions after all, only stupid answers.

Posted in SDDC & Hybrid CloudTagged , , ,