Proxying & Caching with EP
Proxying & Caching with EP
Enfold Proxy is an additional product offered by Enfold which is often used in unison with Enfold Server.
Enfold Server is designed to work within a Windows environment using Active Directory (AD). Enfold Proxy (EP) lets Enfold Server work with IIS (along with its permissions and tools). EP also features a full caching proxy inside IIS that talks to any Plone instance.
Typically, Enfold Proxy and IIS are installed together on one machine, and Enfold Server is installed on a separate machine(s). By keeping cached copies of web content, Enfold Proxy (and presumably Enfold Proxy) improves the speed at which HTTP requests are handled.
Enfold Proxy is designed to work with Enfold Server almost out of the box. Instructions for setting up Enfold Proxy are found in documentation specific to Enfold Proxy. http://www.enfoldsystems.com/Products/Proxy
To configure Enfold Server to work with Enfold Proxy:
-
Go to Plone Site Setup on the website. Choose Authentication Profiles.
-
Choose a profile that includes the words "with Trusted Proxy Authentication". Press Update.
-
Click the Trusted Proxies Configuration option. You will see something like this. Make sure you have added the IP address of the machine with IIS/Enfold Proxy in the trusted proxies list. This tells Enfold Server to trust the NTLM authentication decisions made by the server on 192.168.1.56 . (In this example there are two IP addresses listed here, but that is unusual. Enfold Proxy and IIS reside on the same machine as ES, but most of the time ES and IIS will exist on separate machines).
-
Press the button to clear authentication cache on the same page after you make these changes.
In addition, you need to verify that your IIS permissions are correct.
-
Right click on the IIS site you are using.
-
Select Authentication Methods.
-
Verify 2 things:
- If you are using Enable Anonymous Access: say yes if you are using a cookie-based authentication profile (See Selecting an authentication profile ). When this is yes, Integrated Windows Authentication must be No.
- Integrated Windows Authentication. Say yes only if you are using an authentication profile with both "Trusted Proxy" and "Active Directory" in the title. If this is yes, Enable Anonymous Access must be no.
Enfold Server comes with extra caching options to improve site performance. These send caching headers on responses from Plone so that upstream servers can cache the responses.
To cache content,
-
Install a cache management product (See installing a Plone product). Enfold Server already comes with a caching product named Chasseur. But before you can use it, you need to enable it from Site Setup --> Install Products menu on your website.
-
Select a caching profile. Go to site setup > Caching Profiles and select an appropriate profile. Select your profile and click update. There are five choices:
- Aggressive: Cache all anonymous content for one hour. Cache all resources (images, css, javascripts) for anonymous and non-anonymous for one hour. Note: this is generally not recommended.
- Moderate: Cache all resources (images, css, javascripts) for anonymous and non-anonymous for fifteen minutes and force revalidation.
- None: Do not cache anything at all (not recommended).
- Normal: Cache all resources (images, css, javascripts) for anonymous and non-anonymous for one hour.
-
Set up a caching/proxy server. The most common choices are Enfold Proxy and Squid. Enfold Proxy has been tested to work with Enfold Server and includes its own configuration panel. For more information, see http://www.enfoldsystems.com/Products/Proxy.
Important: Setting up a cache profile by itself will improve performance slightly, but the main performance gain comes after you use a cache profile and set up a caching server like Enfold Proxy.
If you set up caching in EP and are caching content, you'll need to clear out the cache when something changes on the server. To do this you send a purge command to the caching server. See the Enfold Proxy documentation to ensure this is set up correctly.
Note: It can take a while to get the cache settings right. Be sure to schedule adequate time to test your cache settings.