QOS – Service with quality using MasterShaper

QOS – “Quality of service” – what a fancy name for somethings that will allow you to manage the available bandwidth for your servers/pcs/equipments. Usually setting up QOS is not “so fancy” to setup and manage. At work I had to setup a QOS for a custumer and didn’t want to be writing rules on my own so I searched a bit and found MasterShaper.

You can read more about it here.

Lets imagine that you want to allow p2p on your network but you don’t want to waste all your bandwidth on that kind of traffic, after all you still need bandwidth for your VOIP, http, and mail traffic.

To setup this I’ll be using CentOS and Mastershaper.

After installing a VMware virtual machine with CentOS (default install with 2 network cards), I’ve setup apache, this time I didn’t use virtualhosts or any other extras as I just wanted to create a single purpose system.

To start I’ve concufigured 2 network interfaces (internal/external)

eth0 (external)

eth1 (internal)

After downloading MasterShaper decompress it to:


Install pear and pear modules as described in MasterShapper docs.

And finally create the mysql database to support the installation.

I won’t get into install details (just follow the documentation), but in the end you be able to define schedulers, hosts and services with higher or lower priority and in the end you’ll also be able to monitor all this in a pretty web interface with some graphics.

Just don’t forget to install mysql support in php, and pear, you’ll also have to configure sudo but in the end just read the documentation in mastershaper it’s very good.

Apache2 reverse proxy (with http https virtualhosting)

This weekend I was updating and reconfiguring my apache2 installation, I run a server with multiple domains both with http and https, they are sitting behind a firewall. I also had some tomcat installations running on port 8080 on my server. In my previous configuration in the firewall I had port 80,443 and 8080 forwarded to my apache server and it worked perfectly. but as you know it’s easy to educate users to use both http(port 80) and https(port443) but not that easy to tell them to write https://yourserver:8080/blabla to redirect them to the tomcat server.

Having this I decided to change the way things work but using a reverse proxy this way I can have all the users using just http and https and at the same time redirect the traffic to the t0mcat behind the the firewall.

How did I do it?

First you have to enable the following modules on your apache2 server (I won’t explain how to do it as you can do it multiple ways and even use your distro tools to help you):




I also recommend you to use virtualhosts for doing this as you’ll be able to serve multiple domains with ease:

and edit your virtual host to look like this:

<VirtualHost *:80>
ServerAdmin xxx@yourdomain.com
ServerName www.yourdomain.com
DocumentRoot /srv/www/htdocs
ServerSignature On
DirectoryIndex index.php index.html index.htm
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://your.internalserver.local:8080/
ProxyPassReverse / http://your.internalserver.local:8080/
Order deny,allow
Allow from all

or if you are using https your virtualhost config file might look like:

<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost *:443>
ServerName www.yourdomain.com
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error.log
TransferLog /var/log/apache2/access.log
SSLEngine on
SSLCertificateFile /etc/apache2/certs/www.yourdomain.com.crt
SSLCertificateKeyFile /etc/apache2/certs/www.yourdomain.com.key
SSLCertificateChainFile /etc/apache2/certs/www.yourdomain.com_intermediate_bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log   ssl_combined
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://www.your_domain.local:8080/
ProxyPassReverse / http://www.your_domain.local:8080/

Well hope this is helpful to someone.


Pedro M. S. Oliveira

Found this article about APACHE2 as a OWA proxy which I really liked 🙂 bellow there are some excerpts that I frequently use. I’m copying them for my reference:

<VirtualHost *:443>

DocumentRoot "/var/www/owa"
ServerName mail.mycompany.com:443
ServerAdmin support@mycompany.com
DirectoryIndex index.html index.php

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

SSLProxyEngine on

RewriteEngine On
RewriteRule	^/$	/exchange	[L,R]

RequestHeader set Front-End-Https On
ProxyRequests On
ProxyPreserveHost On
ProxyVia full

<Proxy *>
	Order deny,allow
	Allow from all

    ProxyPass        /exchange https://mxbsas.example.local/exchange
    ProxyPassReverse /exchange https://mxbsas.example.local/exchange

    ProxyPass        /exchweb https://mxbsas.example.local/exchweb
    ProxyPassReverse /exchweb https://mxbsas.example.local/exchweb

    ProxyPass        /public https://mxbsas.example.local/public
    ProxyPassReverse /public https://mxbsas.example.local/public

    ProxyPass        /exchangerng https://mxrng.example.local/exchangerng
    ProxyPassReverse /exchangerng https://mxrng.example.local/exchangerng
    ProxyPass        /Microsoft-Server-ActiveSync https://mxbsas.example.local/Microsoft-Server-ActiveSync
    ProxyPassReverse /Microsoft-Server-ActiveSync https://mxbsas.example.local/Microsoft-Server-ActiveSync


Click to access the login or register cheese