python tornado user authentication and then reverse proxy via apache

Question

I am implementing a two-way SSL authentication and then additional authentication via Kerberos after which it redirects the user to an internal server via reverse proxy.

i.e:

SSL auth <--> Apache Server + kerberos auth using login/password <--reverse proxy-->> internal server

This setup currently works:

Now my idea is to use this configuration as I can control the behavior of the user via Tornado

SSL auth <--> Apache server <---> Tornado webserver for kerberos auth <---> reverse proxy <---> internal server

And I have got the SSL authentication and the Kerberos authentication working.

However, how do I tell Tornado to reverse proxy(apache) to the internal server?

Answer 1

Tornado doesn't have any built-in reverse proxy functionality, but in the simple case a reverse proxy is just a RequestHandler that passes through to an HTTP client:

class ReverseProxyHandler(RequestHandler):
    @gen.coroutine
    def get(self):
        resp = AsyncHTTPClient().fetch(self.convert_url(self.request),
            headers=self.request.headers)
        self.set_status(resp.code)
        for k,v in resp.headers.get_all():
            self.add_header(k, v)
        self.write(resp.body)

It could get a lot more complicated than that depending on what your requirements are. This is only a simple thing to build if you can be sure that your internal server doesn't do anything tricky.