Bypassing Reverse Proxy, Cache, and Content Delivery Networks (CDN)

If you have a reverse proxy, cache, or content delivery network (CDN) in front of your application, you will want to bypass it when profiling with Blackfire.

We provide an example below to describe which headers are sent and required to pass through to your application (and the Blackfire Probe) in order for Blackfire to successfully profile your application.

If there is a reverse proxy such as Varnish or HA Proxy between your browser and the profiled website, you will probably want:

  • To serve a non-cached version from the reverse proxy;
  • To not remove the special HTTP headers injected by the browser extension;
  • To target a specific server behind the proxy.

Blackfire browser extension uses a unique HTTP header for its requests: X-Blackfire-Query.

You also need to be sure that the following HTTP response headers are preserved: X-Blackfire-Response and X-Blackfire-Error.

Here's a varnish configuration sample:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
acl profile {
   "x.y.z.w";
}

sub vcl_recv {
  if (req.esi_level > 0) {
    # ESI request should not be included in the profile.
    # Instead you should profile them separately, each one
    # in their dedicated profile.
    # Removing the Blackfire header avoids to trigger the profiling.
    # Not returning let it go trough your usual workflow as a regular
    # ESI request without distinction.
    unset req.http.X-Blackfire-Query;
  }

  if (req.http.X-Blackfire-Query && client.ip ~ profile) {
    return (pass);
  }
}

Fastly

Fastly is a Content Delivery Network (CDN) which uses Varnish as a caching HTTP reverse proxy.

Load Balancer

If you're using multiple PHP servers behind a load-balancer for your application, you have two choices to profile it:

  • The first and recommended option is to:
  • Install the Blackfire Probe and the Blackfire Agent on a single PHP server;
  • Configure the load balancer to route all requests containing headers matching X-Blackfire-Query to the configured PHP server;
  • The second option is to:
  • setup a single Blackfire Agent for all the PHP servers and configure it to listen on the network using a TCP socket:

    1
    socket=tcp://0.0.0.0:8307
    

    Note

    Please note that using our packages on Linux, the socket configuration is defined in /etc/default/blackfire-agent. You can refer to the /etc/default/blackfire-agent section for more information.

  • setup the Blackfire Probe on all the PHP servers and configure it using the TCP socket defined above in the php.ini configuration:

    1
    blackfire.agent_socket = tcp://10.0.0.1:8307