Squid-reverse
-
If needed, I could help extending the gui setup of squid-reverse to support more options of squid…?!
you're welcome ;)
-
Actually I've just realised a day after getting it working that it doesn't support Exchange 2010 Web Services, this makes the package totally useless for me.
publishing /EWS* does not help…
any ints ?next version will support EWS :)
-
Im having abit of a problem.
I want all subdomains for one domain going to one ip. And another much like it but a different domain.
And let the target server handle subdomains.Much like pseudo config below;
HOST1;192.168.1.1;80;HTTP
HOST2;192.168.1.2;80;HTTPWEBAPP1;;http://.domainname1.com
WEBAPP2;;http://.domainname2.comHOST1;WEBAPP1
HOST2;WEBAPP2Meaning all requests to a.domainname1.com and b.domainname1.com goes to HOST1. And c.domainname2.com, d.domainname2.com goes to HOST2.
How can i do above scenario? im having no luck ;( getting alot of squid access control problems
-
Im having abit of a problem.
I want all subdomains for one domain going to one ip. And another much like it but a different domain.
And let the target server handle subdomains.Much like pseudo config below;
HOST1;192.168.1.1;80;HTTP
HOST2;192.168.1.2;80;HTTPWEBAPP1;;http://.domainname1.com
WEBAPP2;;http://.domainname2.comHOST1;WEBAPP1
HOST2;WEBAPP2Meaning all requests to a.domainname1.com and b.domainname1.com goes to HOST1. And c.domainname2.com, d.domainname2.com goes to HOST2.
How can i do above scenario? im having no luck ;( getting alot of squid access control problems
To answer my own question;
It's not harder then adding another "." infront of the "*" like this;WEBAPP1;;http://**..**domainname1.com
-
Hi again!
Another problem, this time with basic auth. For some reason its turned off with squid.
See this info;
If the content on the web servers is password protected then you need to tell the proxy to trust your web server with authentication credentials. This is done via the login= option to cache_peer. Normally you would use login=PASS to have the login information forwarded. The other alternatives is meant to be used when it's the reverse proxy which processes the authentication as such but you like to have information about the authenticated account forwarded to the backend web server.
From http://wiki.squid-cache.org/SquidFaq/ReverseProxy
Basically "login=PASS" flag is needed in the conf file(/usr/local/etc/squid/squid.conf)
cache_peer 10.168.5.13 parent 80 0 proxy-only no-query login=PASS originserver name=MYHOST1
I tried edit the confi file and restart(/usr/local/etc/rc.d/squid restart) and my basic auth on webpage starteed working again.
We need a flag in the UI for this, editing the conf file manually it not a good idea.
-
it's in the next version…
already fixed...
just reinstall the package -
it's in the next version…
already fixed...
just reinstall the packagei installed package 2-3 days ago, using squid-reverse 2.7.9_2
browsing thru /usr/local/pkg/squid.inc i can see "login=PASS" in https peers, but not for http
I added "login=PASS" to this code;
if (($cfg[0]) != '' && ($cfg[1]) != '' && ($cfg[2]) != ''){
$conf .= "cache_peer {$cfg[1]} parent {$cfg[2]} 0 proxy-only no-query login=PASS originserver ";and it does what i want :)
-
that's also what i did ;-)
-
Is this implemented in squid-reverse ?
https://github.com/bsdperimeter/pfsense-packages/commit/fbc0feb02e505c7435d6d06957e978d00a2fe7b3 -
yes…
it's comitted... -
squid-reverse 3.1.10_02 is released now based on squid 3.1.19
the features are mostly the same…
ews is supported but still a bit buggy due to some squid issues, which are known to the squid-team and a ticket is opened for this... (it seems that just Apple-devices are concerned - the connection lasts longer to be established... but then works... tested with imac and outlook 2011 for mac)have fun !
-
Nice work trendchiller!!
I haven't removed squid3 to try squid-reverse yet.. Probably will once I hear some feedback from other users. I did replace the binaries from squid3 with squid 3.1.19.. Received some ssl errors but was able to fix by running '/usr/local/libexec/squid/ssl_crtd -c -s /var/squid/lib/ssl_db' after creating dir /var/squid/lib
Question, i've been using pound as a reverse proxy for over a year now because it can also handle https/ssl traffic. I'm confused if squid's reverse proxy function can do https/ssl. In your example from page 1, looks like it does but haven't noticed anyone trying it. Cause if it does, I can get rid of pound and use this package as a proxy/reverse-proxy server. Let me know, thanks in advance
Stephen
-
Hi !
squid-reverse can handle https/ssl reverse proxying, therefore i created this package ;-) -
Sorry for asking this but I am not sure if I am correct:
I am using squid-reverse package with squid2.7 at the moment and squidguard.
So it is no problem to "reinstall" the squid-reverse package to get the new squid3 version ?
I do not worry about the configuration but about packages and dependecies which could cause problems or conflicts or just will be left useless on the system.Thank you for your help and thank you for the hard work on this package :-) That's great!
-
figured I would give it a try, i'm running pfsense 2.1 so the pbi gave errors i think:
Beginning package installation for squid-reverse . Downloading package configuration file... done. Saving updated package information... done. Downloading squid-reverse and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/8/All/libwww-5.4.0_4-i386.pbi ... (extracting) Downloading http://files.pfsense.org/packages/8/All/squid_radius_auth-1.10-i386.pbi ... (extracting) Downloading http://files.pfsense.org/packages/8/All/squid-3.1.19-i386.pbi ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/squid-3.1.19-i386.pbi. of libwww-5.4.0_4-i386.pbi squid_radius_auth-1.10-i386.pbi squid-3.1.19-i386 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for libwww-5.4.0_4-i386.pbi squid_radius_auth-1.10-i386.pbi squid-3.1.19-i386...done. Removing squid-reverse components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... Failed to install package. Installation halted. -
Hi !
This issue occures because of 2.1 relies on package installation as pbi and these packages are built automatically.
squid-reverse cannot be build automatically until now, because of squid 2.7x (for 1.2 compability) would be broken… :-(
i'll check what i can do there...
sorry... -
Hi !
This issue occures because of 2.1 relies on package installation as pbi and these packages are built automatically.
squid-reverse cannot be build automatically until now, because of squid 2.7x (for 1.2 compability) would be broken… :-(
i'll check what i can do there...
sorry...Dont be sorry… To be honest, i've had issues with other packages because of pbi. One workaround that may work is to remove 'depends_on_package_pbi' section from the 'pkg_config.8.xml' file. I'll still have to manually install the binaries which i've been doing since pbi where added to the package system..
Edit: I manually copied the xml/inc files from the new package over to my box.. So far so good.. It'll be a few days but can't wait to try reverse-proxy side of this
-
:)
have fun ! -
trendchiller,
Do you have ads compiled on this squid3 version?
Certificate can be extracted from pfsense cert manager, do you have plans to change it? Can I help you on this package?
This package can handle multiple domains/hosts?
-
Trying to determine if Squid-reverse can do what I need.
We have 2 HTTPS sites each with a different name coming via one Internet Line to PFsense. Can I send, based on it's HTTPS name, one site to one server and the second to a different server.
For example: https://site1.something.com go to server 1 and Https://site2.abc.net to server2 both have different certificates.
If so what would be the reverse proxy configuration?
Thanks
cjb
