Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy, Pound, Squid-Reverse & Varnish

    pfSense Packages
    3
    6
    7.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      canefield
      last edited by

      Dear all,

      I've tried and spent hours configuring HAProxy, Pound, Squid-Reverse & Varnish.

      My goal is to setup a reverse proxy handling host-headers to the corresponding servers and Load Balance if applicable. For HTTP as well as HTTPS.

      • http://www.domain.com/ refers to server: 192.168.125.10 (port 80)
      • http://www.domain1.com/ refers to server: 192.168.125.11 (port 80)
      • http://extranet.domain.com/ refers to server: 192.168.125.21 (port 80 + LB)
      • http://extranet.domain.com/ refers to server: 192.168.125.23 (port 80 + LB)
      • https://intranet.domain.com/ refers to server: 192.168.140.241 (port 443 & 987 + LB)
      • https://intranet.domain.com/ refers to server: 192.168.140.245 (port 443 & 987 + LB)
      • https://webmail.domain.com/owa refers to server: 192.168.140.245 (port 443; MS Exchange + LB)
      • https://webmail.domain.com/owa refers to server: 192.168.140.247 (port 443; MS Exchange + LB)

      I can't figure out how to configure all the above packages; all without any luck. All packages except Pound is not implemented in pfSense. Some people swear by one package others to complete others. Which one to choose? Could somebody help me configuring one of the best suitable and stable package?

      Thanks in advance,
      Canefield

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        canefield,

        I think your first try should be configuring just squid-reverse.

        I'm very busy these days with my job and some package improvements(including squid-reverse).
        It's on my todo list simplify this publishing process and I believe that squid-reverse is the most simple package for reverse proxy with http/https.

        att,
        Marcello Coutinho

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • C
          canefield
          last edited by

          Marcello,

          Thanks for your reply. I will have a closer look at Squid. Could somebody help me out configuring this. I'm new to Linux and pfSense. I don't have any clues.

          Thanks,
          Canefield

          1 Reply Last reply Reply Quote 0
          • C
            Cino
            last edited by

            @marcelloc:

            canefield,

            I think your first try should be configuring just squid-reverse.

            I'm very busy these days with my job and some package improvements(including squid-reverse).
            It's on my todo list simplify this publishing process and I believe that squid-reverse is the most simple package for reverse proxy with http/https.

            att,
            Marcello Coutinho

            I've been using pound for a while but prefer to use packages that are built for pfsense(for support reasons). I agree with marcelloc, that squid-reverse would be the way to go but LB options are not in the GUI(at least from what I can tell). Hopefully this will be added soon because the syntax is different when setting up Reverse-Proxy with LB (http://wiki.squid-cache.org/SquidFaq/ReverseProxy#Load_balancing_of_backend_servers) but its straight forward. For performance, I've heard Varnish is the way to go but the configuration can be very complex.

            1 Reply Last reply Reply Quote 0
            • C
              canefield
              last edited by

              Cino,

              Thanks for your reply. You're telling me it it pretty straight-forward, but I don't get it. As you're indicating I believe I also should use packages included and supported by pfSense.

              Could somebody provide me with a working configuration, step-by-step example, screenshots, etc.?

              Thanks,
              Canefield

              1 Reply Last reply Reply Quote 0
              • C
                Cino
                last edited by

                Canefield,

                Here is how i configured the Reverse settings tab for my setup:

                Reverse Proxy interface: loopback  (could be your WAN, but I setup a NAT Port-forward rule)
                external FQDN: FQDN that will resolve the public IP, example your WAN IP
                Enable HTTP reverse mode: checked
                reverse HTTP port: 9080  (could be 80 but the NAT Port-forward rule will direct traffic from port 80 to 9080)

                peer definitions :
                HOST_SERVER1;192.168.0.150;80;HTTP
                HOST_SERVER2;192.168.0.100;80;HTTP
                HOST_SERVER3;192.168.0.50;80;HTTP
                HOST_SERVER4;192.168.0.10;80;HTTP

                URI definitions:
                WEBAPP_SERVER1;;http://host1.domain.net
                WEBAPP_SERVER1;                ;http://host2.domain.net
                WEBAPP_SERVER1;;http://host3.domain.net
                WEBAPP_SERVER2;                ;http://host1.domain2.com
                WEBAPP_SERVER2;;http://box.domain2.net
                WEBAPP_SERVER2;                ;http://boxone.domain2.net
                WEBAPP_SERVER2;;http://domain2.net
                WEBAPP_SERVER2;                ;http://..domain2.net    (wildcard for host names)
                WEBAPP_SERVER3;                ;http://domain3.net
                WEBAPP_SERVER4;*;http://domain4.net

                ACL definitions:
                HOST_SERVER1;WEBAPP_SERVER1
                HOST_SERVER2;WEBAPP_SERVER2
                HOST_SERVER3;WEBAPP_SERVER3
                HOST_SERVER4;WEBAPP_SERVER4

                create a NAT rule:
                interface WAN
                Protocol  TCP
                DEST: WAN Address
                DEST Port: 80
                Redirect IP: 127.0.0.1
                Redirect Port: 9080
                Filter rule association: Create associated filter rule

                I haven't tried https, but see if you can get http to work first… Maybe someone else can help with HTTPS... Like I said before, LB options aren't built into the GUI from what I can tell but its probably in the works(I hope anyways)

                Hope this helps

                Stephen

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.