Squid/HAProxy reverse proxy based on url parameter



  • Hello,

    I have a small homeserver running subsonic, calibre and pyload on nginx. Before I had a pfSense box, I had a https certificate installed directly on the server and would just forward port 443 to it. I would then use reverse proxies to access the services e.g. https://my-domain.com/subsonic, https://my-domain.com/calibreā€¦

    Now I would like to replicate this setup using pfSense, except that this time around the ssl certificate is not installed on the server but on pfsense, which fetches the content from the server (without ssl) and serves it to the client (with ssl).

    Am I right in assuming that I need either squid or haproxy? If yes, which one would you recommend, and how can I accomplish that?

    Thanks in advance



  • Not sure about squid.. maybe it can..
    As for haproxy it can decrypt the traffic and use an acl on the url path. and then forward the traffic unencrypted to the desired backend servers. The big question with that always is will the webapplications properly handle the traffic without sending a https redirect, or including absolute links pointing to a http://my-domain.com/image.jpg or javascripts or other page links.. Haproxy will not rewrite the 'body' of a webserver response. It can modify headers, but that doesnt always make the webapp work.

    I have no experience with subsonic nor calibre so can tell anything specific to those environment.. For wordpress for example there are some 'manuals' online that tell how to configure it when hosting it behind a reverse proxy.


Log in to reply