PfSense Reverse Proxy - HAProxy or Squid?



  • Hi All - I was hoping to get some feedback / suggestions about which reverse proxy package available for pfSense 2.3.2 would work best for the following requirements:

    • We have a number of servers/VM's running a web application using Http via TCP 8069 and I need to serve them securely over the web using a single public IP
    • Access each web application / server via a different host 'A' record in a domain - app1.abc.com -> x.x.x.1:8069  app2.abc.com -> x.x.x.2:8069
    • HTTP traffic would be redirected to SSL on the public IP
    • The pfSense router would 'broker' the SSL web traffic - SSL from the web / HTTP inside our LAN

    Would either package be able to handle those requirements? I would much prefer using pfSense as our reverse proxy  rather than installing NginX to protect each web server.

    Squid looks fairly straightforward to implement as reverse proxy, but I have not found a comprehensive tutorial on the web. From what I have read there are a few 'gotchas' which involve having to use the loopback as the proxy destination and/or adding a parameter to the pfSense advanced config (net.inet.ip.portrange.reservedhigh) to enable Squid to proxy ports below 1024

    I have no preference at this point about what to use… thoughts? suggestions?


  • Banned

    HAProxy, hands down.