PfSense Reverse Proxy - HAProxy or Squid?
-
Hi All - I was hoping to get some feedback / suggestions about which reverse proxy package available for pfSense 2.3.2 would work best for the following requirements:
- We have a number of servers/VM's running a web application using Http via TCP 8069 and I need to serve them securely over the web using a single public IP
- Access each web application / server via a different host 'A' record in a domain - app1.abc.com -> x.x.x.1:8069 app2.abc.com -> x.x.x.2:8069
- HTTP traffic would be redirected to SSL on the public IP
- The pfSense router would 'broker' the SSL web traffic - SSL from the web / HTTP inside our LAN
Would either package be able to handle those requirements? I would much prefer using pfSense as our reverse proxy rather than installing NginX to protect each web server.
Squid looks fairly straightforward to implement as reverse proxy, but I have not found a comprehensive tutorial on the web. From what I have read there are a few 'gotchas' which involve having to use the loopback as the proxy destination and/or adding a parameter to the pfSense advanced config (net.inet.ip.portrange.reservedhigh) to enable Squid to proxy ports below 1024
I have no preference at this point about what to use… thoughts? suggestions?
-
HAProxy, hands down.