Squid Reverse proxy setup



  • Hi,

    Sorry if this has been answered before but I'm really struggling to figure out how to use squid and reverse proxy so forward external requests to multiple internal web servers.
    To start of, I´m a need to pfsense so please be patient with me :)
    Also I´m running Community edition 2.4.1 and latest switch proxy server and reverse proxy package

    What I want to do?

    Lest say I have 3 different external URL´s based on the same domain name.

    example.com
    test2.example.com
    test3.example.com

    I want example.com to redirect to internal web server IP 192.168.1.10
    I want test2.example.com to redirect to internal web server IP 192.168.1.11
    I want test3.example.com to redirect to internal web server IP 192.168.1.12/photo
    All requests on port 80
    Different scenarios, but to my understanding possible to handle.

    From here I really dont know there to go.
    I´ve enabled squad proxy server and created reverse proxy rules, but I can't get any request thru the FW and proxy.

    So to be honest, I need the complete run down.
    How do I configure the FW rules to send all requests on port 80 to proxy.
    How do I configure the proxy server and reverse proxy to handle the URL requests and redirects?

    If the answer is use a different package on pfsense. Please comment on that as well.
    I really dont care about what package is used as long as the issue can be resolved.

    Thanks!!



  • Hi,

    So I´ve done some investigation into this and fort of got this to work.
    I´ll summary up under whats been setup.

    1.
    FW Rule that allows access external to Reverse Proxy server. For the test I´ve uses port 1024 on Reverse Proxy.
    FW rule then looks like this.
    Source ANY
    Destination Single host or Alias 127.0.0.1 Port range 1024

    NAT Destination port range HTTP redirect target 127.0.0.1 port 1024.

    3.
    Proxy server enables with default settings on interface LAN, WAN and LOOPBACKUP.
    More testing to come here regarding interfaces needed to be involved.

    Reverse proxy enabled on LOOPBACK interface.
    Morte testing to come here as well.
    Squid HTTP reverse Proxy checkbox enabled.
    Reverse HTTP port 1024

    WEB server tab setup.
    Internal IP to web server and listening port.

    Mappings setup not sure if this is needed at this moment.
    So more testing here as well is needed.

    7.
    Redirects not setup at the moment.
    I guess this is needed to ensure that i can translate example photo.mydomain.com -> internalwebserver/photo
    I do have a web server that is accessed thru ip/photo and this I´ve not yet solved.
    If anyone has a tip here. Please share..

    Issue seen. Because of the reverse proxy webserver log show no WAN address accessing the web server. Only from internal GW IP.
    This means that I can't identify where the login originates from.
    Any suggestions to how I can fix that?

    Last but no least. Can I use the proxy server og reverse proxy to also translate the external URLs internally.
    example test2.example.com is only an external DNS setup and not internal on local DNS server.
    This means that for med to access the internal web server i must use IP or local hostname of web server.
    How can i setup squid to allow external DNS address to be used internally as well?



  • @primaryinc said in Squid Reverse proxy setup:

    Hi,

    So I´ve done some investigation into this and fort of got this to work.
    I´ll summary up under whats been setup.

    1.
    FW Rule that allows access external to Reverse Proxy server. For the test I´ve uses port 1024 on Reverse Proxy.
    FW rule then looks like this.
    Source ANY
    Destination Single host or Alias 127.0.0.1 Port range 1024

    NAT Destination port range HTTP redirect target 127.0.0.1 port 1024.

    3.
    Proxy server enables with default settings on interface LAN, WAN and LOOPBACKUP.
    More testing to come here regarding interfaces needed to be involved.

    Reverse proxy enabled on LOOPBACK interface.
    Morte testing to come here as well.
    Squid HTTP reverse Proxy checkbox enabled.
    Reverse HTTP port 1024

    WEB server tab setup.
    Internal IP to web server and listening port.

    Mappings setup not sure if this is needed at this moment.
    So more testing here as well is needed.

    7.
    Redirects not setup at the moment.
    I guess this is needed to ensure that i can translate example photo.mydomain.com -> internalwebserver/photo
    I do have a web server that is accessed thru ip/photo and this I´ve not yet solved.
    If anyone has a tip here. Please share..

    Issue seen. Because of the reverse proxy webserver log show no WAN address accessing the web server. Only from internal GW IP.
    This means that I can't identify where the login originates from.
    Any suggestions to how I can fix that?

    Last but no least. Can I use the proxy server og reverse proxy to also translate the external URLs internally.
    example test2.example.com is only an external DNS setup and not internal on local DNS server.
    This means that for med to access the internal web server i must use IP or local hostname of web server.
    How can i setup squid to allow external DNS address to be used internally as well?

    I wonder if you found answers to your questions?
    I am thinking about doing something similar

    Thx



  • @chudak

    I also would like updated steps on this.
    Trying to setup reverse proxy on LAN for 3 services on different ports without much success :(