Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense, Squid, etc… need an advice

    General pfSense Questions
    2
    7
    2717
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      drift1 last edited by

      Hello to everyone,

      I would like to ask some questions:

      1. Can I do configuration like this (I only have two WAN static IP):

      switch
      Internet line1–---PFsense (one static IP X)---Squid-------|
                                        |                                            |--- Server Apache A (192.168.0.1,  domain1.com)
                                        |                                            |                                
                                        |                                            |--- Server Apache B (192.168.0.2,  domain2.com)
                                        |(load balancing &                     |
                                        | failover)                                |--- Server Apache C (192.168.0.3,  domain3.com)
                                        |                                            |
                                        |                                            |
      Internet line2-----PFsense (one static IP Y)-----Squid----

      The whole point of this scheme is using just one static IP for redirecting request by squid on port80 to different apache servers.
      But I don't know is it logical and correct.

      2. Can I install in both PFsense TinyDNS packages and use them as name servers (DNS servers) for couple hundreds domains. It is for small hosting.

      3. Is there any way to configure PFsense with just ONLY ONE WAN STATIC IP to handle combination like this

      |–-- Apache server A, 192.168.1.1, port80, domain1.com
                                                      |-----Apache server B, 192.168.1.2, port80, domain2.com
      PFsense with one static WAN IP-----|---- Apache server C  192.168.1.3, port80, domain3.com
                                                      | -----Apache server D  192.168.1.4, port80, domain4.com
                                                      |-----Apache server E  192.168.1.5,  port80, domain5.com

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        3. Yes but it's not straight forward. In order to redirect the incoming requests using host headers for routing you need to install a reverse proxy. There are a number of posts on the forum on this subject, here's one to get you started:
        http://forum.pfsense.org/index.php/topic,33566.0.html

        Steve

        1 Reply Last reply Reply Quote 0
        • D
          drift1 last edited by

          Steve, big thanks for your answer! You point me to the right direction. I am using 1.2.3 version and as for packages, stable versions has only Squid and vHosts which uses the lighttpd web server that is already installed in it. Does someone know, is it possible to do such configurations with these packages not using CLI, but only from GUI? Are they stable enough or should i look into Pfsense 2.0 version/packages if it has it?

          I noticed and Proxy Server with mod_security package, but it is marked as ALPHA. Is there people using it in production environment and having success?

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Unfortunately there doesn't seem to be any way to do this from the GUI only at this time.  :(
            Squid definitely not.
            Pound is CLI only, not a pfSense package.
            HAProxy, don't know. I've never used it but it's a package from pfSense devs so it will be well supported.

            How bad do you want this? You could offer a bounty for someone to turn pound into a package.
            I've no idea how much it would take, time/money.

            Steve

            Edit: looks like you can with HAProxy:
            http://www.techrawr.com/2009/09/18/using-the-acl-in-haproxy-for-load-balancing-named-virtual-hosts/

            1 Reply Last reply Reply Quote 0
            • D
              drift1 last edited by

              I just wondering if it is possible (my question 3.) to do with existing packages. I have couple of workstations/servers where I plan to host some domains. Nothing big about that.
              Because of lack of computers I thought about economic variant - to set up cache and reverse proxy on top of PFsense. It is sad that I can't do it in easy way logged on PFsense GUI area, but one more time thanks for your information. Actualy hard to believe that such big product does not have this funkctionality.

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by

                It looks like you can do it with the haproxy package. I'm not sure if you can do it all from the gui, I've never used it.
                If you just have a few domains why not host them all on one machine and avoid the problem?
                I just stumbled across this thread. You might get more/better help if you started a thread in the packages section.

                Steve

                Edit: Here's a post explaining how to do it on pfSense 1.2.3:
                http://forum.pfsense.org/index.php/topic,21748.msg118061.html#msg118061

                1 Reply Last reply Reply Quote 0
                • D
                  drift1 last edited by

                  Steve one more time thank you for info and searched links. The great news is that seems I do not need to write into config every website domain together with IP address of the server.
                  HAproxy let write just IP address of servers and then requets searching the necessary server for website by his own, if I understood correctly? If anyone knows more way to achieve this goals, please let me know.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post