• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy, Pound, Squid-Reverse & Varnish

Scheduled Pinned Locked Moved pfSense Packages
6 Posts 3 Posters 7.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    canefield
    last edited by Apr 3, 2012, 2:52 PM

    Dear all,

    I've tried and spent hours configuring HAProxy, Pound, Squid-Reverse & Varnish.

    My goal is to setup a reverse proxy handling host-headers to the corresponding servers and Load Balance if applicable. For HTTP as well as HTTPS.

    • http://www.domain.com/ refers to server: 192.168.125.10 (port 80)
    • http://www.domain1.com/ refers to server: 192.168.125.11 (port 80)
    • http://extranet.domain.com/ refers to server: 192.168.125.21 (port 80 + LB)
    • http://extranet.domain.com/ refers to server: 192.168.125.23 (port 80 + LB)
    • https://intranet.domain.com/ refers to server: 192.168.140.241 (port 443 & 987 + LB)
    • https://intranet.domain.com/ refers to server: 192.168.140.245 (port 443 & 987 + LB)
    • https://webmail.domain.com/owa refers to server: 192.168.140.245 (port 443; MS Exchange + LB)
    • https://webmail.domain.com/owa refers to server: 192.168.140.247 (port 443; MS Exchange + LB)

    I can't figure out how to configure all the above packages; all without any luck. All packages except Pound is not implemented in pfSense. Some people swear by one package others to complete others. Which one to choose? Could somebody help me configuring one of the best suitable and stable package?

    Thanks in advance,
    Canefield

    1 Reply Last reply Reply Quote 0
    • M
      marcelloc
      last edited by Apr 3, 2012, 3:03 PM Apr 3, 2012, 3:00 PM

      canefield,

      I think your first try should be configuring just squid-reverse.

      I'm very busy these days with my job and some package improvements(including squid-reverse).
      It's on my todo list simplify this publishing process and I believe that squid-reverse is the most simple package for reverse proxy with http/https.

      att,
      Marcello Coutinho

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • C
        canefield
        last edited by Apr 3, 2012, 3:22 PM

        Marcello,

        Thanks for your reply. I will have a closer look at Squid. Could somebody help me out configuring this. I'm new to Linux and pfSense. I don't have any clues.

        Thanks,
        Canefield

        1 Reply Last reply Reply Quote 0
        • C
          Cino
          last edited by Apr 3, 2012, 4:12 PM

          @marcelloc:

          canefield,

          I think your first try should be configuring just squid-reverse.

          I'm very busy these days with my job and some package improvements(including squid-reverse).
          It's on my todo list simplify this publishing process and I believe that squid-reverse is the most simple package for reverse proxy with http/https.

          att,
          Marcello Coutinho

          I've been using pound for a while but prefer to use packages that are built for pfsense(for support reasons). I agree with marcelloc, that squid-reverse would be the way to go but LB options are not in the GUI(at least from what I can tell). Hopefully this will be added soon because the syntax is different when setting up Reverse-Proxy with LB (http://wiki.squid-cache.org/SquidFaq/ReverseProxy#Load_balancing_of_backend_servers) but its straight forward. For performance, I've heard Varnish is the way to go but the configuration can be very complex.

          1 Reply Last reply Reply Quote 0
          • C
            canefield
            last edited by Apr 3, 2012, 8:01 PM

            Cino,

            Thanks for your reply. You're telling me it it pretty straight-forward, but I don't get it. As you're indicating I believe I also should use packages included and supported by pfSense.

            Could somebody provide me with a working configuration, step-by-step example, screenshots, etc.?

            Thanks,
            Canefield

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by Apr 4, 2012, 1:17 AM

              Canefield,

              Here is how i configured the Reverse settings tab for my setup:

              Reverse Proxy interface: loopback  (could be your WAN, but I setup a NAT Port-forward rule)
              external FQDN: FQDN that will resolve the public IP, example your WAN IP
              Enable HTTP reverse mode: checked
              reverse HTTP port: 9080  (could be 80 but the NAT Port-forward rule will direct traffic from port 80 to 9080)

              peer definitions :
              HOST_SERVER1;192.168.0.150;80;HTTP
              HOST_SERVER2;192.168.0.100;80;HTTP
              HOST_SERVER3;192.168.0.50;80;HTTP
              HOST_SERVER4;192.168.0.10;80;HTTP

              URI definitions:
              WEBAPP_SERVER1;;http://host1.domain.net
              WEBAPP_SERVER1;
              ;http://host2.domain.net
              WEBAPP_SERVER1;;http://host3.domain.net
              WEBAPP_SERVER2;
              ;http://host1.domain2.com
              WEBAPP_SERVER2;;http://box.domain2.net
              WEBAPP_SERVER2;
              ;http://boxone.domain2.net
              WEBAPP_SERVER2;;http://domain2.net
              WEBAPP_SERVER2;
              ;http://..domain2.net    (wildcard for host names)
              WEBAPP_SERVER3;
              ;http://domain3.net
              WEBAPP_SERVER4;*;http://domain4.net

              ACL definitions:
              HOST_SERVER1;WEBAPP_SERVER1
              HOST_SERVER2;WEBAPP_SERVER2
              HOST_SERVER3;WEBAPP_SERVER3
              HOST_SERVER4;WEBAPP_SERVER4

              create a NAT rule:
              interface WAN
              Protocol  TCP
              DEST: WAN Address
              DEST Port: 80
              Redirect IP: 127.0.0.1
              Redirect Port: 9080
              Filter rule association: Create associated filter rule

              I haven't tried https, but see if you can get http to work first… Maybe someone else can help with HTTPS... Like I said before, LB options aren't built into the GUI from what I can tell but its probably in the works(I hope anyways)

              Hope this helps

              Stephen

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received