Squid Reverse Proxy



  • Is it possible to revisit this topic?
    Tutorial - Squid Reverse proxy (HTTP)
    https://forum.pfsense.org/index.php?topic=56318.0

    I'm looking at the "simple tutorial" and, for me, it's too simple. A lot of assumptions are being made as to the skill level of the reader.

    Where does Squid sit in relation to the pfSense package? Is it inside the firewall? Is it outside the firewall but inside the router? That is, in the chain of events of getting a page request from the Internet to a server on the OPT interface at :10.2.10.2, where in that chain is Squid?

    Why is the WAN interface chosen? What would it mean if some other interface were chosen?

    Under what circumstances would I use a "User-defined reverse-proxy IP"? What would be an example and where would this example be applicable?

    In connection to what entity is the FQDN "domain.com' associated with? How does this single entry relate to 'www.foo.com', 'www.bar.com', and 'www.baz.com' as the several domain names I have DNS records pointing to my public IP address?

    What determines if a request is unauthorized? Who is the authorizing agent? By "the reverse-proxy", are we referring to Squid? (If so, say so.)

    What is HTTP Reverse mode? Why would I use it? What are the consequences if I put an arbitrary FQDN or IP address in this field?

    With respect to pfSense and Squid, what is a peer?

    What is reverse config, as in 'available for (verb)reverse config'? Is this action any different than squid reverse conf?

    Why is an alias needed? Doesn't the IP:Port suffice?

    How does the Group Name on the Mappings tab relate to the Peer Alias on the Web Servers tab?

    Can I put the IP address of any server box I happen to have in my environment? Such as box on the LAN interface, a box on the OPT1 interface, and another box on the OPT2 interface, and packets will get routed accordingly?

    With regards to the GUI:
    The field captions are really no different than the field legends and offer no additional assistance. If the author really wants to make massive improvements to the User Experience of this package's GUI, answer all the questions above, then put those answers in place of the existing, completely unhelpful, field captions. Then go through all the other tabs. For each form element, ask an 8-year-old what should be entered here. If you get an "I dunno," then explain it and put that explanation in the GUI.

    With regards to the tutorial:
    Explain the choices you made for the form entries. Explain the rational for the firewall rule settings. Elaborate on why only one rule is necessary. Why is the WAN address chosen for the Destination in the firewall rule as it's already on the WAN interface?

    The tutorial says: "…start publishing 2 local websites and one of them is going to be the PFsense [sic] website on the internet via a different Port [sic] rather than 80." You don't show the pfSense website. You show only one of the two published sites.