Need Advise on: pfsense + squid + nginx

  • good day to all,

    I'm a new pfsense user, my current pfsense setup is on an Intel Atom D2700DC with 4Gb of RAM and a 160Gb HDD plus a pci dual gigabit Intel NIC. The WAN side is configured as PPPoE and the modem is currently set in bridge mode. There are currently no set of rules in the firewall and such, just plain install. Lastly, I have squid installed to cache some internet stuff around.

    I have around 5 computers at home mostly used for gaming (Dota/Dota II/Crossfire/etc) and it seems that these games updates frequently and sometimes its size are insanely huge!, thankfully, I have squid installed which helps a bit of the download burden but squids cache is just not that 100% HIT mainly due to CDN things (Content Delivery Network) + their so called Dynamic Content stuff :(.

    And to let you know, these computers are configured in a way that when it is rebooted, it will resort back to a predefined state, something like deepfreeze/shadow defender. The computers are not always on but when it is shutdown/powered up again, and there is a BIG update, those update will be re-downloaded again if the game is selected to be played.

    I have a 5mbps download and around .8mbps upload speed and we have some sort of "fair usage policy" of which if a certain ?GB is reached, our download connection will be throttled :(

    What I'm trying to achive is to as much as possible do a 100% cache of these install/updates and this pointed me to "LANcache" using 'nginx'.

    I have installed nginx ( 1.8 ) natively via console (via pkg install nginx) but not yet configured it/experimented.

    My question is: Is it alright to have nginx installed and configured in pfsense so that it can do similar what '' "LANcache" did so that I can dynamically cache the install/update of such games?, is there any side effects? (aside if I have both squid and nginx in pfsense. I'm not worried of the possibility to have duplicate contents)

    I will still retain squid as it will be doing general cache and nginx doing specific cache.

    Any positive/negative thoughts are appreciated, thanks

  • I'm not that familiar with nginx as a cache, but assuming it can do web caching then it could be treated as a regular upstream caching server to squid.  Is this really the best solution?  Your problem will just grow bigger and bigger with time.  Perhaps you need to look at refreshing the PCs more regularly, especially when big patches are released.

  • @KOM:

    Is this really the best solution?

    yes sir, since I'm not always home, and the squid + nginx is my only solution [as far as I know of]


    Your problem will just grow bigger and bigger with time.

    may you elaborate what will be this problem? as I don't know.


  • may you elaborate what will be this problem? as I don't know.

    You have a bunch of PCs with snapshots that can restore them to a known state.  As time goes on, further patches and updates will make those snapshots more and more out of date, to the point where it takes a lot of time updating after they have been restored.  I know this because I maintain a library of virtual machine images for our software developers to use.  Each month, I delete the snapshots, boot up each VM, update them and then snap them again.  When a developer needs a VM, it is at most one month out of date so any missing updates are small and install quickly.

    In your case, every time you restore one of your PCs, it will take longer and longer to patch them up because they are so far behind.  Do you understand what I am saying?

  • @KOM:

    Do you understand what I am saying?

    yes, I understand this one, these may be similar or not be virtual machines but diskless stations [but the same concept]

    I update them as I go home weekly. I know these very well, so not worry on these things, they'll be updated every time I'm there. I can tackle it completely fine.

    the concern is for "pfsense + squid + nginx" as if there are side effects that can be forseen, but I'll try then to experiment.

    I'll provide feedback then if there is any, thanks for the inputs

    anyways, am sorry, I did not see these sub forums.

  • Good luck.  Come back if you have problems, or successes.

  • as it turns out, its best just to leave pfsense alone and have any other contents be on another computer.

Log in to reply