OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: opnsenseuser on February 09, 2019, 01:22:34 pm

Title: haproxy or squid for http and https conections?
Post by: opnsenseuser on February 09, 2019, 01:22:34 pm: Maybe someone can help me with my decision if I should use squid or haproxy for http and https connections.

1.
What are the advantages of haproxy / squid?

2.
So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

3.
Can haproxy also integrate icap or another virus protection under opnsense?

4.
Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

Thx
regards,
rené
Title: Re: haproxy or squid for http and https conections?
Post by: fabian on February 09, 2019, 02:55:09 pm: Quote from: opnsenseuser on February 09, 2019, 01:22:34 pm
1. What are the advantages of haproxy / squid?

You cannot compare them on OPNsense because HAProxy and nginx are reverse proxies (work on the server side) while squid is used as a forward proxy (on your side if you access the internet via an internal proxy). In theory, squid could also act as a reverse proxy but that is not implemented in the OPNsense web interface.

The only plugin which acts as both, reverse an forward, is TOR.

Quote from: opnsenseuser on February 09, 2019, 01:22:34 pm
2. So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

NO, see 1.

Quote from: opnsenseuser on February 09, 2019, 01:22:34 pm
3. Can haproxy also integrate icap or another virus protection under opnsense?

not that I know but definitely not on OPNsense.

Quote from: opnsenseuser on February 09, 2019, 01:22:34 pm
4. Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

I had to do a small change in TLS interception to make the config valid again but the rest should not have been changed on OPNsense between v3 and v4.
Title: Re: haproxy or squid for http and https conections?
Post by: opnsenseuser on February 09, 2019, 04:18:47 pm: ok, thanks for the explanation.
Have learned again and now understand the difference between forward proxy and reverse proxy better.

regards
rené
Title: Re: haproxy or squid for http and https conections?
Post by: opnsenseuser on February 09, 2019, 04:22:04 pm: but what if i want to use a forward proxy with the lets encrypt certificate?
Since as I read squid does not support the lets encrypt certificate.
So what can i do if i want to use a forward proxy with the lets encrypt certificate?
Title: Re: haproxy or squid for http and https conections?
Post by: opnsenseuser on February 09, 2019, 05:39:53 pm: I think I can give myself the answer.

I read something here.
https://docs.diladele.com/faq/squid/non_root_ca.html (https://docs.diladele.com/faq/squid/non_root_ca.html)
and here:
https://forum.netgate.com/topic/124985/how-to-use-ssl-let-s-encrypt-with-squid (https://forum.netgate.com/topic/124985/how-to-use-ssl-let-s-encrypt-with-squid)

I'm just not quite smart with the different certificate types.

Short overview tutorial of the proxy types:
http://www.webupd8.org/2010/02/differences-between-3-types-of-proxy.html (http://www.webupd8.org/2010/02/differences-between-3-types-of-proxy.html)

Tutorial for ssl certificate types:
https://aboutssl.org/type-of-ssl/ (https://aboutssl.org/type-of-ssl//)