OPNsense Forum

English Forums => General Discussion => Topic started by: junglemattie on May 20, 2016, 11:41:27 am

Title: Feature request reverse proxy load balancing
Post by: junglemattie on May 20, 2016, 11:41:27 am
Hi,

I'd like to send in a feature request to setup support for NGINX and Varnish to support a more complex reverse proxy load balancer.

- Support for url and domain routing
- Support for varnish caching mechanism on url content

I know this is a request that will take some time to complete and most can be done with Squid I guess but currently I haven't found an option to setup Squid in opnsense as reverse proxy instead of forwarding proxy.
Any changes locally on squid will get overridden when changing entries in the proxy setup.

Ideally I would like to use OPNsense to load balance a web cluster with url and domain routing and have a caching mechanism in the middle or running next to it using varnish cache.

Not sure if the general discussion is where this request should be placed, if not sorry for posting it in general section.

Really like the way the OPNsense project is heading to.

Keep up the good work!

Thanks

Matthew
Title: Re: Feature request reverse proxy load balancing
Post by: AdSchellevis on May 20, 2016, 06:37:35 pm
Hi Matthew,

I don't expect nginx + varnish to come in soon, but you might be interested in haproxy for the reverse proxy feature.

Frank has been working on it, and you can install it using our plugin system. He wrote some information in his original pull request, which can be found here https://github.com/opnsense/plugins/pull/10 (https://github.com/opnsense/plugins/pull/10)

Regards,

Ad
Title: Re: Feature request reverse proxy load balancing
Post by: franco on May 20, 2016, 07:09:16 pm
Hi Matthew,

A 1.1 version of HAProxy is currently pending, the 16.1.14 one was tweaked a bit after release.

Would it help to have varnish and nginx as binary packages in order for you to pick up some of the work or to deploy a custom solution?

This will put valuable build resources (and time) on these tasks so I don't want to add them lightly.


Cheers,
Franco
Title: Re: Feature request reverse proxy load balancing
Post by: junglemattie on May 23, 2016, 04:18:59 pm
Hi Franco & Ad,

I will have a look at the HAProxy plugin, didn't look into this as I thought HAProxy didn't support ssl termination yet, but they seem to added support for this now, so I guess I can have a look into HAProxy for the url load balancing.
I will do some tests for the HAProxy but I think the plugin is not mature enough yet to provide me a full complex setup for the url/domain routing I am looking for right now.
I'll see if I can deploy some tests so maybe I can contribute on what needs improving.
I see no need currently for you to add varnish and ngnix as modules or binary support to take time off your hand on things that are needed more urgently then this.
So in future if the support of varnish and ngnix would be possible this would be nice, but I have no need for it right away as I will be deploying a custom solution right now.

Thanks!
Title: Re: Feature request reverse proxy load balancing
Post by: fraenki on May 25, 2016, 04:14:47 pm
I will have a look at the HAProxy plugin, didn't look into this as I thought HAProxy didn't support ssl termination yet, but they seem to added support for this now, so I guess I can have a look into HAProxy for the url load balancing.

SSL termination is working great in HAProxy these days. We're using it with multiple certs and HAProxy automatically picks up the correct SSL certificate for the request.

I will do some tests for the HAProxy but I think the plugin is not mature enough yet to provide me a full complex setup for the url/domain routing I am looking for right now.

It's true that the HAProxy plugin is still in it's early days, but we're already using it in production here. If you find bugs or have questions I'm here to help.


Regards
- Frank