haproxy or squid for http and https conections?

Started by opnsenseuser, February 09, 2019, 01:22:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2019, 01:22:34 PM
Maybe someone can help me with my decision if I should use squid or haproxy for http and https connections.

1.
What are the advantages of haproxy / squid?

2.
So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

3.
Can haproxy also integrate icap or another virus protection under opnsense?

4.
Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

Thx
regards,
rené
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 09, 2019, 02:55:09 PM #1
Quote from: opnsenseuser on February 09, 2019, 01:22:34 PM
1. What are the advantages of haproxy / squid?

You cannot compare them on OPNsense because HAProxy and nginx are reverse proxies (work on the server side) while squid is used as a forward proxy (on your side if you access the internet via an internal proxy). In theory, squid could also act as a reverse proxy but that is not implemented in the OPNsense web interface.

The only plugin which acts as both, reverse an forward, is TOR.

Quote from: opnsenseuser on February 09, 2019, 01:22:34 PM
2. So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

NO, see 1.


Quote from: opnsenseuser on February 09, 2019, 01:22:34 PM
3. Can haproxy also integrate icap or another virus protection under opnsense?

not that I know but definitely not on OPNsense.

Quote from: opnsenseuser on February 09, 2019, 01:22:34 PM
4. Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

I had to do a small change in TLS interception to make the config valid again but the rest should not have been changed on OPNsense between v3 and v4.
February 09, 2019, 04:18:47 PM #2
ok, thanks for the explanation.
Have learned again and now understand the difference between forward proxy and reverse proxy better.

regards
rené
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 09, 2019, 04:22:04 PM #3 Last Edit: February 09, 2019, 04:58:43 PM by opnsenseuser
but what if i want to use a forward proxy with the lets encrypt certificate?
Since as I read squid does not support the lets encrypt certificate.
So what can i do if i want to use a forward proxy with the lets encrypt certificate?
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 09, 2019, 05:39:53 PM #4 Last Edit: February 09, 2019, 05:55:56 PM by opnsenseuser
I think I can give myself the answer.

I read something here.
https://docs.diladele.com/faq/squid/non_root_ca.html
and here:
https://forum.netgate.com/topic/124985/how-to-use-ssl-let-s-encrypt-with-squid

I'm just not quite smart with the different certificate types.

Short overview tutorial of the proxy types:
http://www.webupd8.org/2010/02/differences-between-3-types-of-proxy.html

Tutorial for ssl certificate types:
https://aboutssl.org/type-of-ssl/
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
Print
Go Up Pages1
User actions