haproxy or squid for http and https conections?

[opnsenseuser]

Maybe someone can help me with my decision if I should use squid or haproxy for http and https connections.

1.
What are the advantages of haproxy / squid?

2.
So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

3.
Can haproxy also integrate icap or another virus protection under opnsense?

4.
Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

Thx
regards,
rené

[fabian]

1. What are the advantages of haproxy / squid?

You cannot compare them on OPNsense because HAProxy and nginx are reverse proxies (work on the server side) while squid is used as a forward proxy (on your side if you access the internet via an internal proxy). In theory, squid could also act as a reverse proxy but that is not implemented in the OPNsense web interface.

The only plugin which acts as both, reverse an forward, is TOR.

2. So far, I use squid for my http and https connections. is it useful to use haproxy as a replacement?

NO, see 1.

3. Can haproxy also integrate icap or another virus protection under opnsense?

not that I know but definitely not on OPNsense.

4. Since I've noticed that squid is updated to version 4, what will this change in squid or what will be improved by the update and when will this update be integrated into opnsense?

I had to do a small change in TLS interception to make the config valid again but the rest should not have been changed on OPNsense between v3 and v4.

[opnsenseuser]

ok, thanks for the explanation.
Have learned again and now understand the difference between forward proxy and reverse proxy better.

regards
rené

[opnsenseuser]

but what if i want to use a forward proxy with the lets encrypt certificate?
Since as I read squid does not support the lets encrypt certificate.
So what can i do if i want to use a forward proxy with the lets encrypt certificate?

[opnsenseuser]

I think I can give myself the answer.

I read something here.
https://docs.diladele.com/faq/squid/non_root_ca.html
and here:
https://forum.netgate.com/topic/124985/how-to-use-ssl-let-s-encrypt-with-squid

I'm just not quite smart with the different certificate types.

Short overview tutorial of the proxy types:
http://www.webupd8.org/2010/02/differences-between-3-types-of-proxy.html

Tutorial for ssl certificate types:
https://aboutssl.org/type-of-ssl/