pfSense Gold Subscription

Author Topic: Squid Reverse proxy setup  (Read 113 times)

0 Members and 1 Guest are viewing this topic.

Offline PrimaryInc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Squid Reverse proxy setup
« on: November 07, 2017, 04:40:17 am »
Hi,

Sorry if this has been answered before but I'm really struggling to figure out how to use squid and reverse proxy so forward external requests to multiple internal web servers.
To start of, Im a need to pfsense so please be patient with me :)
Also Im running Community edition 2.4.1 and latest switch proxy server and reverse proxy package

What I want to do?

Lest say I have 3 different external URLs based on the same domain name.

example.com
test2.example.com
test3.example.com

I want example.com to redirect to internal web server IP 192.168.1.10
I want test2.example.com to redirect to internal web server IP 192.168.1.11
I want test3.example.com to redirect to internal web server IP 192.168.1.12/photo
All requests on port 80
Different scenarios, but to my understanding possible to handle.

From here I really dont know there to go.
Ive enabled squad proxy server and created reverse proxy rules, but I can't get any request thru the FW and proxy.

So to be honest, I need the complete run down.
How do I configure the FW rules to send all requests on port 80 to proxy.
How do I configure the proxy server and reverse proxy to handle the URL requests and redirects?

If the answer is use a different package on pfsense. Please comment on that as well.
I really dont care about what package is used as long as the issue can be resolved.

Thanks!!




Offline PrimaryInc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Squid Reverse proxy setup
« Reply #1 on: November 08, 2017, 12:29:14 am »
Hi,

So Ive done some investigation into this and fort of got this to work.
Ill summary up under whats been setup.

1.
FW Rule that allows access external to Reverse Proxy server. For the test Ive uses port 1024 on Reverse Proxy.
FW rule then looks like this.
Source ANY
Destination Single host or Alias 127.0.0.1 Port range 1024

2.
NAT Destination port range HTTP redirect target 127.0.0.1 port 1024.

3.
Proxy server enables with default settings on interface LAN, WAN and LOOPBACKUP.
More testing to come here regarding interfaces needed to be involved.

4.
Reverse proxy enabled on LOOPBACK interface.
Morte testing to come here as well.
Squid HTTP reverse Proxy checkbox enabled.
Reverse HTTP port 1024

5.
WEB server tab setup.
Internal IP to web server and listening port.

6.
Mappings setup not sure if this is needed at this moment.
So more testing here as well is needed.

7.
Redirects not setup at the moment.
I guess this is needed to ensure that i can translate example photo.mydomain.com -> internalwebserver/photo
I do have a web server that is accessed thru ip/photo and this Ive not yet solved.
If anyone has a tip here. Please share..

8.
Issue seen. Because of the reverse proxy webserver log show no WAN address accessing the web server. Only from internal GW IP.
This means that I can't identify where the login originates from.
Any suggestions to how I can fix that?

9.
Last but no least. Can I use the proxy server og reverse proxy to also translate the external URLs internally.
example test2.example.com is only an external DNS setup and not internal on local DNS server.
This means that for med to access the internal web server i must use IP or local hostname of web server.
How can i setup squid to allow external DNS address to be used internally as well?