Hi Nikita. Am 03.10.19 um 12:02 schrieb Akhnin Nikita: > Hello, Aleksandar! > > Vice versa, actually: Client -> Haproxy -> Squid -> Internet > > Here's the situation. Haproxy instance stands in a private network and > interacts with the Internet through Firewall that performs NAT. Current > schema looks like this: > Client -> Haproxy -> FW (SNAT) -> Internet > > The firewall performs traffic filtering in addition to NAT (security > reasons), and in its policies it operates by destination hosts IP-addresses, > not domain names. And the problem comes when backend server hostname changes > its IP-addresses (e.g. CDN). We must update Firewall configuration with new > IP-addresses, and there is service downtime before firewall guys will do it. > And we cannot just open network access from Haproxy to any host in the > Internet. > > I'm looking for workaround for this. We have a Squid that can proxy HTTP > requests to the Internet bypassing the Firewall. Also it filters requests by > domain name. So I wonder if there is any way to proxy client requests to the > Internet through Squid transparently to client (no configuration on client > side). > Something like this, but with Haproxy instead of Httpd: > https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyremote
I don't see any reason to use haproxy in this setup. Of course you can make a listen like the snipplet below but why do you want to add haproxy into this setup? ``` global ... defaults mode tcp ... listen squid-gw bind ::3124 server squid squid.local:3124 check ``` Isn't this a much easier setup? Client -> Squid -> Internet For client configs can you take a look into this page, there are several possible solution described. https://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers For client's ip address can you setup PROXY Protocol in squid and haproxy http://www.squid-cache.org/Doc/config/proxy_protocol_access/ http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy Hth Aleks > -----Original Message----- > From: Aleksandar Lazic <[email protected]> > Sent: Wednesday, October 2, 2019 6:24 PM > To: Ахнин Никита Андреевич <[email protected]>; [email protected] > Subject: Re: Use haproxy behind Squid > > Am 02.10.19 um 13:10 schrieb Akhnin Nikita: >> Hey there! >> >> Is it possible to use Haproxy behind HTTP proxy like Squid to proxy >> incoming requests to the Internet through it? It will be awesome if >> someone will share the configuration example. > > Do you mean such a flow? > > Internet -> squid -> haproxy -> Client > > This statement confuses me a little bit. > >> to proxy incoming requests to the Internet > > From which point of view is incomming and outgoing? > > Regards > Aleks >
