Exclude varnish its primarily made for frontend LB proxy.
søn. 31. mai 2015, 15:32 skrev Adam Thompson <[email protected]>:
> Oh, shoot, that's a good point - I probably do need SNI support for SSL.
> I may be able to get a wildcard cert, but that will be an issue one way or
> another.
>
> Varnish doesn't support SSL at all, although I could theoretically do it
> with stunnel and a wildcard cert.
> Squid does support SSL, but appears to require wildcard cert.
> Squid3 *may* support SNI, can't tell.
> Haproxy supports SNI; hopefully the pfSense package is new enough to
> include that.
> Apache supports SNI, supposedly.
>
> So I'm still left with a (overly, IMHO) large list.
> I could also just port-forward TCP/{80,443} to a host behind the firewall
> and do everything there, too.
>
> Argh, too many options, not enough clarity on which packages are supported
> vs. which ones are semi-orphaned.
>
> -Adam
>
> On May 30, 2015 11:12:01 PM CDT, Travis Hansen <[email protected]>
> wrote:
> >If you're looking for pure proxy frontend I'd stick with haproxy or
> >apache (I use haproxy).
> >haproxy provides load balancing and can do other things besides
> >strictly http(s) such a pure tcp and transparent proxy stuff.
> >Apache provides some things like mod_rewrite (I assume the pfsense
> >build comes with that) etc that aren't easily done with haproxy.
> >I could be wrong but if you're looking for SSL offloading (I ensure all
> >traffic goes over SSL) varnish and squid would be out of the
> >picture. Travis Hansen
> >[email protected]
> >
> >
> >On Saturday, May 30, 2015 8:25 PM, Adam Thompson
> ><[email protected]> wrote:
> >
> >
> >I need to run a reverse proxy on a pfSense gateway - multiple websites,
> >
> >one public IP, the usual reason.
> >However, I see there's a larger selection available than the last time
> >I
> >looked.
> >
> >It appears we now have:
> >* Apache w/mod_security-dev v0.43 / 0.22
> >* haproxy-1_5 v0.23
> >* haproxy-devel v0.24
> >* Proxy Server w/mod_security v0.1.7 / 0.22.999
> >* squid
> >* squid3
> >* varnish3
> >
> >1. Have I missed any?
> >2. Are "Apache w/mod_security-dev" and "Proxy Server w/mod_security"
> >essentially the same thing?
> >3. For relatively simple cases (straightforward hostname-to-internal-IP
> >
> >mapping), is there any compelling reason to use one over another on
> >pfSense 2.2 today? FWIW, this firewall is relatively underpowered
> >(PowerEdge 1750, dual 2.4GHz P4-era Xeons).
> >
> >--
> >-Adam Thompson
> > [email protected]
> > +1 (204) 291-7950 - cell
> > +1 (204) 489-6515 - fax
> >
> >_______________________________________________
> >pfSense mailing list
> >https://lists.pfsense.org/mailman/listinfo/list
> >Support the project with Gold! https://pfsense.org/gold
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
