Actually. Are you looking for reverse proxy or a user proxy. I'm confused after reading your mail a few times.
Brgds, Espen 31. mai 2015 15:35 skrev "Espen Johansen" <[email protected]>: > Exclude varnish its primarily made for frontend LB proxy. > > søn. 31. mai 2015, 15:32 skrev Adam Thompson <[email protected]>: > >> Oh, shoot, that's a good point - I probably do need SNI support for SSL. >> I may be able to get a wildcard cert, but that will be an issue one way or >> another. >> >> Varnish doesn't support SSL at all, although I could theoretically do it >> with stunnel and a wildcard cert. >> Squid does support SSL, but appears to require wildcard cert. >> Squid3 *may* support SNI, can't tell. >> Haproxy supports SNI; hopefully the pfSense package is new enough to >> include that. >> Apache supports SNI, supposedly. >> >> So I'm still left with a (overly, IMHO) large list. >> I could also just port-forward TCP/{80,443} to a host behind the firewall >> and do everything there, too. >> >> Argh, too many options, not enough clarity on which packages are >> supported vs. which ones are semi-orphaned. >> >> -Adam >> >> On May 30, 2015 11:12:01 PM CDT, Travis Hansen <[email protected]> >> wrote: >> >If you're looking for pure proxy frontend I'd stick with haproxy or >> >apache (I use haproxy). >> >haproxy provides load balancing and can do other things besides >> >strictly http(s) such a pure tcp and transparent proxy stuff. >> >Apache provides some things like mod_rewrite (I assume the pfsense >> >build comes with that) etc that aren't easily done with haproxy. >> >I could be wrong but if you're looking for SSL offloading (I ensure all >> >traffic goes over SSL) varnish and squid would be out of the >> >picture. Travis Hansen >> >[email protected] >> > >> > >> >On Saturday, May 30, 2015 8:25 PM, Adam Thompson >> ><[email protected]> wrote: >> > >> > >> >I need to run a reverse proxy on a pfSense gateway - multiple websites, >> > >> >one public IP, the usual reason. >> >However, I see there's a larger selection available than the last time >> >I >> >looked. >> > >> >It appears we now have: >> >* Apache w/mod_security-dev v0.43 / 0.22 >> >* haproxy-1_5 v0.23 >> >* haproxy-devel v0.24 >> >* Proxy Server w/mod_security v0.1.7 / 0.22.999 >> >* squid >> >* squid3 >> >* varnish3 >> > >> >1. Have I missed any? >> >2. Are "Apache w/mod_security-dev" and "Proxy Server w/mod_security" >> >essentially the same thing? >> >3. For relatively simple cases (straightforward hostname-to-internal-IP >> > >> >mapping), is there any compelling reason to use one over another on >> >pfSense 2.2 today? FWIW, this firewall is relatively underpowered >> >(PowerEdge 1750, dual 2.4GHz P4-era Xeons). >> > >> >-- >> >-Adam Thompson >> > [email protected] >> > +1 (204) 291-7950 - cell >> > +1 (204) 489-6515 - fax >> > >> >_______________________________________________ >> >pfSense mailing list >> >https://lists.pfsense.org/mailman/listinfo/list >> >Support the project with Gold! https://pfsense.org/gold >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
