Reverse proxy. Need to multiplex multiple publicly-accessible, secure, websites running on private IPs from a single public IP. It *is* hard to write that both succinctly and unambiguously! -Adam
On May 31, 2015 8:54:14 AM CDT, Espen Johansen <[email protected]> wrote: >Actually. Are you looking for reverse proxy or a user proxy. I'm >confused >after reading your mail a few times. > >Brgds, Espen >31. mai 2015 15:35 skrev "Espen Johansen" <[email protected]>: > >> Exclude varnish its primarily made for frontend LB proxy. >> >> søn. 31. mai 2015, 15:32 skrev Adam Thompson <[email protected]>: >> >>> Oh, shoot, that's a good point - I probably do need SNI support for >SSL. >>> I may be able to get a wildcard cert, but that will be an issue one >way or >>> another. >>> >>> Varnish doesn't support SSL at all, although I could theoretically >do it >>> with stunnel and a wildcard cert. >>> Squid does support SSL, but appears to require wildcard cert. >>> Squid3 *may* support SNI, can't tell. >>> Haproxy supports SNI; hopefully the pfSense package is new enough to >>> include that. >>> Apache supports SNI, supposedly. >>> >>> So I'm still left with a (overly, IMHO) large list. >>> I could also just port-forward TCP/{80,443} to a host behind the >firewall >>> and do everything there, too. >>> >>> Argh, too many options, not enough clarity on which packages are >>> supported vs. which ones are semi-orphaned. >>> >>> -Adam >>> >>> On May 30, 2015 11:12:01 PM CDT, Travis Hansen ><[email protected]> >>> wrote: >>> >If you're looking for pure proxy frontend I'd stick with haproxy or >>> >apache (I use haproxy). >>> >haproxy provides load balancing and can do other things besides >>> >strictly http(s) such a pure tcp and transparent proxy stuff. >>> >Apache provides some things like mod_rewrite (I assume the pfsense >>> >build comes with that) etc that aren't easily done with haproxy. >>> >I could be wrong but if you're looking for SSL offloading (I ensure >all >>> >traffic goes over SSL) varnish and squid would be out of the >>> >picture. Travis Hansen >>> >[email protected] >>> > >>> > >>> >On Saturday, May 30, 2015 8:25 PM, Adam Thompson >>> ><[email protected]> wrote: >>> > >>> > >>> >I need to run a reverse proxy on a pfSense gateway - multiple >websites, >>> > >>> >one public IP, the usual reason. >>> >However, I see there's a larger selection available than the last >time >>> >I >>> >looked. >>> > >>> >It appears we now have: >>> >* Apache w/mod_security-dev v0.43 / 0.22 >>> >* haproxy-1_5 v0.23 >>> >* haproxy-devel v0.24 >>> >* Proxy Server w/mod_security v0.1.7 / 0.22.999 >>> >* squid >>> >* squid3 >>> >* varnish3 >>> > >>> >1. Have I missed any? >>> >2. Are "Apache w/mod_security-dev" and "Proxy Server >w/mod_security" >>> >essentially the same thing? >>> >3. For relatively simple cases (straightforward >hostname-to-internal-IP >>> > >>> >mapping), is there any compelling reason to use one over another on >>> >pfSense 2.2 today? FWIW, this firewall is relatively underpowered >>> >(PowerEdge 1750, dual 2.4GHz P4-era Xeons). >>> > >>> >-- >>> >-Adam Thompson >>> > [email protected] >>> > +1 (204) 291-7950 - cell >>> > +1 (204) 489-6515 - fax >>> > >>> >_______________________________________________ >>> >pfSense mailing list >>> >https://lists.pfsense.org/mailman/listinfo/list >>> >Support the project with Gold! https://pfsense.org/gold >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> >_______________________________________________ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
