Hi Nikita.
Am 03.10.19 um 12:02 schrieb Akhnin Nikita:
> Hello, Aleksandar!
>
> Vice versa, actually: Client -> Haproxy -> Squid -> Internet
>
> Here's the situation. Haproxy instance stands in a private network and
> interacts with the Internet through Firewall that performs NAT. Current
> schema looks like this:
> Client -> Haproxy -> FW (SNAT) -> Internet
>
> The firewall performs traffic filtering in addition to NAT (security
> reasons), and in its policies it operates by destination hosts IP-addresses,
> not domain names. And the problem comes when backend server hostname changes
> its IP-addresses (e.g. CDN). We must update Firewall configuration with new
> IP-addresses, and there is service downtime before firewall guys will do it.
> And we cannot just open network access from Haproxy to any host in the
> Internet.
>
> I'm looking for workaround for this. We have a Squid that can proxy HTTP
> requests to the Internet bypassing the Firewall. Also it filters requests by
> domain name. So I wonder if there is any way to proxy client requests to the
> Internet through Squid transparently to client (no configuration on client
> side).
> Something like this, but with Haproxy instead of Httpd:
> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyremote
I don't see any reason to use haproxy in this setup. Of course you can make a
listen like the snipplet below but why do you want to add haproxy into this
setup?
```
global
...
defaults
mode tcp
...
listen squid-gw
bind ::3124
server squid squid.local:3124 check
```
Isn't this a much easier setup?
Client -> Squid -> Internet
For client configs can you take a look into this page, there are several
possible solution described.
https://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers
For client's ip address can you setup PROXY Protocol in squid and haproxy
http://www.squid-cache.org/Doc/config/proxy_protocol_access/
http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.2-send-proxy
Hth
Aleks
> -Original Message-
> From: Aleksandar Lazic
> Sent: Wednesday, October 2, 2019 6:24 PM
> To: Ахнин Никита Андреевич ; haproxy@formilux.org
> Subject: Re: Use haproxy behind Squid
>
> Am 02.10.19 um 13:10 schrieb Akhnin Nikita:
>> Hey there!
>>
>> Is it possible to use Haproxy behind HTTP proxy like Squid to proxy
>> incoming requests to the Internet through it? It will be awesome if
>> someone will share the configuration example.
>
> Do you mean such a flow?
>
> Internet -> squid -> haproxy -> Client
>
> This statement confuses me a little bit.
>
>> to proxy incoming requests to the Internet
>
> From which point of view is incomming and outgoing?
>
> Regards
> Aleks
>