Re: Squid Proxy question

2021-06-22 Thread James Mcphee via PLUG-discuss 
To avoid this confusion about squid, we call squid (in standard
configuration) a forward proxy, and haproxy (or nginx, or apache w/
mod_proxy module) a reverse proxy.  Based on what you described, you're
probably looking for a reverse proxy with SNI awareness.  SNI allows the
reverse proxy to run different rules based on Host: header in the request.
Apache calls this named-based virtual hosts.

Based on the initial description you want multiple domains routed through 1
external IP and probably the standard port 443.  Normally what I'd do here
is SSL offload at a reverse proxy with a cert with all the domains as SANs
that has the IP (or NAT) and route to my backend services using named-based
virtual hosts.

There are other options.  If you could break down exactly how you want the
traffic to arrive and where you want the rules, the list of technologies
will narrow itself down.

On Tue, Jun 22, 2021 at 5:58 PM Seabass via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> If you want, I can do a more specific containers presentation and be more
> specific on the configs for multiple domains on my 1 IP. (The nginx + ssl
> part that I didn't present on)
>
> Yes, you can use NAT, and in fact, I need to, because my servers don't use
> root ports.
> But that doesn't affect the domain/subdomains selected.
>
>
> ---
> Can this also be done with NAT built into pfsense
> any chance this could be done as a class at one of the meetings
> Keith
> On Tue, Jun 22, 2021 at 8:21 AM Stephen Partington via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
> > depending on what you are doing you can also have a single IP for all
> > sorts of domains all sorted by apache or Nginx. But it all classifies as
> HA
> > proxy
> >
> > On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
> > plug-discuss@lists.phxlinux.org> wrote:
> >
> >> You want HA Proxy to do what you want. YouTube Lawrence systems HA
> Proxy.
> >> He has great video tutorials on it.
> >>
> >> Sent from my iPhone
> >>
> >> > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
> >> plug-discuss@lists.phxlinux.org> wrote:
> >> >
> >> > 
> >> > I have installed and been working now PfSense firewall awesome product
> >> > I have about 9 domain I host from home and through lack of knowledge
> >> also have 8 static IP's for those domains
> >> > I have known about Squid proxy and I BELIEVE its ability to allow me
> to
> >> host all 8 domain behind one public IP
> >> > pfsense has a installable module for squid proxy is my ASSUMPTION
> >> correct about what squid proxy does and if I install it
> >> > will it mess with my working domain right now.
> >> >
> >> > --
> >> > Keith D. Miller
> >> > ---
> >> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> >> > To subscribe, unsubscribe, or to change your mail settings:
> >> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >> ---
> >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> >
> >
> > --
> > A mouse trap, placed on top of your alarm clock, will prevent you from
> > rolling over and going back to sleep after you hit the snooze button.
> >
> > Stephen
> >
> > ---
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> --
> Keith D. Miller
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20210622/cf62b043/attachment-0001.html>
> --
> Subject: Digest Footer
> ___
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> --
> End of PLUG-discuss Digest, Vol 192, Issue 16
> *
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



-- 
James McPhee
jmc...@gmail.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread Seabass via PLUG-discuss 
If you want, I can do a more specific containers presentation and be more 
specific on the configs for multiple domains on my 1 IP. (The nginx + ssl part 
that I didn't present on)

Yes, you can use NAT, and in fact, I need to, because my servers don't use root 
ports.
But that doesn't affect the domain/subdomains selected.

---
Can this also be done with NAT built into pfsense
any chance this could be done as a class at one of the meetings
Keith
On Tue, Jun 22, 2021 at 8:21 AM Stephen Partington via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
> depending on what you are doing you can also have a single IP for all
> sorts of domains all sorted by apache or Nginx. But it all classifies as HA
> proxy
>
> On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> You want HA Proxy to do what you want. YouTube Lawrence systems HA Proxy.
>> He has great video tutorials on it.
>>
>> Sent from my iPhone
>>
>> > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>> >
>> > 
>> > I have installed and been working now PfSense firewall awesome product
>> > I have about 9 domain I host from home and through lack of knowledge
>> also have 8 static IP's for those domains
>> > I have known about Squid proxy and I BELIEVE its ability to allow me to
>> host all 8 domain behind one public IP
>> > pfsense has a installable module for squid proxy is my ASSUMPTION
>> correct about what squid proxy does and if I install it
>> > will it mess with my working domain right now.
>> >
>> > --
>> > Keith D. Miller
>> > ---
>> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Keith D. Miller
-- next part --
An HTML attachment was scrubbed...
URL: 

--
Subject: Digest Footer
___
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
End of PLUG-discuss Digest, Vol 192, Issue 16
*---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread Michael Butash via PLUG-discuss 
Squid is more for outbound proxy (inside to outside), not inbound (outside
to inside).  IE. you have 2-1000's of users connecting out, and want to
funnel them through an appliance to log what they do.

If you want inbound for web services and such like your 9 websites, better
off using nginx or haproxy to do so.  Nginx can give your unencrypted 80
access, and present tls-based services if you wanted to (who doesn't want
encryption?), even things like quic/http2/3 for faster protocols. HAProxy
is more base level tcp redirect function, but less about web services and
more at a L4 port decision, accomplishes the same minus TLS termination
nginx can/might.  People buy appliances like load-balancers to do these
sorts of things too.

-mb


On Sun, Jun 20, 2021 at 12:39 PM keith Miller via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> I have installed and been working now PfSense firewall awesome product
> I have about 9 domain I  host from home and through lack of knowledge also
> have 8 static IP's for those domains
> I have known about Squid proxy and I BELIEVE its ability to allow me to
> host all 8 domain behind one public IP
> pfsense has a installable module for squid proxy is my ASSUMPTION correct
> about what squid proxy does and if I install it
> will it mess with my working domain right now.
>
> --
> Keith D. Miller
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread keith Miller via PLUG-discuss 
World the sqid HA be the better and Somewhat easier choice

On Tue, Jun 22, 2021 at 1:43 PM Stephen Partington via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> Probably on both accounts. It could get a touch more complex but it is
> possible.
>
> On Tue, Jun 22, 2021 at 10:53 AM keith Miller via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> Can this also be done with NAT built into pfsense
>> any chance this could be done as a class at one of the meetings
>>
>> Keith
>>
>> On Tue, Jun 22, 2021 at 8:21 AM Stephen Partington via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>>
>>> depending on what you are doing you can also have a single IP for all
>>> sorts of domains all sorted by apache or Nginx. But it all classifies as HA
>>> proxy
>>>
>>> On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
>>> plug-discuss@lists.phxlinux.org> wrote:
>>>
 You want HA Proxy to do what you want. YouTube Lawrence systems HA
 Proxy. He has great video tutorials on it.

 Sent from my iPhone

 > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
 plug-discuss@lists.phxlinux.org> wrote:
 >
 > 
 > I have installed and been working now PfSense firewall awesome product
 > I have about 9 domain I  host from home and through lack of knowledge
 also have 8 static IP's for those domains
 > I have known about Squid proxy and I BELIEVE its ability to allow me
 to host all 8 domain behind one public IP
 > pfsense has a installable module for squid proxy is my ASSUMPTION
 correct about what squid proxy does and if I install it
 > will it mess with my working domain right now.
 >
 > --
 > Keith D. Miller
 > ---
 > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
 > To subscribe, unsubscribe, or to change your mail settings:
 > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
 To subscribe, unsubscribe, or to change your mail settings:
 https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> --
>>> A mouse trap, placed on top of your alarm clock, will prevent you from
>>> rolling over and going back to sleep after you hit the snooze button.
>>>
>>> Stephen
>>>
>>> ---
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> --
>> Keith D. Miller
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Keith D. Miller
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread Stephen Partington via PLUG-discuss 
Probably on both accounts. It could get a touch more complex but it is
possible.

On Tue, Jun 22, 2021 at 10:53 AM keith Miller via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> Can this also be done with NAT built into pfsense
> any chance this could be done as a class at one of the meetings
>
> Keith
>
> On Tue, Jun 22, 2021 at 8:21 AM Stephen Partington via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> depending on what you are doing you can also have a single IP for all
>> sorts of domains all sorted by apache or Nginx. But it all classifies as HA
>> proxy
>>
>> On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>>
>>> You want HA Proxy to do what you want. YouTube Lawrence systems HA
>>> Proxy. He has great video tutorials on it.
>>>
>>> Sent from my iPhone
>>>
>>> > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
>>> plug-discuss@lists.phxlinux.org> wrote:
>>> >
>>> > 
>>> > I have installed and been working now PfSense firewall awesome product
>>> > I have about 9 domain I  host from home and through lack of knowledge
>>> also have 8 static IP's for those domains
>>> > I have known about Squid proxy and I BELIEVE its ability to allow me
>>> to host all 8 domain behind one public IP
>>> > pfsense has a installable module for squid proxy is my ASSUMPTION
>>> correct about what squid proxy does and if I install it
>>> > will it mess with my working domain right now.
>>> >
>>> > --
>>> > Keith D. Miller
>>> > ---
>>> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> > To subscribe, unsubscribe, or to change your mail settings:
>>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>>
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> Keith D. Miller
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread keith Miller via PLUG-discuss 
Can this also be done with NAT built into pfsense
any chance this could be done as a class at one of the meetings

Keith

On Tue, Jun 22, 2021 at 8:21 AM Stephen Partington via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> depending on what you are doing you can also have a single IP for all
> sorts of domains all sorted by apache or Nginx. But it all classifies as HA
> proxy
>
> On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> You want HA Proxy to do what you want. YouTube Lawrence systems HA Proxy.
>> He has great video tutorials on it.
>>
>> Sent from my iPhone
>>
>> > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>> >
>> > 
>> > I have installed and been working now PfSense firewall awesome product
>> > I have about 9 domain I  host from home and through lack of knowledge
>> also have 8 static IP's for those domains
>> > I have known about Squid proxy and I BELIEVE its ability to allow me to
>> host all 8 domain behind one public IP
>> > pfsense has a installable module for squid proxy is my ASSUMPTION
>> correct about what squid proxy does and if I install it
>> > will it mess with my working domain right now.
>> >
>> > --
>> > Keith D. Miller
>> > ---
>> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



-- 
Keith D. Miller
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-22 Thread Stephen Partington via PLUG-discuss 
depending on what you are doing you can also have a single IP for all sorts
of domains all sorted by apache or Nginx. But it all classifies as HA proxy

On Sun, Jun 20, 2021 at 1:05 PM Herminio Hernandez Jr. via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> You want HA Proxy to do what you want. YouTube Lawrence systems HA Proxy.
> He has great video tutorials on it.
>
> Sent from my iPhone
>
> > On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
> >
> > 
> > I have installed and been working now PfSense firewall awesome product
> > I have about 9 domain I  host from home and through lack of knowledge
> also have 8 static IP's for those domains
> > I have known about Squid proxy and I BELIEVE its ability to allow me to
> host all 8 domain behind one public IP
> > pfsense has a installable module for squid proxy is my ASSUMPTION
> correct about what squid proxy does and if I install it
> > will it mess with my working domain right now.
> >
> > --
> > Keith D. Miller
> > ---
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Re: Squid Proxy question

2021-06-20 Thread Herminio Hernandez Jr. via PLUG-discuss 
You want HA Proxy to do what you want. YouTube Lawrence systems HA Proxy. He 
has great video tutorials on it. 

Sent from my iPhone

> On Jun 20, 2021, at 12:39 PM, keith Miller via PLUG-discuss 
>  wrote:
> 
> 
> I have installed and been working now PfSense firewall awesome product
> I have about 9 domain I  host from home and through lack of knowledge also 
> have 8 static IP's for those domains
> I have known about Squid proxy and I BELIEVE its ability to allow me to host 
> all 8 domain behind one public IP
> pfsense has a installable module for squid proxy is my ASSUMPTION correct 
> about what squid proxy does and if I install it
> will it mess with my working domain right now.
> 
> -- 
> Keith D. Miller
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss

Squid Proxy question

2021-06-20 Thread keith Miller via PLUG-discuss 
I have installed and been working now PfSense firewall awesome product
I have about 9 domain I  host from home and through lack of knowledge also
have 8 static IP's for those domains
I have known about Squid proxy and I BELIEVE its ability to allow me to
host all 8 domain behind one public IP
pfsense has a installable module for squid proxy is my ASSUMPTION correct
about what squid proxy does and if I install it
will it mess with my working domain right now.

-- 
Keith D. Miller
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss