Hey Eliezer, Thanks, but actually what I want to achieve is not dynamic load balancing, I want each user to always go to a predefined proxy.
For a failover solution, I will have an outside program checking for failed proxies, and then I will remove them from the list and send the user to a different proxy while I handle the failed ones. Is Haproxy good for that it is Squid in the way I proposed OK? Thanks > > On Dec 10, 2020, at 23:14, Eliezer Croitor <ngtech1...@gmail.com> wrote: > > > You should use Haproxy in a Fail-over setup. > Squid is great but it’s possible that Haproxy does this much better theses > days then Squid. > You can leave the authentication on the Squid servers and use the Haproxy as > TCP Load balancer. > If you need the clients Original IP address you can use the PROXY protocol to > send these details between the haproxy and squid. > > Eliezer > > ---- > Eliezer Croitoru > Tech Support > Mobile: +972-5-28704261 > Email: ngtech1...@gmail.com > > From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of > roee klinger > Sent: Thursday, December 10, 2020 8:39 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid with more than 128 ports? > > Hey Anthony, > > Giving this a second thought, I believe I didn't explain myself correctly. > > I have 5 Squid servers, each listening on 80 ports, I would like to add > another > Squid server in the middle of the client and these servers to authenticate > users > before sending them to their ports. I already have ACL controls and auth > control tools > which I wrote and are working fine. > > My question is regarding how to configure this, I have found this > configuration online > but I am not sure how it will work performance-wise with 500+ proxies (could > be 1000s in > the future): > > http_port 3128 name=port_3128 > http_port 3127 name=port_3127 > nonhierarchical_direct off > acl port_3128_acl myportname port_3128 > acl port_3127_acl myportname port_3127 > always_direct deny port_3128_acl > always_direct deny port_3127_acl > never_direct allow port_3128_acl > never_direct allow port_3127_acl > # 3128 > cache_peer proxy1 parent 3128 0 proxy-only default name=proxy3128 > cache_peer_access proxy3128 allow port_3128_acl > cache_peer_access proxy3128 deny all > # 3127 > cache_peer proxy2 parent 3128 0 proxy-only default name=proxy3127 > cache_peer_access proxy3127 allow port_3127_acl > cache_peer_access proxy3127 deny all > > Combine these 2000+ lines in squid.conf with 2 external ACLs and a custom > authenticator, > can this cause a hit on performance or should it be no problem for squid to > handle? > > > > > > On Thu, Dec 10, 2020 at 2:29 PM Antony Stone > <antony.st...@squid.open.source.it> wrote: > On Thursday 10 December 2020 at 13:02:19, roee klinger wrote: > > > Hello, > > > > We have a few Squid proxy servers with a total of around 400 ports > > What do you mean by that? What are you using 400 ports for? > > > We have decided that we want to add a cloud instance in the middle of the > > connections, that will authenticate users and only then send them to the > > squid instance. > > What authentication method / protocol do you want to use? > > > Is it a smart idea to use Squid for this use case or just use a different > > proxy software that doesn't have this limitation? > > I think the best starting point is to ask what sort of authentication you > want > to perform (ie: what is the authoritative system which holds the information > about who can authenticate and who cannot), then you can decide on the best > software to use to do that in front of Squid. > > > Antony. > > -- > Under UK law, no VAT is charged on biscuits and cakes - they are "zero > rated". > Chocolate covered biscuits, however, are classed as "luxury items" and are > subject to VAT. McVitie's classed its Jaffa Cakes as cakes, but in 1991 this > was challenged by Her Majesty's Customs and Excise in court. > > The question which had to be answered was what criteria should be used to > class something as a cake or a biscuit. McVitie's defended the > classification > of Jaffa Cakes as a cake by arguing that cakes go hard when stale, whereas > biscuits go soft. It was demonstrated that Jaffa Cakes become hard when > stale > and McVitie's won the case. > > Please reply to the list; > please *don't* CC me. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users