Hi guys,
I’ve got a question regarding the setting up of a backend that points to the internet, but accessed via a squid proxy. This is so we can route a customer’s connection to one of our AWS resources via our site-o-site VPN, as the customer doesn’t allow any internet connections from the server we start from. The route of the traffic would be as follows:
Customer - site to site VPN - HA Proxy - Squid Proxy - Internet resource(AWS)
My HAproxy doesn’t connect to the internet directly, instead it will need to pass through a squid proxy first.
I don’t want to use a global proxy setting like “export http_proxy” if I can avoid it, I’d rather that the proxy was set specifically to only be used by the ha proxy. Is there a setting I can put in the back end to get it to use the squid proxy instead?
the resource on AWS is a “single” webserver, right? you don’t want to proxy normal internet access (browsing) from clients - this is the most common use case for squid.
Sorry maybe I’m not explaining my requirements properly.
All of the servers in my environment can only access the internet via our squid web proxy. What I want is for some of the backends on my haproxy server, to use the squid proxy to get to resources on the internet. So when my customer tries to access the our AWS resources from their on premise server, it goes first over a site to site vpn from their server to the ha proxy, then from the haproxy to squid, and then from squid to the AWS. I can’t seem to get haproxy to use the squid proxy at all. Is there some configuration in the haproxy.cfg file that would make the haproxy use the squid proxy for some of the backends in my haproxy.cfg?