HAProxy community

Haproxy Configuration with squid

Hi All,

I am new to HAPROXY and trying to integrate HAPROXY with SQUID
HAPROXY VERSION = Latest
SQUID VERSION = latest

Currently able to access internet via squid by point my browser to squid IP.
Now trying to place haproxy in front of squid and expecting to access internet.

USER (browser pointing to haproxy IP) ----> squid ----> Internet

Is this achievable?

Below are configuration of my SQUID (192.168.10.31) and HAPROXY(192.168.10.2)

SQUID.CONF

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl haproxy src 192.168.10.2 127.0.0.1

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow haproxy
http_access deny all
http_port 3128
visible_hostname 192.168.10.31

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

HAPROXY.CONF

global
log 127.0.0.1 local0
log 127.0.0.1 local1 debug
chroot /appl/haproxy206/
stats socket /appl/haproxy206/run/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user root
group root

    # Default SSL material locations
	#ca-base /etc/ssl/certs
	#crt-base /etc/ssl/certs

    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
#errorfile 504 /etc/haproxy/errors/504.http

listen haproxy-monitoring
bind *:1000
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth xxx:xxxx

#--------------------------
frontend squid_front
bind *:80
mode tcp
option tcplog
use_backend squid1
default_backend squid2

backend squid1
balance source
mode tcp
server squid1 192.168.10.31:3128 check port 3128 send-proxy inter 2000 rise 2 fall 3

backend squid2
balance source
mode tcp
server squid2 192.168.10.32:3128 check port 3128 send-proxy inter 2000 rise 2 fall 3

Regards,
Gowtham

Based my configuration

Browser throws error Secure Connection Failed

haproxy.log shows below

Sep 24 16:11:35 localhost haproxy[1889]: 192.168.10.1:62261 [24/Sep/2019:16:11:35.111] squid_front squid1/ -1/-1/0 0 SC 1/1/0/0/0 0/0
Sep 24 16:11:35 localhost haproxy[1889]: 192.168.10.1:62267 [24/Sep/2019:16:11:35.118] squid_front squid1/ -1/-1/0 0 SC 1/1/0/0/0 0/0
Sep 24 16:11:35 localhost haproxy[1889]: 192.168.10.1:62267 [24/Sep/2019:16:11:35.118] squid_front squid1/ -1/-1/0 0 SC 1/1/0/0/0 0/0

Should i be configuring SSL for haproxy?