Hi everyone,
I would like to use HAProxy in front of squid, via a specific domain, but still keeping HAProxy for SSL offloading and “basic” load balancing.
So both my proxy and my websites have to reacheable through the 80 tcp port.
To resume, I would like it to work like this :
mydomain.tld -> default_backend -> nginx
proxy.mydomain.tld -> acl -> squid
I’ve done a first set, and it works quite well for now, but I’m facing a strange problem, all the redirected link are using my default backend instead of the squid backend (Google link for example)
Here is my actual configuration :
frontend XXX
bind A.B.C.D:80
bind A.B.C.D:443 ssl crt /etc/haproxy/ssl
http-request set-header X-Forwarded-Proto https if { ssl_fc }
acl is_letsencrypt_check path_beg /.well-known/acme-challenge
use_backend letsencrypt if is_letsencrypt_check
acl is_proxy req.hdr(Proxy-Connection) -m found
acl is_proxy req.hdr(Proxy-Authorization) -m found
use_backend squid if is_proxy
default_backend nginx
backend nginx
server nginx-local 127.0.0.1:8080
backend squid
cookie SERVERID insert indirect nocache
option httpclose
option forwardfor header X-Client
server squid-local 127.0.0.1:3128
backend letsencrypt
http-request set-header Host localhost
server nginx-local 127.0.0.1:80
I’m using HAProxy 1.5.8 and squid 3.4.8. Squid is configured in transparent mode.
I guess the main issue here is to identify the incoming requests that are meant to be processed by squid, and so far, I failed to catch them all…
Can anyone help me ?
Thanks !