Squid through HAProxy


#1

Hi everyone,

I would like to use HAProxy in front of squid, via a specific domain, but still keeping HAProxy for SSL offloading and “basic” load balancing.
So both my proxy and my websites have to reacheable through the 80 tcp port.

To resume, I would like it to work like this :
mydomain.tld -> default_backend -> nginx
proxy.mydomain.tld -> acl -> squid

I’ve done a first set, and it works quite well for now, but I’m facing a strange problem, all the redirected link are using my default backend instead of the squid backend (Google link for example)

Here is my actual configuration :

frontend XXX
        bind A.B.C.D:80
        bind A.B.C.D:443 ssl crt /etc/haproxy/ssl

        http-request set-header X-Forwarded-Proto https if  { ssl_fc }

        acl is_letsencrypt_check path_beg /.well-known/acme-challenge
        use_backend letsencrypt if is_letsencrypt_check

        acl is_proxy req.hdr(Proxy-Connection) -m found
        acl is_proxy req.hdr(Proxy-Authorization) -m found
        use_backend squid if is_proxy

        default_backend nginx

backend nginx
        server nginx-local 127.0.0.1:8080

backend squid
        cookie SERVERID insert indirect nocache
        option httpclose
        option forwardfor header X-Client

        server squid-local 127.0.0.1:3128

backend letsencrypt
        http-request set-header Host localhost
        server nginx-local 127.0.0.1:80 

I’m using HAProxy 1.5.8 and squid 3.4.8. Squid is configured in transparent mode.

I guess the main issue here is to identify the incoming requests that are meant to be processed by squid, and so far, I failed to catch them all…
Can anyone help me ?

Thanks !


#2

I think its easier if your make squid your default_backend and match your nginx domains instead (via Host headers).


#3

Yes… except that I do have lot a domains to handle…