Using Squid Reverse Proxy to manage multiple domain names on pfSense

In the past, in order to host multiple domain names or sub domains from my homelab, I’ve resorted to running each application on a separate port. This becomes quite cumbersome once you’ve got a small handful of sites that all need external access.

To resolve this, I found multiple sites online suggesting a reverse proxy. So today, we’re going to cover how to implement the Squid Reverse Proxy on pfSense.

 

Step 1 – Adding the Squid package

First things first, we’ll need to add the Squid package if you don’t already have it installed.

Step 2 – Enabling Squid

Next we’ll want to make sure the Squid Proxy itself is enabled, otherwise the Reverse Proxy won’t work.

On the General Tab, Ensure Enable Squid Proxy is checked.

Step 3 – Configuring the Reverse Proxy

Third, we’re going to do a quick set up of the Reverse proxy.

On the General Tab, set the following:

  • Squid Reverse Proxy General Settings
    • Reverse Proxy Interface(s) – Select the interfaces you want the proxy to run on. Typically it’ll just be your WAN interface.
    • External FQDN – The Fully Qualified Domain Name which you’ll be proxying for by default.
  • Squid Reverse HTTP Settings
    • Enabled HTTP Reverse Proxy – checked
    • Reverse HTTP Port – unless you have special needs, leaving this at 80 is fine.
    • Reverse HTTP Default Site – This is the default sub domain you want to redirect to if there’s nothing found in the mappings (we’ll cover that later)
  • Squid Reverse HTTPS Settings
    • Enable HTTPS Reverse Proxy – checked
    • Reverse HTTPS Port – unless you have special needs, leaving this at 443 is fine.
    • Reverse HTTPS Default Site – This is the default sub domain you want to redirect to if there’s nothing found in the mappings (we’ll cover that later)
    • Reverse SSL Certificate – This is the cert to use for the domains you want to use. In this example it’s using the wild card cert which we created in this post.
  • Click Save

Step 4 – Adding Web Servers

Go to the Web Servers tab and click ‘Add’.

Enter the internal information for the web server you want to direct traffic to.

Do this for each web server and protocol you need. For example, if you have a web server that hosts on both ports 80 and 443, you’ll want to add two web servers.

Step 5 – Adding Web Server Mappings

On the Mappings tab, click ‘Add’.

Fill out the mapping information, for the site in question. If you added multiple web servers for the same physical IP/machine, you can select multiple “peers” — aka Webservers — here.

Under the URI setting, add as many patterns as you need for the proxy to use as criteria to map to the set of servers.

For example, if you have HTTP and HTTPS sites running on the same server, you could add both:

  • ^https://external.example.com/.*$
  • ^http://external.example.com/.*$

After you’ve clicked ‘Save’ you should be off to the race!

Published by Dan

I'm a technophile at heart. I love tech and how it can make our lives better. Let's take a little trip into my mind :P

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.