[squid-users] Squid with more than 128 ports?

roee klinger roeeklinger60 at gmail.com
Fri Dec 11 11:22:52 UTC 2020 

Hey Eliezer,

Thanks, but actually what I want to achieve is not dynamic load balancing, I want each user to always go to a predefined proxy.

For a failover solution, I will have an outside program checking for failed proxies, and then I will remove them from the list and send the user to a different proxy while I handle the failed ones.

Is Haproxy good for that it is Squid in the way I proposed OK?

Thanks

> 
> On Dec 10, 2020, at 23:14, Eliezer Croitor <ngtech1ltd at gmail.com> wrote:
> 
> 
> You should use Haproxy in a Fail-over setup.
> Squid is great but it’s possible that Haproxy does this much better theses days then Squid.
> You can leave the authentication on the Squid servers and use the Haproxy as TCP Load balancer.
> If you need the clients Original IP address you can use the PROXY protocol to send these details between the haproxy and squid.
>  
> Eliezer
>  
> ----
> Eliezer Croitoru
> Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
>  
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of roee klinger
> Sent: Thursday, December 10, 2020 8:39 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid with more than 128 ports?
>  
> Hey Anthony,
>  
> Giving this a second thought, I believe I didn't explain myself correctly.
>  
> I have 5 Squid servers, each listening on 80 ports, I would like to add another
> Squid server in the middle of the client and these servers to authenticate users
> before sending them to their ports. I already have ACL controls and auth control tools
> which I wrote and are working fine.
>  
> My question is regarding how to configure this, I have found this configuration online 
> but I am not sure how it will work performance-wise with 500+ proxies (could be 1000s in
> the future):
>  
> http_port 3128 name=port_3128
> http_port 3127 name=port_3127
> nonhierarchical_direct off
> acl port_3128_acl myportname port_3128
> acl port_3127_acl myportname port_3127
> always_direct deny port_3128_acl
> always_direct deny port_3127_acl
> never_direct allow port_3128_acl
> never_direct allow port_3127_acl
> # 3128
> cache_peer proxy1 parent 3128 0 proxy-only default name=proxy3128
> cache_peer_access proxy3128 allow port_3128_acl
> cache_peer_access proxy3128 deny all
> # 3127
> cache_peer proxy2 parent 3128 0 proxy-only default name=proxy3127
> cache_peer_access proxy3127 allow port_3127_acl
> cache_peer_access proxy3127 deny all
>  
> Combine these 2000+ lines in squid.conf with 2 external ACLs and a custom authenticator,
> can this cause a hit on performance or should it be no problem for squid to handle?
>  
>  
>  
>  
>  
> On Thu, Dec 10, 2020 at 2:29 PM Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Thursday 10 December 2020 at 13:02:19, roee klinger wrote:
> 
> > Hello,
> > 
> > We have a few Squid proxy servers with a total of around 400 ports
> 
> What do you mean by that?  What are you using 400 ports for?
> 
> > We have decided that we want to add a cloud instance in the middle of the
> > connections, that will authenticate users and only then send them to the
> > squid instance.
> 
> What authentication method / protocol do you want to use?
> 
> > Is it a smart idea to use Squid for this use case or just use a different
> > proxy software that doesn't have this limitation?
> 
> I think the best starting point is to ask what sort of authentication you want 
> to perform (ie: what is the authoritative system which holds the information 
> about who can authenticate and who cannot), then you can decide on the best 
> software to use to do that in front of Squid.
> 
> 
> Antony.
> 
> -- 
> Under UK law, no VAT is charged on biscuits and cakes - they are "zero rated".  
> Chocolate covered biscuits, however, are classed as "luxury items" and are 
> subject to VAT.  McVitie's classed its Jaffa Cakes as cakes, but in 1991 this 
> was challenged by Her Majesty's Customs and Excise in court.
> 
> The question which had to be answered was what criteria should be used to 
> class something as a cake or a biscuit.  McVitie's defended the classification 
> of Jaffa Cakes as a cake by arguing that cakes go hard when stale, whereas 
> biscuits go soft.  It was demonstrated that Jaffa Cakes become hard when stale 
> and McVitie's won the case.
> 
>                                                    Please reply to the list;
>                                                          please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201211/ef00e00a/attachment.htm>

More information about the squid-users mailing list