Hi Amos, <snip> > There seems to be a bit of a myth going around about how HAProxy does > load balancing. HAProxy is an HTTP layer proxy. Just like Squid. > > They both do the same things to received TCP connections. But HAProxy > supports less HTTP features, so its somewhat simpler processing is also > a bit faster when you want it to be a semi-dumb load balancer. > We are somewhat recently added basic support for the PROXY protocol to Squid. > So HAProxy can relay port 80 connections to Squid-3.5+ without > processing them fully. However Squid does not yet support that on > https_port, which means the TLS connections still wont have client IP > details passed through. So what would be your proposition for the case of SSL Bump? How to get the connecting client IP and authenticated user name passed to the ICAP server when a cluster of squids somehow getting the CONNECT tunnel established? Assume we left away the haproxy and rely solely on squid - how would you approach this and how many instances of squid would you deploy? >From my limited knowledge the FQDN proxy name being resolved to a number of IP addresses running one squid per IP address is the simplest approach. Best regards, Rafael _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
