Reverse HTTP / HTTPS proxy with Squid 3 on Debian

Implementing a reverse proxy or reverse proxy can solve some problems. For example, you can implement load balancing for your websites across multiple servers, secure server by hiding behind a proxy or load balance an Internet connection.

In this article we will introduce you to install Squid 3 on Debian platform with support for HTTP and HTTPS.

Introduction to Squid

Squid is a free proxy server cache high performance designed to run on Linux, UNIX. Squid is used in many ISPs and many companies in the world.

Squid is usually a service that allows secure and control access to the Internet for users on a local network of a company is the proxy function, but it can also be used to secure and control the Internet users access to one or more web servers internally, it is the function of reverse proxy or reverse proxy, subject of this article.

Squid can function as a proxy cache in three main ways a network:

Standard Proxy Cache

A standard proxy cache is used to cache static Web pages (HTML and images) on a machine on the local network. When the page is requested again, the browser returns the data of the local proxy instead of the origin web server. The browser is explicitly configured to send all HTTP requests to the proxy cache, rather than on the target Web server. The cache is then complied with the request or forwards the request to the target server.

Transparent Proxy Cache

A transparent cover has the same purpose as the standard proxy, but works seamlessly in the browser. The browser does not need to be explicitly configured to access the proxy cache. Instead, the transparent cache intercepts network traffic, filters HTTP traffic (on port 80), and handles the request if the item is in the cache. If the item is not in the cache, packets are forwarded to the origin web server. For Linux, the transparent cover using iptables or ipchains to intercept and filter network traffic. The transparent caching proxy server is particularly useful for ISPs because they do not require any modification of the browser configuration.

Reverse Proxy Cache

A reverse proxy cache differs from a standard or transparent proxy cache, in that it has a role to reduce the load on the origin web server, rather than reducing network bandwidth upstream client side. Reverse Proxy reponds to customer requests for static content web server, can absorb the additional traffic and load on the original server. The proxy server sits between the internet and the website and manages all traffic before reaching the Web server. A reverse proxy server intercepts requests to the Web server responds to the request rather providing priority to cached pages. This method improves performance by reducing the amount of pages actually generated by the Web server.

Objectives of setting up a reverse proxy

Squid is usually a service that allows secure and control access to the Internet for users on a local network of a company is the proxy function, but it can also be used to secure and control the Internet users access to one or more web servers internally, it is the function of reverse proxy or reverse proxy, subject of this article.

The reverse proxy is placed between the Internet and the web server

When a client browser makes an HTTP request, the DNS server will forward the request to the machine reverse proxyweb server is not real. The reverse proxy checks its cache to see if it contains the requested element, otherwise it connects to the real web server and downloads the requested document to the cache. The reverse proxy cache server can be used for URLs that can be cached (such as HTML pages and images).

Dynamic content such as CGI scripts and Active Server Pages cannot be cached. The use of proxy caching for static pages is based on tags HTTP header returned from the Web page.

We confine ourselves in this section to set up a reverse proxy HTTP and HTTPS positioned upstream of two web servers with one server Microsoft IIS / Exchange and one web server on the local server Squid.

For the HTTPS server, since this is an issue that should return fairly often, we will publish an Exchange server with the consideration of Outlook Web Access (OWA) and ActiveSync.