Updated - Connecting to 1 Site With Separate Logins/Several IPs
-
Would multiple Vultr instances be a good platform for this? Can I just deploy a custom Fedora iso and install Squid on these without an additional firewall in front of them? Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Would multiple Vultr instances be a good platform for this? Can I just deploy a custom Fedora iso and install Squid on these without an additional firewall in front of them? Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
make a snapshot or backup in Vultr and then deploy new instance from it.
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Can I just deploy a custom Fedora iso and install Squid on these without an additional firewall in front of them?
Why would you use a customer ISO?
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Would multiple Vultr instances be a good platform for this?
Yup
-
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Can I just deploy a custom Fedora iso and install Squid on these without an additional firewall in front of them?
Why would you use a customer ISO?
Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.
-
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.
Where can I get more info on the one liner with options to customize?
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.
That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.
Where can I get more info on the one liner with options to customize?
You just write it. For example, the base install is something like...
dnf -y install squid-cache
That's it. But you might want more, like enabling it.
dnf -y install squid-cache; systemctl enable squid-cache
Like that.
-
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.
Where can I get more info on the one liner with options to customize?
You just write it. For example, the base install is something like...
dnf -y install squid-cache
That's it. But you might want more, like enabling it.
dnf -y install squid-cache; systemctl enable squid-cache
Like that.
OK. I would be looking for a more complete template. Something more "cookie-cutter" for deployment that would require the least amount of work for subsequent deployments.
-
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?
The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.
Where can I get more info on the one liner with options to customize?
You just write it. For example, the base install is something like...
dnf -y install squid-cache
That's it. But you might want more, like enabling it.
dnf -y install squid-cache; systemctl enable squid-cache
Like that.
OK. I would be looking for a more complete template. Something more "cookie-cutter" for deployment that would require the least amount of work for subsequent deployments.
That is getting you a working proxy. Foo you want to customise it? Then that takes more work.
@scottalanmiller I'd add the -now switch for systemctl.
dnf -y install squid-cache; systemctl enable --now squid-cache
-
@travisdh1 two hyphens.
-
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.
That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.
Slow down and think from start to finish before typing..
There is no "appliance" for Squid.
For this use case, the Fedora choice is likely the best.
Does it have more bits installed than he needs compared to a manual Minimal install? Probably, but not enough to matter.
@wrx7m I always, 100%, start from minimal when I write guides because I never know where the reader will be starting from. Don't conflate something like that with setting up an application server.
-
@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:
@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:
@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:
Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.
That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.
Slow down and think from start to finish before typing..
There is no "appliance" for Squid.
Exactly, which is why I pointed out that the appliance approach was wrong.
-
@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:
For this use case, the Fedora choice is likely the best.
Yup, absolutely.
-
@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:
Does it have more bits installed than he needs compared to a manual Minimal install? Probably, but not enough to matter.
Also deploys way faster, and has extra hooks that can be pretty nice. Like the ability to inject keys and build scripts as part of the build process. It's very light, not the lightest, but that's not really desireable in a case like this. "Reasonably" light but with the right tools is best. You can always remove an unwanted component if you so desire.
-
@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:
@travisdh1 two hyphens.
Fixed, ty.
-
Update-
So far, I have 2 vultr instances running squid. I used a snapshot of the first, to deploy the second. I have setup postfix for notifications by fail2ban and dnf-automatic. I also setup the firewall and squid settings to only allow connections from our WAN IP range and set the proxy to only allow access to certain domains that were specific to this project. I mostly have the servers ready to go.
I tried a Chrome extension called sessionbox. They have a paid version that allows you to run multiple proxy servers in different sessions with color coded tabs. Unfortunately, it is pretty complex (too complex for most of my users) and I can't find a way to push out settings or do bulk changes. That means I am circling back to what JB suggested, by launching chrome with incognito and proxy options.
%pathtochrome%\chrome.exe --incognito --proxy-server="http://proxy01.domain.local:3128" --user-data-dir="%LOCALAPPDATA%\Google\ChromeProxy01\User Data
I have tested this by running it in a cmd prompt. These will need to be launched separately, so users can keep track of which window they opened for which login they should be using. Otherwise, it defeats the purpose.
Is the only way to run this by using a bat file? I can't seem to get it going by just using a simple shortcut to Chrome.
-
Update2-
I got the above Chrome shortcuts working using a GPO with GPP, as shown in my other post-
https://mangolassi.it/topic/19381/creating-a-shortcut-for-chrome-incognito-with-proxy-settings/35 -
What OS?