[plug] plug Digest, Vol 202, Issue 3

Paul Del p at delfante.it
Sat Apr 10 14:59:41 AWST 2021


Hello Dean and Benjamin

Yes I have looked into the NBN 2 4 class services etc but at $350 a month
plus when available, isn't always viable or economic. I am not going
Satelite it's worse and more latency.

Yes and thanks for the TLS SSL information, George emailed me a similar
thing. I am mindful of ssl inspection decryption issues, breakages,
caveats, complications, standards etc. But these are employees working at a
company.
But like you said when your internet is so bad and unusable at times
anything to improve it is good. That is what I call a fairly extreme case.

So far my testing in production environments has found that
A combination of Privoxy(ad blocking) to Tinyproxy(http cacher) and
Pihole(ftldns dns cache/ ad blocking) and Cloudflare 1.1.1.1(faster dns in
W.A.) The stats and logs so far have shown I can get 20-30% improvement.
Also an FYI for anyone else if you haven't seen this you can use the family
DNS services, it works quite well. See this link
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

I was thinking to keep the above and maybe change the proxies out for squid
so I can also cache OS updates, Anti Virus and Application updates.

To note: The modem, router, network cabling, switching has been fault
tested, inspected, diagnosed and anything slow or flaky or under performing
has been removed and replaced.
Also note: I have recommended to the clients to get another cheap NBN class
2 service for load balancing and HA.

Thanks for your suggestions and feedback.

Cheers Paul


>
> Message: 2
> Date: Fri, 9 Apr 2021 20:09:52 +0800
> From: Dean Bergin <dean.bergin at gmail.com>
> To: Paul Del <p at delfante.it>
> Cc: PLUG mailing list <plug at plug.org.au>
> Subject: Re: [plug] Forward http proxy cache
> Message-ID:
>         <CACCjKfSz=
> G4iBSABW7GpBe+hV2g57yTfn4Hajr4HADcAf2qx8Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello Paul,
>
> Sorry that my reply isn't actually directly related to you question or
> request for a solution, but are the regional nbn links business grade?
>
> The reason I ask is that some providers may offer symmetrical (TC2)
> bandwidth along with the residential asymetrical grade and contended (TC4)
> bandwidth, which if QoS is done right, you can prioritise and mark traffic
> according to business need and put them on the appropriate traffic class
> which can give pretty good performance and potentially better user
> experience if turned correctly.
>
> As for proxies, I think that squid is probably the way to go, but I've not
> done anything proxy-related for a long while now and not on anything other
> than squid.
>
> Also, given that most traffic these days is typically https, I don't see
> much benefit in a proxy as they cannot see inside an encrypted tunnel
> without SSL inspection... Not something I recommend at all unless there is
> a extremely compelling business case...
>
>
>
>
>
>
>
> On Fri, 9 Apr 2021, 14:37 Paul Del, <p at delfante.it> wrote:
>
> > Hello Everyone,
> >
> > I am looking for some advice  with regards to a fast simple http forward
> > proxy cache in open source.
> > Some background. Yes I have google'd to try and find benchmarks and
> > installed a number of http and https forward proxies for testing on
> debian
> > and ubuntu servers.
> >
> > The requirement is to make the internet faster when clients use http and
> > https on small networks 20 people or less using NBN FTTN 50Mb or less in
> > regional areas.
> > Note I will install Pihole in conjunction with to cache DNS requests and
> > block unwanted ads etc.
> > Note The requirements to cache and improve response times for web
> browsing
> > http https. The most they download is a small amount of email.
> > I will be using a dedicated server so hardware and resources will not be
> > an issue 4-8 cores 8-16GB ram 2-4 gige nics with SSD's
> >
> > I would like something fast. I am a fan of Tinyproxy and Squid but have
> > also used Privoxy and Polipo.
> >
> > I leaning towards a solution with Tinyproxy and Privoxy with Pihole
> FTLDNS
> >
> > I would appreciate any comments, suggestions, advice of any kind.
> >
> > Thanking you Paul
> >
> >
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://lists.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.org.au
> > PLUG Membership: http://www.plug.org.au/membership
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.plug.org.au/pipermail/plug/attachments/20210409/3d77091c/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Sat, 10 Apr 2021 00:31:30 +0800
> From: Benjamin <zorlin at gmail.com>
> To: Dean Bergin <dean.bergin at gmail.com>
> Cc: Paul Del <p at delfante.it>, PLUG mailing list <plug at plug.org.au>
> Subject: Re: [plug] Forward http proxy cache
> Message-ID:
>         <
> CAGwEZWL47K3YTYi0n-UkMMXaLKYb2LP2-QaVLd6xKDrw1G5o+Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I was about to say, if you're thinking of doing TLS/SSL inspection to
> enable caching of HTTPS, don't... it goes against absolutely every single
> thing a modern sysadmin should stand for...
>
> Then again, if it's that or unusable internet, hmm...
>
> On Fri, 9 Apr 2021, 20:10 Dean Bergin, <dean.bergin at gmail.com> wrote:
>
> > Hello Paul,
> >
> > Sorry that my reply isn't actually directly related to you question or
> > request for a solution, but are the regional nbn links business grade?
> >
> > The reason I ask is that some providers may offer symmetrical (TC2)
> > bandwidth along with the residential asymetrical grade and contended
> (TC4)
> > bandwidth, which if QoS is done right, you can prioritise and mark
> traffic
> > according to business need and put them on the appropriate traffic class
> > which can give pretty good performance and potentially better user
> > experience if turned correctly.
> >
> > As for proxies, I think that squid is probably the way to go, but I've
> not
> > done anything proxy-related for a long while now and not on anything
> other
> > than squid.
> >
> > Also, given that most traffic these days is typically https, I don't see
> > much benefit in a proxy as they cannot see inside an encrypted tunnel
> > without SSL inspection... Not something I recommend at all unless there
> is
> > a extremely compelling business case...
> >
> >
> >
> >
> >
> >
> >
> > On Fri, 9 Apr 2021, 14:37 Paul Del, <p at delfante.it> wrote:
> >
> >> Hello Everyone,
> >>
> >> I am looking for some advice  with regards to a fast simple http forward
> >> proxy cache in open source.
> >> Some background. Yes I have google'd to try and find benchmarks and
> >> installed a number of http and https forward proxies for testing on
> debian
> >> and ubuntu servers.
> >>
> >> The requirement is to make the internet faster when clients use http and
> >> https on small networks 20 people or less using NBN FTTN 50Mb or less in
> >> regional areas.
> >> Note I will install Pihole in conjunction with to cache DNS requests and
> >> block unwanted ads etc.
> >> Note The requirements to cache and improve response times for web
> >> browsing http https. The most they download is a small amount of email.
> >> I will be using a dedicated server so hardware and resources will not be
> >> an issue 4-8 cores 8-16GB ram 2-4 gige nics with SSD's
> >>
> >> I would like something fast. I am a fan of Tinyproxy and Squid but have
> >> also used Privoxy and Polipo.
> >>
> >> I leaning towards a solution with Tinyproxy and Privoxy with Pihole
> FTLDNS
> >>
> >> I would appreciate any comments, suggestions, advice of any kind.
> >>
> >> Thanking you Paul
> >>
> >>
> >>
> >> _______________________________________________
> >> PLUG discussion list: plug at plug.org.au
> >> http://lists.plug.org.au/mailman/listinfo/plug
> >> Committee e-mail: committee at plug.org.au
> >> PLUG Membership: http://www.plug.org.au/membership
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://lists.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.org.au
> > PLUG Membership: http://www.plug.org.au/membership
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.plug.org.au/pipermail/plug/attachments/20210410/78c6c008/attachment-0001.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>
> ------------------------------
>
> End of plug Digest, Vol 202, Issue 3
> ************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20210410/0ba3d896/attachment.html>


More information about the plug mailing list