<div dir="ltr"><div class="gmail_quote"><div>Hello Dean and Benjamin</div><div><br></div><div>Yes I have looked into the NBN 2 4 class services etc but at $350 a month plus when available, isn't always viable or economic. I am not going Satelite it's worse and more latency.</div><div><br></div><div>Yes and thanks for the TLS SSL information, George emailed me a similar thing. I am mindful of ssl inspection decryption issues, breakages, caveats, complications, standards etc. But these are employees working at a company.</div><div>But like you said when your internet is so bad and unusable at times anything to improve it is good. That is what I call a fairly extreme case.</div><div><br></div><div>So far my testing in production environments has found that</div><div>A combination of Privoxy(ad blocking) to Tinyproxy(http cacher) and Pihole(ftldns dns cache/ ad blocking) and Cloudflare 1.1.1.1(faster dns in W.A.) The stats and logs so far have shown I can get 20-30% improvement.</div><div>Also an FYI for anyone else if you haven't seen this you can use the family DNS services, it works quite well. See this link <a href="https://blog.cloudflare.com/introducing-1-1-1-1-for-families/">https://blog.cloudflare.com/introducing-1-1-1-1-for-families/</a></div><div><br></div><div>I was thinking to keep the above and maybe change the proxies out for squid so I can also cache OS updates, Anti Virus and Application updates.</div><div><br></div><div>To note: The modem, router, network cabling, switching has been fault tested, inspected, diagnosed and anything slow or flaky or under performing has been removed and replaced.</div><div><div>Also note: I have recommended to the clients to get another cheap NBN class 2 service for load balancing and HA.</div><div></div></div><div><br></div><div>Thanks for your suggestions and feedback.</div><div><br></div><div>Cheers Paul</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Message: 2<br>
Date: Fri, 9 Apr 2021 20:09:52 +0800<br>
From: Dean Bergin <<a href="mailto:dean.bergin@gmail.com" target="_blank">dean.bergin@gmail.com</a>><br>
To: Paul Del <<a href="mailto:p@delfante.it" target="_blank">p@delfante.it</a>><br>
Cc: PLUG mailing list <<a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a>><br>
Subject: Re: [plug] Forward http proxy cache<br>
Message-ID:<br>
<CACCjKfSz=<a href="mailto:G4iBSABW7GpBe%2BhV2g57yTfn4Hajr4HADcAf2qx8Q@mail.gmail.com" target="_blank">G4iBSABW7GpBe+hV2g57yTfn4Hajr4HADcAf2qx8Q@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello Paul,<br>
<br>
Sorry that my reply isn't actually directly related to you question or<br>
request for a solution, but are the regional nbn links business grade?<br>
<br>
The reason I ask is that some providers may offer symmetrical (TC2)<br>
bandwidth along with the residential asymetrical grade and contended (TC4)<br>
bandwidth, which if QoS is done right, you can prioritise and mark traffic<br>
according to business need and put them on the appropriate traffic class<br>
which can give pretty good performance and potentially better user<br>
experience if turned correctly.<br>
<br>
As for proxies, I think that squid is probably the way to go, but I've not<br>
done anything proxy-related for a long while now and not on anything other<br>
than squid.<br>
<br>
Also, given that most traffic these days is typically https, I don't see<br>
much benefit in a proxy as they cannot see inside an encrypted tunnel<br>
without SSL inspection... Not something I recommend at all unless there is<br>
a extremely compelling business case...<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On Fri, 9 Apr 2021, 14:37 Paul Del, <<a href="mailto:p@delfante.it" target="_blank">p@delfante.it</a>> wrote:<br>
<br>
> Hello Everyone,<br>
><br>
> I am looking for some advice with regards to a fast simple http forward<br>
> proxy cache in open source.<br>
> Some background. Yes I have google'd to try and find benchmarks and<br>
> installed a number of http and https forward proxies for testing on debian<br>
> and ubuntu servers.<br>
><br>
> The requirement is to make the internet faster when clients use http and<br>
> https on small networks 20 people or less using NBN FTTN 50Mb or less in<br>
> regional areas.<br>
> Note I will install Pihole in conjunction with to cache DNS requests and<br>
> block unwanted ads etc.<br>
> Note The requirements to cache and improve response times for web browsing<br>
> http https. The most they download is a small amount of email.<br>
> I will be using a dedicated server so hardware and resources will not be<br>
> an issue 4-8 cores 8-16GB ram 2-4 gige nics with SSD's<br>
><br>
> I would like something fast. I am a fan of Tinyproxy and Squid but have<br>
> also used Privoxy and Polipo.<br>
><br>
> I leaning towards a solution with Tinyproxy and Privoxy with Pihole FTLDNS<br>
><br>
> I would appreciate any comments, suggestions, advice of any kind.<br>
><br>
> Thanking you Paul<br>
><br>
><br>
><br>
> _______________________________________________<br>
> PLUG discussion list: <a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a><br>
> <a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" target="_blank">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
> Committee e-mail: <a href="mailto:committee@plug.org.au" target="_blank">committee@plug.org.au</a><br>
> PLUG Membership: <a href="http://www.plug.org.au/membership" rel="noreferrer" target="_blank">http://www.plug.org.au/membership</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.plug.org.au/pipermail/plug/attachments/20210409/3d77091c/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.plug.org.au/pipermail/plug/attachments/20210409/3d77091c/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Sat, 10 Apr 2021 00:31:30 +0800<br>
From: Benjamin <<a href="mailto:zorlin@gmail.com" target="_blank">zorlin@gmail.com</a>><br>
To: Dean Bergin <<a href="mailto:dean.bergin@gmail.com" target="_blank">dean.bergin@gmail.com</a>><br>
Cc: Paul Del <<a href="mailto:p@delfante.it" target="_blank">p@delfante.it</a>>, PLUG mailing list <<a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a>><br>
Subject: Re: [plug] Forward http proxy cache<br>
Message-ID:<br>
<<a href="mailto:CAGwEZWL47K3YTYi0n-UkMMXaLKYb2LP2-QaVLd6xKDrw1G5o%2BQ@mail.gmail.com" target="_blank">CAGwEZWL47K3YTYi0n-UkMMXaLKYb2LP2-QaVLd6xKDrw1G5o+Q@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I was about to say, if you're thinking of doing TLS/SSL inspection to<br>
enable caching of HTTPS, don't... it goes against absolutely every single<br>
thing a modern sysadmin should stand for...<br>
<br>
Then again, if it's that or unusable internet, hmm...<br>
<br>
On Fri, 9 Apr 2021, 20:10 Dean Bergin, <<a href="mailto:dean.bergin@gmail.com" target="_blank">dean.bergin@gmail.com</a>> wrote:<br>
<br>
> Hello Paul,<br>
><br>
> Sorry that my reply isn't actually directly related to you question or<br>
> request for a solution, but are the regional nbn links business grade?<br>
><br>
> The reason I ask is that some providers may offer symmetrical (TC2)<br>
> bandwidth along with the residential asymetrical grade and contended (TC4)<br>
> bandwidth, which if QoS is done right, you can prioritise and mark traffic<br>
> according to business need and put them on the appropriate traffic class<br>
> which can give pretty good performance and potentially better user<br>
> experience if turned correctly.<br>
><br>
> As for proxies, I think that squid is probably the way to go, but I've not<br>
> done anything proxy-related for a long while now and not on anything other<br>
> than squid.<br>
><br>
> Also, given that most traffic these days is typically https, I don't see<br>
> much benefit in a proxy as they cannot see inside an encrypted tunnel<br>
> without SSL inspection... Not something I recommend at all unless there is<br>
> a extremely compelling business case...<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Fri, 9 Apr 2021, 14:37 Paul Del, <<a href="mailto:p@delfante.it" target="_blank">p@delfante.it</a>> wrote:<br>
><br>
>> Hello Everyone,<br>
>><br>
>> I am looking for some advice with regards to a fast simple http forward<br>
>> proxy cache in open source.<br>
>> Some background. Yes I have google'd to try and find benchmarks and<br>
>> installed a number of http and https forward proxies for testing on debian<br>
>> and ubuntu servers.<br>
>><br>
>> The requirement is to make the internet faster when clients use http and<br>
>> https on small networks 20 people or less using NBN FTTN 50Mb or less in<br>
>> regional areas.<br>
>> Note I will install Pihole in conjunction with to cache DNS requests and<br>
>> block unwanted ads etc.<br>
>> Note The requirements to cache and improve response times for web<br>
>> browsing http https. The most they download is a small amount of email.<br>
>> I will be using a dedicated server so hardware and resources will not be<br>
>> an issue 4-8 cores 8-16GB ram 2-4 gige nics with SSD's<br>
>><br>
>> I would like something fast. I am a fan of Tinyproxy and Squid but have<br>
>> also used Privoxy and Polipo.<br>
>><br>
>> I leaning towards a solution with Tinyproxy and Privoxy with Pihole FTLDNS<br>
>><br>
>> I would appreciate any comments, suggestions, advice of any kind.<br>
>><br>
>> Thanking you Paul<br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> PLUG discussion list: <a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a><br>
>> <a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" target="_blank">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
>> Committee e-mail: <a href="mailto:committee@plug.org.au" target="_blank">committee@plug.org.au</a><br>
>> PLUG Membership: <a href="http://www.plug.org.au/membership" rel="noreferrer" target="_blank">http://www.plug.org.au/membership</a><br>
><br>
> _______________________________________________<br>
> PLUG discussion list: <a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a><br>
> <a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" target="_blank">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
> Committee e-mail: <a href="mailto:committee@plug.org.au" target="_blank">committee@plug.org.au</a><br>
> PLUG Membership: <a href="http://www.plug.org.au/membership" rel="noreferrer" target="_blank">http://www.plug.org.au/membership</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.plug.org.au/pipermail/plug/attachments/20210410/78c6c008/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.plug.org.au/pipermail/plug/attachments/20210410/78c6c008/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
PLUG discussion list: <a href="mailto:plug@plug.org.au" target="_blank">plug@plug.org.au</a><br>
<a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" target="_blank">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
Committee e-mail: <a href="mailto:committee@plug.linux.org.au" target="_blank">committee@plug.linux.org.au</a><br>
<br>
<br>
------------------------------<br>
<br>
End of plug Digest, Vol 202, Issue 3<br>
************************************<br>
</blockquote></div></div>