Updated - Connecting to 1 Site With Separate Logins/Several IPs

wrx7m

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Can I just deploy a custom Fedora iso and install Squid on these without an additional firewall in front of them?

Why would you use a customer ISO?

Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.

wrx7m

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?

The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.

Where can I get more info on the one liner with options to customize?

scottalanmiller

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.

That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.

scottalanmiller

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?

The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.

Where can I get more info on the one liner with options to customize?

You just write it. For example, the base install is something like...

dnf -y install squid-cache 

That's it. But you might want more, like enabling it.

dnf -y install squid-cache; systemctl enable squid-cache

Like that.

wrx7m

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?

The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.

Where can I get more info on the one liner with options to customize?

You just write it. For example, the base install is something like...

dnf -y install squid-cache 

That's it. But you might want more, like enabling it.

dnf -y install squid-cache; systemctl enable squid-cache

Like that.

OK. I would be looking for a more complete template. Something more "cookie-cutter" for deployment that would require the least amount of work for subsequent deployments.

travisdh1

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Also, I have to do at least 4; how can I create a template or clone for initial deployment and any future additions?

The install script would be like a one liner once you have a standard. Just copy that one liner into Vultr's script list and have it run on install. You only have more complexity if you use the custom ISO instead of their managed image service.

Where can I get more info on the one liner with options to customize?

You just write it. For example, the base install is something like...

dnf -y install squid-cache 

That's it. But you might want more, like enabling it.

dnf -y install squid-cache; systemctl enable squid-cache

Like that.

OK. I would be looking for a more complete template. Something more "cookie-cutter" for deployment that would require the least amount of work for subsequent deployments.

That is getting you a working proxy. Foo you want to customise it? Then that takes more work.

@scottalanmiller I'd add the -now switch for systemctl.

dnf -y install squid-cache; systemctl enable --now  squid-cache

JaredBusch

@travisdh1 two hyphens.

JaredBusch

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.

That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.

Slow down and think from start to finish before typing..

There is no "appliance" for Squid.

For this use case, the Fedora choice is likely the best.

Does it have more bits installed than he needs compared to a manual Minimal install? Probably, but not enough to matter.

@wrx7m I always, 100%, start from minimal when I write guides because I never know where the reader will be starting from. Don't conflate something like that with setting up an application server.

scottalanmiller

@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:

@scottalanmiller said in Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in Connecting to 1 Site With Separate Logins/Several IPs:

Based on other discussions, I thought that the Vultr-provided ISOs were outdated or otherwise not desirable for deployment.

That's correct. Using their ISOs is something you'd never do. But why talk about ISOs at all? You don't use ISOs in normal cloud, that's a really obscure thing done for VPS usage for very specific tasks like FreePBX installs where it is an appliance, not an application.

Slow down and think from start to finish before typing..

There is no "appliance" for Squid.

Exactly, which is why I pointed out that the appliance approach was wrong.

scottalanmiller

@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:

For this use case, the Fedora choice is likely the best.

Yup, absolutely.

scottalanmiller

@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:

Does it have more bits installed than he needs compared to a manual Minimal install? Probably, but not enough to matter.

Also deploys way faster, and has extra hooks that can be pretty nice. Like the ability to inject keys and build scripts as part of the build process. It's very light, not the lightest, but that's not really desireable in a case like this. "Reasonably" light but with the right tools is best. You can always remove an unwanted component if you so desire.

travisdh1

@JaredBusch said in Connecting to 1 Site With Separate Logins/Several IPs:

@travisdh1 two hyphens.

Fixed, ty.

wrx7m

Update-

So far, I have 2 vultr instances running squid. I used a snapshot of the first, to deploy the second. I have setup postfix for notifications by fail2ban and dnf-automatic. I also setup the firewall and squid settings to only allow connections from our WAN IP range and set the proxy to only allow access to certain domains that were specific to this project. I mostly have the servers ready to go.

I tried a Chrome extension called sessionbox. They have a paid version that allows you to run multiple proxy servers in different sessions with color coded tabs. Unfortunately, it is pretty complex (too complex for most of my users) and I can't find a way to push out settings or do bulk changes. That means I am circling back to what JB suggested, by launching chrome with incognito and proxy options.

%pathtochrome%\chrome.exe --incognito --proxy-server="http://proxy01.domain.local:3128" --user-data-dir="%LOCALAPPDATA%\Google\ChromeProxy01\User Data

I have tested this by running it in a cmd prompt. These will need to be launched separately, so users can keep track of which window they opened for which login they should be using. Otherwise, it defeats the purpose.

Is the only way to run this by using a bat file? I can't seem to get it going by just using a simple shortcut to Chrome.

wrx7m

Update2-

I got the above Chrome shortcuts working using a GPO with GPP, as shown in my other post-
https://mangolassi.it/topic/19381/creating-a-shortcut-for-chrome-incognito-with-proxy-settings/35

JasGot

What OS?

wrx7m

@JasGot said in Updated - Connecting to 1 Site With Separate Logins/Several IPs:

What OS?

This works on Windows 10 (1703, 1809, 1903), Server 2016 (1607), Server 2012 R2 and Server 2008 R2.

JasGot

@wrx7m said in [Updated - Connecting to 1 Site With Separate Logins/Several IPs]>

This works on Windows 10 (1703, 1809, 1903), Server 2016 (1607), Server 2012 R2 and Server 2008 R2.

Tor is another option. Proxies are already out there.

Lots of guides on setting it up to run multiple browsers from different IPs. We did it years ago for a project and it was perfect. Took a few minutes to setup, but was perfect for the task.

There's even a bash script to do all the setup for you. (Not on Windows, of course)

wrx7m

@JasGot said in Updated - Connecting to 1 Site With Separate Logins/Several IPs:

@wrx7m said in [Updated - Connecting to 1 Site With Separate Logins/Several IPs]>

This works on Windows 10 (1703, 1809, 1903), Server 2016 (1607), Server 2012 R2 and Server 2008 R2.

Tor is another option. Proxies are already out there.

Lots of guides on setting it up to run multiple browsers from different IPs. We did it years ago for a project and it was perfect. Took a few minutes to setup, but was perfect for the task.

There's even a bash script to do all the setup for you. (Not on Windows, of course)

Thanks. This has been up and running via squid on Fedora for several months and works really well.