mysteriously works again after a gitlab-upgrade. strange ...

@wifi75 your table shows port 80, not 443 for https

@BerndHu See : "Squid make sure to set “email_err_data off”".

Set this inside of custom options like Example: [image: 1760709794107-screenshot-2025-10-17-at-07.01.42.png] (ignore ssl_engine) After run Squid -k parse and you should see this within the tests if you have no errors and it moves to the next time you have the work around. 2025/10/17 07:02:07| Processing: ssl_engine devcrypto 2025/10/17 07:02:07| Processing: email_err_data off

https://redmine.pfsense.org/issues/15410 Squid also released … “The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-7.2 release! This release is, we believe, stable enough for general production use. We encourage all users of any previous version of Squid to upgrade to it. It can be downloaded from GitHub, at https://github.com/squid-cache/squid/releases/tag/SQUID_7_2 Since version 7.1, squid offers many security fixes and improvements; details can be found in the release notes and in the changelog Please remember to run "squid -k parse" when testing the upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". If you encounter any issues with this release please file a bug report at https://bugs.squid-cache.org/ -- Francesco Chemolli”

I "manually" fixed this issue easily, without moving any library anywhere, because that could break other executables that depend on libc++.so. Simply: scp the squid binary to your FreeBSD/Linux Desktop. if you do: patchelf --print-rpath squid You will see: /usr/local/lib:/usr/lib:/usr/local/lib This is the default RPATH of the executable. We can change this by doing: patchelf --set-rpath /lib:/usr/local/lib:/usr/lib:/usr/local/lib squid This will force squid to look into the /lib folder first. There lives a version of libc++.so.1 that is compatible with squid. After this, just copy back the squid executable to /usr/local/sbin/ . Problem solved

After many days of intense swearing (HAproxy is now referred to as piece of shit in my internal lingo), this is where we are. pfSense generates the config.xml with proper <ssl>yes</ssl> pfsense generates the haproxy.cfg with proper server "id 102 ssl verify none" But even after restarts, haproxy still does not bridge printf 'show servers state\n' | socat - UNIX-CONNECT:/tmp/haproxy.socket 101 TEST-ldap.mintsecurity.fi_ipvANY 102 login-02.ipa.mintsecurity.fi 10.98.0.25 2 0 1 1 1340 9 3 4 0 0 1 1 - 8443 - 0 0 - - 0 But the culprit is /tmp/haproxy_server_state. Delete that, restart, and then: 101 TEST-ldap.mintsecurity.fi_ipvANY 102 login-02.ipa.mintsecurity.fi 10.98.0.25 2 0 1 1 449 1 0 2 0 0 1 1 - 8443 - 1 0 - - 0 You see, the very important 0 that turned into a 1. I have NO IDEA if this issue now is persistent, if every modification will require the deletion of the state file.

@andrew_cb ChatGPT had the right idea but gave me 100 different places to put "load-server-state-from-file none". Your post was worth more than ChatGPT could ever offer!

I even tried deleting and creating a new certificate. Any suggestions?

You can also do ACL modes where subnets can be told to bypass the proxy if needed

You can run via SSH or Diagnostics -> Command prompt squid -k parse and paste output here.

@firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.

@qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

Request for Continued Support of Squid Package Dear Netgate Team, Could we please continue to support the Squid package? The upstream project has already resolved the known security issues, and it appears the main task remaining is updating the package to accommodate the recent PHP changes affecting the status page and address the decode issue. I’m unsure how to address this on my end and would greatly appreciate any guidance. Has anyone else looked into this, or is there a fix currently in progress? Thank you for your time and support. Jonathan Lee

@andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

Hi Andrew, thanks for the tip. I forgot reply here. In our case, the problem was the hardware. Since 2013 I use the same hardware an Athlon LE-1620(1 Core) with 2GB. Some months ago, we created an app with many HAProxy rules and the access is growing. We bought one fanless with Intel J6426 and 8GB and now it´s work fine.

@andrew_cb Thank you for the answer In the end it was a problem that any new backend i added just did not register, i confirm it by taking an existing one and overriding it and it worked so i want the nuclear option and just installed the entire pfsense because installing the haproxy did not help.

@viragomann Thank you, I had that a bit flipped in my mind!