@sensewolf All of the applications I have that run websockets use the same port, so I do not create separate backends for them and it works fine. If your application does use separate ports then you will need to create a separate backend. I'm not sure how common this is, but I have I think 5 domains with websockets and none of them use a separate port.

@viragomann I see, a misunderstanding on my part then

Yeah, same problem here, I was hitting the wall for days, messing with certificates, and it was this exact bug. april 2025 recent pfsense/haproxy devel install, and still nothing.

On 11/04/25 03:47, Jonathan Lee wrote:
Hello fellow Squid users,
Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom config and go to complete splice all and it still occurs with or without cache enabled and or squid guard enabled. It is something I just don’t know how to correct it. I worked on testing it in command line a while back but could not find a way to get the status page working again.
Show Quoted Content
On 11/04/25 03:47, Jonathan Lee wrote:
Hello fellow Squid users,
Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom config and go to complete splice all and it still occurs with or without cache enabled and or squid guard enabled. It is something I just don’t know how to correct it. I worked on testing it in command line a while back but could not find a way to get the status page working again.

Bug #15410: cache_object://URL Scheme is removed in Squid-6 - pfSense Packages - pfSense bugtracker https://redmine.pfsense.org/issues/15410

As discussed in that bug report the "cache_object://" scheme has been replaced by "http://(visible_hostname):3128/squid-internal-mgr/"

The scheme can be "https://" so long as the proxy listening port is configured with the https_port directive.

visible_hostname should be replaced by the contents of the visible_hostname directive, or listening IP address. This is just one of the many reasons that directive needs to be a DNS resolvable domain name.

The port 3128 can be another forward-proxy or an 'accel' mode port if you wish. Cannot be an 'intercept' or 'tproxy' *_port, nor an https_port with SSL-Bump enabled.

FTR; What we are familiar with as an "index page" is not provided by the Squid cache manager by default. I provide a basic UI at https://github.com/yadij/cachemgr.js that makes accessing the reports a bit easier for humans.

HTH
Amos

squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

Did you manage to get it working as I am doing the same thing but have noticed Cloudflare Proxied traffic seems to really be slow......not sure if there is something in Cloudflare that needs tweaking but it is pretty much unusable

@viragomann said in Nextcloud und SSL über pfSense Configurieren:

https://<WAN IP>

Sooo Fehler gefunden, es waren die IPv6 Einträge, gelöscht und es funktioniert!

Über DSL von Zuhause konnten alle anfragen Aufgelöst werden, über bein Test gerät welches über Mobiele Daten ging nicht... da dieses vermutlich IPv6 genutzt hatte.

Besten Danke für die unterstützung

@ngr2001 I don’t know try the directive to see it if works, I do not have that crypto chip

@tiago-duarte squid + pfSense plus

@Sebastian74

If you're using TCP mode, make sure that SSL passthrough is configured correctly for both backends.

If you're offloading SSL at HAProxy, ensure that the certificates are properly assigned and that backend communication is happening over HTTP or correctly re-encrypted HTTPS.

I'm using every of this two option because one server have the certificate inside it, the other one is certified by HA Proxy and the cert is on Pfsense.

I need to mix this two mode or tell me another way to do this correctly, i can't find anything for this case scenario.

Thank you

Wow, I am some glad I finally found this. I've been racking my brain on it since December, and holding off upgrading 2 production instances of pfSense to 24.11 as I thought the problem was related to 24.11, and not MIM. I'll now be able to do the upgrades on those 4 other units(2x HA pairs in remote datacenter sites).

CPU and memory all good. This is a brand new install. Why would I need to rebuild the cache?

Thank you!

@JonathanLee Hi, running Pfsense CE 2.7.2 Squid 6.3.

Make sense what you mention, will be cool to have this feature available.

Thanks @JonathanLee

The options are still valid; they just can't have spaces between them otherwise it tries to interpret them is new switches.

As far as I can tell the pfSense HAProxy SSL backend checks do not work and are bugged, at least for backend devices that have a self signed cert. I've tried everything and always resort back to doing basic checks.