@bihzs
Configure your frontend type for SSL, and configure a acl that checks the ServerNameIndication

@Brailyn
The frontend3-offloading uses type HTTP, this cannot pass openvpn traffic which doesn't use http..
You can still have a 'offloading' frontend of-course. But the backend that sends traffic there would not be the default backend for the frontend2-SNI. There would be a acl check for on or more SNI-name's like myFirstOffloadedSite.domain.tld mySecondOffloadedSite.domain.tld and then a action use-backend:frontend3-offloading when that acl matches. Then that frontend3 can handle the certificates and further splitting of host headers so first site and second site get actually handled by first- backend and second-backend.

As for how the backend is named and what it does, that indeed is probably a little strange, but you can change the names of-course.. I was just telling with minimal changes how to achieve the initial goal while seeing that you where not actually using the that default backend at the time.

I'm glad, if you found my help helpful send me like this: 5ae3b12f-26b9-43a9-9f0b-060a399b731f-image.png

Solved in https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/14

How you have it setup that is correct. With SSL filtering disabled Squid will only proxy http traffic.

Steve

SafeSearch feature in the latest pfBlockerNG-devel:
Screenshot from 2020-05-01 19-27-43.png

@PiBa said in Unable to add PPA to Ubuntu server when connected to HAProxy.:

I'm running out of ideas what to check without some 'hands on' checking.. But i think we are active in different time-zones.. 'CET-evenings'..

That's okay, I understand. I think I'm going to make a new question in a different topic that might have more folks who can help. I really appreciate you helping me out here.

@emeric what if you disable squid for LAN users?
or disable reverse squid?
Will you see the same errors?

I found that I had to delete the front end entry that had a logging setting, it fixed the error.

A new question, how do you enable logging for HAPROXY within pfSense properly?

@aracloud
using https? and certificate acl's checkbox set ?

-edit-
uh sorry you Already mention using http..

check that the browser is actually sending a Host header ?