@stefan-bendler
If you go to the settings page in HAproxy you can find a button at the bottom to display the whole configuration and would also give information about your backend settings.
From the given information it's not clear to me, what you intend to achieve and what's not working.

I'm wondering, if you're using a public IP inside your network.
If this is your public external IP you may want to hide it.

From your screenshots, I assume the http is working as expected, but for the https obviously gives you the pfSense web GUI.
Is the web configurator listening on the same port as the HAproxy frontend? If so you can change it in System > Advanced > Administration.

@planetinse issue went away after upgrading to TEC (23.05) version (probably the reboot was the fix)

If you want the old blacklist from shalla use the wayback machine and download the last shalla file and place it on the firewall and tell the system to use the path to it.

Or use http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Also you can manually enter items here is a nice DoH list to block

combineddohlist.txt

@michmoor on your redirect URL do you have https:// in front of the URL? I had mtalk.google.com redirect to google.com without the https, and it would show on the browser to many redirects, I changed it to https://www.google.com the error stopped and it worked without the error on the browser.

Keep in mind mtalk.google.com is used for Android push notifications, so my smart phones have approved access, but my desktops are not smartphone capable so it is disabled. Some devices like my iMac constantly had a connection to mtalk. I did some research and mtalk is also abused it seems by invasive actors. So my network now only lets the phones use it. I have googles assistant disabled on everything.

@jimp thanks for looking into this. I will use that URL for future items. I did not know about that other URL until today.

@michmoor
Concerning logs , I have no idea about that
How I can show the logs , I am using GUI

@viragomann someone told me to try and set my frontend to LAN IP in HAProxy and it broke the frontend

c77f2192-0a3c-4a61-8d2d-1e9a08b9f06e-image.png

b31f6e71-3626-4f59-b7ae-21d5a5b04c8e-image.png

need to reset my config again

@firatnemis @SaschaITM Hi guys were you able to solve this issue?
with the new pfSense would be the same concept?

@jimp said in HA-Proxy-devel broken and error in log after update to 0.63_1:

Uninstall haproxy-devel, install haproxy.

The PHP code is the same right now but haproxy is now using the haproxy binaries that were used by -devel before, and -devel is using something newer.

Thank you!!

@jimp I appreciate you.
Those old videos are great for content. I have this one deployment at a rural school. I can host an apache instance and i remember this squidguard video from a year ago where you could have a custom page for blocking. Your code works beautifully. Thanks again.

edit: I love the GIF...but had to get rid of it :)

how any feedback guys?

@PepperDeb said in HAproxy (type = tcp):

I don't want to have the port open available for both domain.

That a wrong point of view. You open the port just on an IP, not on domains. Ports are part of the IP protocol and a single port - IP combination can be used for a single service to listen on.

Domains can be resolved to IP addresses by DNS to get use of it by the IP protocol, and there is no limit on domains you can point on a single IP.
It's just the HTTP protocol that can determine the domain name by the host header, but this happens on layer 7 within the service itself (which is listening on an IP - port combination).

@jpattard splice the connections for teams.