Ok i found a post that said to switch from latest to previous stable version 23.01, and now it installed. Now i just need to search for a guide on configuring squid...

I've also problem with home assistant behind ha proxy.
If I ste a direct nat roule to port 8123 works all good, but if I try to use the ha link I receive a 503 error page.
this is my ha config, any idea?
p.s. all other backends are working correctly

# Automaticaly generated, dont edit manually. # Generated on: 2023-07-31 19:46 global maxconn 1000 stats socket /tmp/haproxy.socket level admin expose-fd listeners uid 80 gid 80 nbproc 1 nbthread 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon tune.ssl.default-dh-param 2048 server-state-file /tmp/haproxy_server_state frontend http bind 192.168.1.220:80 name 192.168.1.220:80 mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 http-request redirect scheme https frontend https_443 bind 192.168.1.220:443 name 192.168.1.220:443 ssl crt-list /var/etc/haproxy/https_443.crt_list mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl ha var(txn.txnhost) -m beg -i ha.mysite.org acl NAS var(txn.txnhost) -m beg -I nas.mysite.org acl www var(txn.txnhost) -m beg -I www.mysite.org acl proxmox var(txn.txnhost) -m beg -I proxmox.mysite.org acl firewall var(txn.txnhost) -m beg -I firewall.mysite.org http-request set-var(txn.txnhost) hdr(host) use_backend ha_ipvANY if ha use_backend NAS_ipvANY if NAS use_backend serverweb_ipvANY if www use_backend proxmox_ipvANY if proxmox use_backend firewall_ipvANY if firewall backend ha_ipvANY mode http id 102 log global timeout connect 30000 timeout server 30000 retries 3 timeout tunnel 60000s server ha 192.168.1.138:8123 id 103 ssl verify none backend NAS_ipvANY mode http id 100 log global timeout connect 30000 timeout server 30000 retries 3 server nas8 192.168.1.112:8080 id 101 backend serverweb_ipvANY mode http id 104 log global timeout connect 30000 timeout server 30000 retries 3 server www 192.168.1.239:80 id 105 backend proxmox_ipvANY mode http id 106 log global timeout connect 30000 timeout server 30000 retries 3 server proxmox 192.168.1.236:8006 id 107 ssl verify none backend firewall_ipvANY mode http id 108 log global timeout connect 30000 timeout server 30000 retries 3 server firewall 192.168.1.1:80 id 105

Thanks

@inghaj said in Logging HTTPS Web Sites:

Is there still a way to do this, or are browsers too security conscious now ?

When you instruct your browser to talk to "microsoft.com" it has ways to detect if there is a MITM, aka your squid.
Your browser and "microsoft.com" agreed that they don't want a MITM, to protect the end user. And because it defies the usage of TLS (https).
This time it's you, next time it's the neighbor, or the government, or any 3 letter agency, and so on.

Meet HTTP Strict Transport Security

Btw : If you find a way around this, you'll be very famous.
I'm not sure if you become 'rich' but one thing is sure : your 'quality of live' will strongly degrade, as there will be many coming after you as you are the one that broke world's economy (a Internet can't be used anymore for trusted transactions).

@planedrop said in Logging HTTPS Web Sites:

I will say that Chrome semi-recently started using it's own certificate store instead of the local one

It probably has a build in list with sites 'not to mess with' == known HSTS sites.

@proggggger After disabling roundrobin the amount of /409 errors did decrease significantly. I will monitor for a bit more and if its resolved then im going to submit a redmine for a documentation update. This is a long standing problem.

@siv I can do that.

I am not on a point release.

https://www.mozilla.org/en-US/firefox/115.0.2/releasenotes/
Version 115.0.2, first offered to Release channel users on July 11, 2023

If you just go to about on your firefox it should update to 0.2

If you go here - it downloads "Firefox Setup 115.0.2.exe"

https://www.mozilla.org/en-US/firefox/all/#product-desktop-release

@viragomann Was just thinking about recommending this as well. There is a default pool you could use

Hi guys

since this morning I have the exact same problem with another site https://www.regione.lombardia.it

To temporarily solve the problem, I added the site to the ACLs withelist of the Squid proxy Server.

I wanted to understand what actions to take and if I can improve my setup.
@Gertjan can I lower the parameter you highlighted after that?

Thanks again and good job

Michele

Fixed!