I am sorry to reply so late to this, but I did not access the forums for a long while because I did not have any notification about it. I managed to make haproxy work perfect only by moving to ssl redirect on haproxy and adding letsencrypt certificates to the server. I did not manage to make it work without ssl. This is anyway better practice, as traffic is encrypted and browsers and other devices will trust my servers.

@cybis thanks a lot for responding

Edit: The last couple of days I have tried to gather some information of why the service won't start. Unfortunately there is not much information that can help me for specific installations on FreeBSD. But I have tried the following commands, with the output I get. I don't know if someone can see why it fails. /usr/local/etc/rc.d/haproxy start: WARNING: failed precmd routine for haproxy /usr/local/etc/rc.d/haproxy enable: haproxy enabled in /etc/rc.conf /usr/local/etc/rc.d/haproxy status: haproxy is not running. /usr/local/etc/rc.d/haproxy configtest: Configuration file has no error but will not start (no listener) => exit(2). haproxy -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid: [ALERT] 070/102644 (18074) : [haproxy.main()] No enabled listener found (check for 'bind' directives) ! Exiting. Also, what I've done so far: Set the protocol for the webConfigurator to https Changed the TCP port to something other than 443 Turned on the Disable webConfigurator redirect rule Some other information that might be important: When I click on the (I don't know what else to call it) play button, the gear will load for a few seconds, then reload and then silently fail. Because the Haproxy service isn't enabled, I can't save the change made in settings of; Enable HAProxy. If anyone has an idea of what might be happening, please let me know because I'm out of idea's.

@jonathanlee said in Squid Proxy and antivirus update questions: Could I not hand the firewall SSL certificate to the ClamAV antivirus software that is installed on the firewall's proxy? ClamAV uses this when investigating "c-icap" since this is http proxy, https is not an option... By the way, many people fall in love with this option Squid - ClamAV, but I'll tell you that AV stuff running on firewalls doesn't make sense... In this very dangerous IT world, host AV is the only solution, as it scans the traffic within the network, often the devil is not coming from the internet, but from the neighbour's machine with a pendrive, etc. +++edit: *"c-icap is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. Most of the commercial HTTP proxies must support the ICAP protocol. The open source Squid 3.x proxy server supports it."* - from http://c-icap.sourceforge.net/

I was able to solve this by following the HAProxy documentation regarding HTTP to HTTPS redirect. Adding unless { ssl_fc } to my ACL action on the front end got rid of the error. Now it looks like : scheme https unless { ssl_fc } [image: 1646860000790-image-01-resized.jpg] [image: 1646860001150-image-02-resized.jpg]

After several tests, enabling CARP Status VIP on squid of primary node, it changes on secundary node. But If I disable primary CARP temporary (or even disconnect the cable of that interface), and secundary node, changes to master, there is no changes on squid and squidguard services in both nodes. In other words it doenst change anything. If I leave CARP Status VIP disabled, all services work in both sides. When I set to none on CARP Status VIP, those services on secundary node, come back to life. There is any impact on both enduser and backoffice sides, on leaving CARP Status VIP disabled on a high availability system?

@anandpeculiar this can be done under Advanced Settings--> Backend Pass thru using the expect string, http-check expect string XS01

I made it work with regex matching, though, I'd still like to edit the file--the HAProxy docs mention regex matching hits on performance. :/ I don't know how regex works but I hope a super simple catch all host regex "(.*)" rule plus creative rule re-ordering are easier on the cores.

yes i had this problem too and thanks to instazoomhd i fixed it