@jdennis011 See attached image for a small draw up. For the breakdown:
The enduser is supposed to access system A from outside the network via HTTPS, system A grabs data from the API(both in local lan) but the API only communicates via http. So how do link the two on the HAproxy, such that data between system A and the API is shared via http in the background but shared to the end user via HTTPS?
Please note: if system A cannot locate the API server, the site breaks and nothing works.
haproxy.jpeg

@alekoy
did you solve this issue?

@sipriuspt Perhaps their certs really are invalid? A LetsEncrypt root cert expired a while back that caused such problems. Look at the details of the cert error and see what the problem is. That will help you decide if it's anything wrong on your end.

@samdond

Browsers will always warn if a certificate is self signed.
When you access the pfSense GUI over https, pfSense will use a self generated - thus self signed - certificate. You can instruct your browser to make an exception.

Or get a certificate from a trusted certificate authority, like Letsencrypt and the acme.sh pfSense package.

@samdond said in Problem with webGUI certificate:

Set pfSense's web gui to use http rather than https.

That's another solution.

OK Found the answer, I had to put this :

$sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str[] = '<iframe> src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1" > </iframe>';

Right before the ?> at the end of /usr/local/www/sgerror.php, which for whatever reason didn't work earlier. This can be closed :)

@bkeadle também estou com esse problema. tenho ultima versão do squid, squidGuard e lightSquid. Estou tendo problemas em gerar os relatorios no lightSquid.

@marcelloc Instalei o squidanalyzer após ativar o seu repositórios não oficial. Após instalação ainda apresenta as seguintes recomendações:

Modify your httpd.conf to allow access to HTML output like follow:
Alias /squidreport /usr/local/www/squidreport
<Directory /usr/local/www/squidreport>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>

If necessary, give additional host access to SquidAnalyzer in httpd.conf.
Restart and ensure that httpd is running.

Browse to http://my.host.dom/squidreport/ to ensure that things are working
properly.

Setup a cronjob to run squid-analyzer daily:

SquidAnalyzer log reporting daily

0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

or run it manually.
For more information, see /usr/local/share/doc/squidanalyzer/README file.

Cleaning up cache... done.

Poderia ajduar?

@doktornotor mesmo instalando o repositório não oficial, e buscando o pacote, ele gera essa recomendações de conf mesmo:

Após instalar o pacote temos a seguinte recomendação. Você consegue executar?

Modify your httpd.conf to allow access to HTML output like follow:
Alias /squidreport /usr/local/www/squidreport

Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1

If necessary, give additional host access to SquidAnalyzer in httpd.conf.
Restart and ensure that httpd is running. Browse to http://my.host.dom/squidreport/ to ensure that things are working
properly. Setup a cronjob to run squid-analyzer daily: SquidAnalyzer log reporting daily

0 2 * * * /usr/local/bin/squid-analyzer > /dev/null 2>&1

or run it manually.
For more information, see /usr/local/share/doc/squidanalyzer/README file.

Cleaning up cache… done.

@fireix estou com o mesmo erro. Porém nem tenho cach ativo no squid.
Já reiniciei o pfesene e continua.

@gertjan

Thank you, I had seen this thread and followed the OP's advice prior to the expiry of the LE certificate. So I thought I was prepared.

But reading again and on, there was a problem reported, not exactly mine but similar enough.

(Apparently, my problem was not the certificate itself (as expected by you) but the root or the intermediate certificate (the browser on my phone did not go into those details)).

I followed the advice, deleted the CAs and renewed the certificate again. This recreated the CAs and solved my problem.

Still strange that I encountered the problems only on my mobile but not on my PC...

6 year old post about 2.1.5??

Solved!

Found the issue, apparently the health check settings in the backend configuration was the "culprit".
The default setting is HTTPS check and changed it to a basic (socket) check.

So it had nothing to do with my cert or HAProxy configuration itself (beside the health check setting).

@ageekhere
Yeap, of course !

OK Quick update, this is done using "Remote cache" in the config (the entire tab is done with this).

I now have a working proxy for http requests, and I'm not sure on how to apply the same thing (forward every request to upstream proxy) for https without having to setup a CA.

Any ideas?