Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

@PiBa
Adding HTTP/1.0\r\nHost:\ hostname to http check brought the backend up. The whole chain then worked.

I needed to add the hostname to the http check to get it to work.

Thanx for the help.

Can anyone give transparent recommendation what is better to use via squid proxy TLS or SSL ??? and how to set up firefox browser act accordingly? if squid settings tab telling me that squid uses SSL why should I keep TLS active then?

So match the URL and use http-request deny in the frontend.

https://www.haproxy.com/blog/introduction-to-haproxy-acls/

Screen Shot 2020-09-20 at 11.09.44 AM.png

Screen Shot 2020-09-20 at 11.09.52 AM.png

Hi,

Caching https pages is close to impossible these days.
People want secure connections, the ones that can not be intercepted by no body.
Don't you ?
"No body" includes you.

Before you start thinking about proxying https pages, go have a Youtube tour, and see what https really is. Also look up what HSTS is, while you're at it.

Btw : http pages, very popular in the past, can be cached easily.
When all your network clients trust your proxy, then some https can be cached, but sites using HSTS will still be a no-go. And of course, HSTS was unknown some years ago, pretty standard these days.

No joke : if you manage to make it work, you be the most richest man that ever lived (or the first on the "Most wanted" list ...).

@mare said in Adding Certificate Authority for SquidGuard MITM:

I get the error message that the certificate is self-signed.

That might help, because Chrome is always smart ...hmmmm.... from version 58, the self-signed certificate must have the right domain name in the SAN...

https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate

Hi, I'm not expert about Pfsense, but the Target Categories are filled by you. Or, are you talking about the black lists? In that case, you can decompress and open with a notepad every list.

Yeah haproxy would be better choice for sure. And with 2.5 and the update to openssl 1.1.1 you should be able to update to tls 1.3 even.

@nandoiin
The log log-unixsocket and logfiles are managed by the syslog service. As such how big the logfiles are made is controlled in the generic pfSense logging settings. Though if your really interested in the logs for longer periods you should probably log them to a remote syslog server.

Update,

Fixed the problem had to do some tweaking on the NextCloud Server also on the other Servers.

Tweak on Nextcloud Server
'overwriteprotocol' => 'https',

also had to change upload File Size.