• squidGuard reinstall stuck on config restore

    2
    1 Votes
    2 Posts
    357 Views
    S

    happen also to me during update to 2.4.5-RELEASE-p1, squidguard stuck at reboot on deinstall

  • What are the reqs to SNI Microsoft's web servers with HAProxy?

    9
    0 Votes
    9 Posts
    1k Views
    P

    @skilledinept
    What does the haproxy status page LastChk column say when you enable "SSL checks" on the server, and configure healthcheck method to 'http' ? Wrong method? Try GET perhaps? Or wrong host, try adding a Host header? Or forbidden? Try allowing the 401 status as valid.

  • 0 Votes
    8 Posts
    913 Views
    A

    @aGeekhere said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

    SPLICE ALL

    Thank you,
    The option "SPLICE ALL" solve the problem

  • ACL groups with AD groups do not work?

    Moved
    3
    0 Votes
    3 Posts
    353 Views
    W

    I set up squid authentication with LDAP, and I'm trying to create a group ACL, I'm passing the settings just as pfsense says

    ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))

    but this group acl does not block the blacklist sites, when I create a group acl and place a single user it works which is a beauty

  • HAProxy support for server-template backends (Consul, etc)

    3
    0 Votes
    3 Posts
    1k Views
    Y

    That worked great. I didn't realize you could put the resolvers under global and still have it work.

  • haproxy and wildcard lets encrypt only for internal servers

    13
    0 Votes
    13 Posts
    3k Views
    C

    @noplan Thanks for the reply.

    Naw... I've tried that. It doesn't work for my setup. Pfsense returns two IPs for that hostname...but the 1st IP is the real server IP...the 2nd IP is the 'override' ... besides I can't ssh into the server if the override IP is the only one that resolves for that hostname...

    Just starting to accept the fact that this solution won't work for my setup.

  • HAProxy SSL Offloading is not encrypting

    5
    0 Votes
    5 Posts
    1k Views
    X

    I've noticed that all images are pointing to http, so I got a mixed content error. Changing it fixed the error.

    Thanks

  • Pfsense Squid proxy NONE/409

    10
    0 Votes
    10 Posts
    2k Views
    S

    @aGeekhere thank you. I will check that.

  • Squidguard empty Target Rules (Enable BL Checked)

    6
    0 Votes
    6 Posts
    2k Views
    K

    @papartsharingan
    Thanks man u save me with this info..

  • Squid not listening on port 80

    33
    0 Votes
    33 Posts
    30k Views
    O

    Still having the same issue on 2.4.5-RELEASE (amd64) :(
    I checked config for illegal characters and it all looks good!
    However, as soon as I add another "Web Server" half of all requests from all domains are being forwarded to that new web server.

  • Squid Update to 0.4.44_24

    6
    0 Votes
    6 Posts
    867 Views
    S

    @pgleed ok thank you very much i will try to restart squid and check if it works.
    I also don't want to do the pending update of squid

  • Squid Reverse Proxy and ACME certificates

    1
    0 Votes
    1 Posts
    255 Views
    No one has replied
  • Unifi Controller "400 Bad Request" behind HAProxy

    1
    0 Votes
    1 Posts
    786 Views
    No one has replied
  • SG-1100 Squid ICAP Error.

    1
    0 Votes
    1 Posts
    233 Views
    No one has replied
  • HAproxy 2.0 Prometheus Monitoring How-to

    2
    0 Votes
    2 Posts
    2k Views
    dragoangelD

    For those people who has HAproxy not on pfSense:

    frontend http-promex bind <%IP%>:9001 name <%IP%>:9001 ssl crt-list /var/etc/haproxy/http-promex.crt_list process 1 mode http log global option dontlog-normal option http-keep-alive maxconn 10 timeout client 30000 option http-use-htx http-request use-service prometheus-exporter if { path /metrics } stats enable stats uri /stats stats refresh 10s acl aclcrt_http-promex var(txn.txnhost) -m reg -i ^pfsensen01\.concosto\.com(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) frontend https-f01 bind <%IP%>:443 name <%IP%>:443 ssl crt-list /var/etc/haproxy/https-f01.crt_list alpn h2,http/1.1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 mode http log global option httplog option http-server-close option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl grafana.concosto.com var(txn.txnhost) -m str -i grafana.concosto.com http-request set-var(txn.txnpath) path http-request set-var(txn.txnhost) hdr(host) capture request header X-Forwarded-For len 128 capture request header Host len 32 capture request header User-Agent len 128 use_backend grafana.concosto.com if grafana.concosto.com backend grafana.concosto.com mode http id 160 log global timeout connect 5000 timeout server 30000 retries 3 http-request set-header Host grafana.concosto.com server grafana.concosto.com <%IP%>:3000 id <%ID%> ssl check inter 1000 ca-file /var/etc/haproxy/internal-ca.pem verifyhost grafana.concosto.com resolvers globalresolvers sni str(grafana.concosto.com) check-sni grafana.concosto.com

    Note: find change <%IP%> and grafana.concosto.com in config to your one

  • LightSquid

    Moved
    2
    0 Votes
    2 Posts
    245 Views
    R

    It is fixed now.
    The solution was to change the setting under the report template from text to base and save it.
    Solution.PNG

  • SQUID NOT WORK

    1
    0 Votes
    1 Posts
    244 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    13 Views
    No one has replied
  • [Work in progress] Squid failover AND load balancing for pfSense

    14
    0 Votes
    14 Posts
    6k Views
    viktor_gV

    Feature request: https://redmine.pfsense.org/issues/10541

  • Using HAproxy for reverse proxy with / in the backend

    6
    0 Votes
    6 Posts
    1k Views
    P

    @Evertvh said in Using HAproxy for reverse proxy with / in the backend:

    if i do go and say https://mail.remote-entry.tld/roundcube I get a Server does not exist return. because technically it the correct path for round cube is https://remote-entry.tld/roundcube

    'Who' is saying the server doesn't exist.? I presume you have got the proper DNS records in place to point to haproxy?

    Your first post you wrote "but when i try to reach mail.mydomain.com/roundcube it just takes me to the 192.168.0.20" sounds like you actually did get a response.? (no idea if that was with http or https though.. as you seem to forget to actually specify these details which might actually matter..)

    @Evertvh said in Using HAproxy for reverse proxy with / in the backend:

    if i did get https://mail.remote-entry.tld/roundcube working it would defeat the purpose of what i am trying to achieve.

    What are you trying to achieve?

    what is the desired url to visit in a browser? what have you configured? (show the current config?) what is the current effect what have you checked and what do you expect might need to change? is a request from the browser send to the 'correct' webserver currently already? but its virtual-servers configuration just doesn't recognize the proper website to reply for? if so perhaps a simple set-header command with the actual domain would suffice?

    Anyhow i'm struggling parsing your reply and thoughts mixed together with a seemingly large lack of understanding..

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.