• HAproxy - ACL to Dynamic Action ?

    1
    0 Votes
    1 Posts
    106 Views
    No one has replied
  • Error certificates for reverse proxy since upgrade to squid 0.4.44_19

    19
    0 Votes
    19 Posts
    2k Views
    viktor_gV
    @emeric what if you disable squid for LAN users? or disable reverse squid? Will you see the same errors?
  • squid invalidates https requests

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • [Solved] HAProxy throws error on configuration change

    5
    0 Votes
    5 Posts
    2k Views
    R
    I found that I had to delete the front end entry that had a logging setting, it fixed the error. A new question, how do you enable logging for HAPROXY within pfSense properly?
  • e2guardian block https://127.0.0.1

    1
    0 Votes
    1 Posts
    191 Views
    No one has replied
  • [SOLVED] HAProxy error after upgrade to 2.4.5-RELEASE

    haproxy ssl
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • HAproxy ACL host-regex match any IP address

    2
    0 Votes
    2 Posts
    1k Views
    P
    @aracloud using https? and certificate acl's checkbox set ? -edit- uh sorry you Already mention using http.. check that the browser is actually sending a Host header ?
  • How to use Squid Light Reporting without caching contents.

    1
    0 Votes
    1 Posts
    76 Views
    No one has replied
  • Redirecting nextcloud URL

    1
    0 Votes
    1 Posts
    179 Views
    No one has replied
  • Use HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native

    1
    0 Votes
    1 Posts
    147 Views
    No one has replied
  • a bit help for security concept

    1
    0 Votes
    1 Posts
    156 Views
    No one has replied
  • HAProxy + Ubuntu 18.04 + 2x WordPress Servers + 1x MySQL Server

    3
    0 Votes
    3 Posts
    547 Views
    D
    hi Crazybrain, might i ask how you got wordpress to work behind HAproxy? for some reason i am unable to login when going true the HAproxy, but when i try to acces the local ip adres everything works. made a new post about this, > https://forum.netgate.com/topic/152756/haproxy-unable-to-login-on-wordpress-wp-admin-page Thanks in advance!
  • 0 Votes
    8 Posts
    2k Views
    S
    @PiBa Good news, I got it to work! I did as you suggested and got a self signed certificate on the server using this guide. After that HAProxy is able to route traffic to the host. It even works with the Let's Encrypt wildcard cert I have through the ACME package, so there's no cert errors getting to the site. Thank you for the help again.
  • Jitsi SSL Offload HAProxy Not Working

    3
    0 Votes
    3 Posts
    1k Views
    yuljkY
    Hi PiBa - Many thanks for the reply! I've managed to fix this issue. The problem was caused by using Jitsi's embedded webserver during the installation, which didn't work atall when performing SSL offloading. This seems to be a common issue looking at their forums. Instead I started again, this time installing Apache prior to the Jitsi installation. Jitsi then configured Apache2 accordingly. I had to configure the backend in HAProxy for port 443 and now offloading is working correctly. Here's my working apache2 config for reference. <VirtualHost *:80> ServerName mydomain Redirect permanent / https://mydomain/ RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName mydomain SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/jitsi/meet/mydomain.crt SSLCertificateKeyFile /etc/jitsi/meet/mydomain.key SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED" SSLHonorCipherOrder on Header set Strict-Transport-Security "max-age=31536000" DocumentRoot "/usr/share/jitsi-meet" <Directory "/usr/share/jitsi-meet"> Options Indexes MultiViews Includes FollowSymLinks AddOutputFilter Includes html AllowOverride All Order allow,deny Allow from all </Directory> ErrorDocument 404 /static/404.html Alias "/config.js" "/etc/jitsi/meet/conference.apollon-domain.co.uk-config.js" <Location /config.js> Require all granted </Location> Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js" <Location /external_api.js> Require all granted </Location> ProxyPreserveHost on ProxyPass /http-bind http://localhost:5280/http-bind/ ProxyPassReverse /http-bind http://localhost:5280/http-bind/ RewriteEngine on RewriteRule ^/([a-zA-Z0-9]+)$ /index.html </VirtualHost> Kind Regards
  • pimd 0.0.2 package defects/anomalies

    3
    0 Votes
    3 Posts
    610 Views
    MrPeteM
    @jimp said in pimd 0.0.2 package defects/anomalies: What specific interfaces does PIMD fail on for you? I am not aware of any issues with realtek (reX) but I could see issues with some virtual types. I took the time to dig in on this, because I've been forever a bit confused on just what interfaces I even need to define :) BACKGROUND 0) I do and did have Default Bind set to Bind to None. As you'll see, it doesn't necessarily help (and I may have found at least part of the bug ;) ) I have two HW ifc's, re0 (LAN - VLAN trunked) and re1 (WAN, via pppoe, specified as VLAN 201 by the ISP) Thus, for my WAN there are three levels of interface: re1 (raw hardware) re1.201 (VLAN tagged) pppoe0 (PPP interface) For my LAN there's two levels: raw re0 and the re0.NN VLAN's. I also have OpenVPN (ovpns1) OBSERVATIONS A) At the time of the above report: I had interfaces defined for re0, re1.201, and ovpns1 (I didn't define one for re1) On startup, PIMD always reads vif's from the kernel, and tries to bring them up. (this WITH Default Bind of None.) pimd was seeing, and failing for: re1, ovpns1, and re1.201 ("Invalid phyint address") B) Outside of pimd, having vif's re0 and re1.201 defined has not caused issues elsewhere in pfsense. I've now removed them and pimd no longer tries to bring up re1 or re1.201. C) Even with the above cleaned up... if I try to bring up interface ovpns1 (Bind Always Enable), pimd says it is an invalid interface. (FWIW, pimd does not see ovpns1 when it brings up the kernel-defined list of interfaces.) Presumably, this means pimd can't handle going across openvpn. Any idea how to enable this? (I used to do that all the time with multicast scanning... it would VERY much help to get this working!) D) As reported already, but with more specificity: Not sure why but pimd is defining a "Local static RP: 169.254.0.1, group 232.0.0.0/8" For a while, every N seconds (16?) pimd reports "route to: 169.254.0.1 destination is: 0.0.0.0 gateway is: (my ISP gateway!)" then spits out an error: "For src 169.254.0.1, iif is <WAN iif>, next hoprouter is ...: NOT A PIM ROUTER" AND in the log shows this as a Candidate RP: (69.254.0.1, incoming 9, pref 232/8, prio 1, holdtime 65535) A while later, that entry disappears. But the error logs are there anyway for my pleasure ;) Any idea how to configure so 169.254.0.1 is never defined as an RP? That just seems el-wrongo :( E) Not sure what is causing the following. Doesn't seem to cause harm yet it is anomalous so I'm mentioning it: :) After working through the kernel vifs, and the pimd.conf config... And JUST before first listing the Virtual Ifce Table in the log... pimd is adding one more vif of its own: Vif (n+1), Local address: same as Vif 0, Subnet: "register_vif0", Thresh: 1, Flags: (blank) That vif just sits there... I don't find any docs on register_vif0. Do you know? THANK YOU for getting this into pfSense!!! p
  • Squid reverse proxy switching peers

    6
    0 Votes
    6 Posts
    1k Views
    viktor_gV
    @DefectiveRobot these changes are merged to the latest version of squid pkg: https://redmine.pfsense.org/issues/10450 can you test it?
  • HAproxy SSL PassThu with SNI

    3
    0 Votes
    3 Posts
    1k Views
    DerelictD
    [image: 1587246872744-584c8a5f-8466-42f5-afbe-4be601b72f7a-image.png] I would get it working before enabling things like this too. You really have to know what you are doing to get all of that right.
  • 503 Error with HAProxy

    3
    0 Votes
    3 Posts
    499 Views
    Y
    @jimp thanks.. that did it
  • pfsense 2.4.5 Release issue on HAProxy ?

    Moved
    2
    0 Votes
    2 Posts
    445 Views
    P
    @anandpeculiar It might be enough to restart the pfSense's syslog service, so that it can re-create the log unix-socket also inside the haproxy chroot directory.?.
  • CLI installed pfsense packages not showing up in GUI

    2
    0 Votes
    2 Posts
    203 Views
    GertjanG
    Native FreeBSD 11.3 packages don't know nothing about pfSense. So how could they support it ? pfSense packages can be based on packages build for FreeBSD 11.3, and have then added to them the GUI part , and more code to use the right places. pfSense uses FreeBSD "with modifications". @RahulGarg said in CLI installed pfsense packages not showing up in GUI: I used the command "pkg install squid-4.9" and the installation was successful. then you should continue using the official FreeBSD command interface : the console or SSH access. But be ware : you didn't install it on a native FreeBSD 11.3, but on pfSense, based on FreeBSD - there is a difference.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.