@Foloder
So i presume portal.example.org resolves to the IP 192.168.1.101 on the client machine your testing from?
Also check haproxy's stats page to verify that the server shows as 'up', it probably needs 'ssl-checks' enabled on the backend server if it isn't.

Other that that the config seems fine..

Many thanks for your response PIBa...

Since posting my question I have learned that re-writing the headers, using actions in HAProxy is not going to help rewrite the content of the pages themselves (my bad, I'm a noob). The calls to the MongoDB were not direct as you suggested, they were indirect responses from the parseserver app. The solution has been to simply tell the db to declare these https:// urls and that works fine. I had assumed if the db and the parse server weren't actually TLS themselves this might not work, but that was over thinking it perhaps.

Hi,

Proxies need end user programs - like browsers, mail programs, etc to be aware of them.

"speedtest-cli" is a simple tool, at least the one you can install on pfSense, isn't aware of proxies so it can't get out.

I advise you to carefully select two meaningful words like speedtest-cli proxy, feed them into your favourite web search engine, and then do what has been said here.

HAproxy will do that.

To match AD tree, there shouldn't be OU=Info,DC=Info-Tools,DC=lan ?

@jimp said in Bypass squid proxy to some IP:

For that, you will need WPAD or a similar client-based proxy configuration telling it what to use and ignore. Squid can't control that in non-transparent mode, it's 100% up to the client.

Gonna look into that. Thanks

@dragoangel said in Enforce HTTPS on non standard HTTP port:

@chpalmer I not like to be rude,

Then don't be. Theres no sense in that. Its just a conversation and a way to learn. No reason to get heated.

Yep- I was not wearing my glasses and missed that he is trying to use the same port. You said "impossible" and I agree.

@wesleylc1 do u run SquidGuard?

@Schischi exist a third party called PF2AD, I create a video tutorial but is Spanish:

Pf2AD

But u need 2 Pfsense boxes, https://www.pf2ad.com/

Greetings.

Please help?

Looks like the change is coming...

https://obsigna.com/articles/1563917142.html

ssl_crtd was rename to security_file_certgen now squid.inc need fix :-o

@pintu1228 no special. Use corect ACL, action and create backend. What you mean special? This even not websocket.
Acme will newer overwrite another cert with same Common Name. You need remove previous incorrect certificate from certificate manager and after it run get cert again.