Thanks for the response. I've been messing around with it a bit more this-morning and think I figured it out. I set everything up a year or so ago and forgot a lot of how I did it. I have haproxy listening to 443 then taking some SNI's and sending them to the auth sub-proxy area and others getting sent to the regular ssl (unauth) sub-proxy frontend place. In the sub-proxy front-ends, I have one listening to say :2044 and had shared frontends clicked. In that subsection, I had the redirection to the backend. I resolved it by getting rid of the :2044 shared frontend and using a custom acl backend set to "ssl_fc_sni_reg myth.<name>". I think my problem was I had a shared frontend setup, for whatever reason, and now it's working fine. I'm no haproxy expert; just a beginner, but I hope this may shed some light into somebody else's problem.

Thanks for the response! So is there any way to do URL filtering in pfSense and then NAT traffic to multiple public IP addresses?

@piba said in Proxy HA slow redirect https to http - [ miragration vm with different subnet ]: haproxy upgrade from 1.8.13 to 1.8.14. @PiBa According to Pieter response, the case was resolved after the haproxy upgrade from 1.8.13 to 1.8.14.

@thanhlangso may i ask what was the solution because i need something similar to whats app

Hi PiBa, and thanks for the response. Would you believe, I have just managed to get it going. Interesting one, IIS site was missing a binding for that particular host header. Strange that it didn't work considering that it's the only site on that server and it was listening on the right port, etc, but it has made the difference to it! Lesson learned!

thanks a lot. Will go through that documentation and try it out.

@jimp said in Lightsquid not removed properly, I think....: Install lightsquid again and then uninstall it, which should remove its service tags Thank you! That worked.....

Captive Portal authentication has been migrated to the user manager in 2.4.4. That option probably no longer makes sense.

@hexine The issue is likely caused by a somewhat messed up configuration somewhere. Do you have a configuration backup from before the upgrade when haproxy was still working? I wonder what the <haproxy> part of that configuration looks like.. As currently it looks like the frontend with name A and description A and without address is kinda 'broken', you could perhaps delete it and configured it fresh.? p.s. i can make the PHP 'not' throw an error on it with a few minor changes, but still it wouldn't 'properly' work.. diff --git a/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners.php b/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners.php index 859ba65697cb..275b318ce75d 100644 --- a/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners.php +++ b/net/pfSense-pkg-haproxy-devel/files/usr/local/www/haproxy/haproxy_listeners.php @@ -256,6 +256,7 @@ function js_callback(req) { $a_frontend_grouped = array(); foreach($a_frontend as &$frontend2) { + getarraybyref($frontend2); $mainfrontend = get_primaryfrontend($frontend2); $mainname = $mainfrontend['name']; $ipport = get_frontend_ipport($frontend2, true);

Hum, you're on to something here! The gitlab server does not use SSL in the background, so I shouldn't have it there but I disabled SSL encryption and enabled SSL checks on the WAN_HTTPS backend and that seems to have done the trick! Sweet bananas, huge thanks!

@kom said in /usr/local/www/sarg.php: The command 'export LC_ALL=C && /usr/local/bin/sarg ' returned exit code '1', the output was 'SARG: File "" not found': I don't know. E2Guardian isn't a supported package either. You are on your own with those. You never touch it, and it usually works but sometimes not? Strange. I'm using Sarg and Lightsquid for now. Let's see if it happens with Lightsquid too. Thank you for your time, Sir.

thanks !