Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Reverse Proxy HTTPS Outside to HTTP Inside

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      paraffin
      last edited by

      Hi

      I am pretty new to pfSense but we are up and running and have been working through configuration quite well.

      I am implementing Squid Reverse Proxy at a site that only has 2 Public IP's and they want multiple services published behind this via HTTPS which is fine. The initial steps I have taken are

      1.) Add the correct SSL cert to pfSense in Cert Manager - Confirmed working
      2.) Created a NAT and Firewall Rule to from Port 443 to 127.0.0.1 Port 1433
      3.) Changed Squid Guard to listen on Loopback Adapter
      4.) Enable HTTPS on 1443
      5.) Added the Intermediate Cert for my CA
      6.) Setup Web Servers as follows: on  TST02  192.168.248.13  443  HTTPS
      7.) Setup Mappings with the url as an example webtest1.mydomain.com
      8.) Enabled Squid Guard

      This config works fine and I added a 2nd web server and that also worked fine.

      My question is if I need to load the SSL Cert on the pfSense I would rather not install it on all servers too as they are internal on a segregated network so HTTP is good with me.

      Is it possible with Squid Guard to have the WAN traffic come in on 443 and then switch it on the LAN to port 80?

      So far I tried just setting the port on the Web servers to port 80 and HTTP  (TST02  192.168.248.13  80  HTTP) but this did not work.

      Could this be because I have the Web GUI running on port 80?

      I will continue the trial and error but just wondered if anyone had any information that could help.

      Cheers
      David

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.