Squid reverse proxy HTTPS working - HTTP not



  • I'm trying to use Squid as a reverse proxy to securely access some of my internal resources that don't support SSL.

    I have a wildcard cert installed and the reverse proxy listening on 8443 (HTTPS).  It will successfully proxy my one internal service that does support SSL at port 8443.  However, I cannot get it to connect to internal services that are listening on 80 (HTTP).

    The goal is to have the traffic that is going over the internet to the router be secure (SSL), and then proxy unsecure (80) on the internal network.  I have the web servers defined, and a different mapping host for each.  It just doesn't work for the unsecure hosts.

    The error I get is a web page that says "unable to forward the request at this time"

    And here I though SSL was going to be the tricky part…

    I see a number of these errors in the log:
    commBind: Cannot bind socket FD 20 to xx.xx.xx.xx:8443: (48) Address already in use
    (where xx.xx.xx.xx is my WAN address)

    but I'm not sure these are the issue as secure traffic is working...



  • Hey @avmike did you ever get this sorted? I've got the same issue: HTTPS -> HTTPS sites work just fine, even using a self-signed, hell even an expired internal certificate. But, I'm not able to get HTTPS -> HTTP working. I just get "Unable to forward this request at this time".



  • Answered my own question, posting solution here to close the loop: Apparently older versions of the Squid Reverse Proxy package had issues with this. With the current version, you just need to enable the HTTP Reverse Proxy so that it writes the correct cache_peer entries in squid.conf. Then you can create your web servers and set their Protocol to HTTP, and Squid will properly proxy them, SSL terminating at your pfSense. Externally you are presented with the site as HTTPS and your configured pfSense SSL certificate, even though the internal server is actually plain old HTTP port 80 (or whatever port)

    Hope this helps someone!


Log in to reply