Squid3 - New GUI with sync, normal and reverse proxy
-
Where can I find the correct instructions on using squid 3 reverse proxy with HTTPS.
I been reading several forum entries and several seem to conflict. The situation is I have several HTTPS sites each with their own SSL certificate. Trying to find the best way to implement reverse proxy. Some forums seem to indicate that you can do it with one certificate and others say that you need an ssl certificate for each site. Tried a number of them and none seem to work.
I just want to know how to serve "easily" more than one 443 web site on more than one server using PFSense and Squid 3 reverse proxy for HTTPS. Is there an authoritative guide on this subject which gives step by step directions that actually works every time?
Thanks
cjb -
with one extenal ip and an wildcard ssl you can publish as many sites you need with the same domain.
with one external ip and more then one ssl, you may need one port for each site.
-
Hi,
I config reverse proxy to Exchange, but on RPC over HTTP service show MISS/401. If redirect 443 port to exchange didn't have error.
Result test in https://www.testexchangeconnectivity.com
Additional Details
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
The attempt to ping the endpoint failed.
Tell me more about this issue and how to resolve itAdditional Details
The RPC_E_ACCESS_DENIED error (0x5) was thrown by the RPC Runtime process. -
Can you try with squid3-dev fetching missing sasl libs.
Squid 3.1 does not has http 1.1 support but squid3.3 has.
-
One more certificate question. Is it possible to use a SAN certificate instead of a wildcard certificate for the reverse proxy?
Thanks,
grassu -
Marcelloc, I tryed use Squid3-dev, but had a problem to start squid.
pfSense php: /pkg_mgr_install.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libgssapi.so.10" not found, required by "squid"'
-
marceloc,
Testei o Squid3-Dev, mas com ele ocorre um erro parecido.
Tentando realizar ping no ponto de extremidade RPC 6001 (Exchange Information Store) no servidor 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
Falha ao tentar fazer ping no ponto de extremidade.Detalhes Adicionais
Erro RPC lançado pelo processo de Tempo de Execução RPC. Erro 1818 CallCancelledSe faço um NAT direto para o Exchange não ocorre erro.
Tentando realizar ping no ponto de extremidade RPC 6001 (Exchange Information Store) no servidor 5a56cc6d-4eba-4f85-8b64-2e68abd4cbf7@domain.com.
Êxito ao fazer ping no ponto de extremidade.Detalhes Adicionais
Status RPC Ok (0) retornado em 968 ms.No Log aparece isso.
10.07.2013 18:32:57 207.46.14.63 TCP_MISS_ABORTED/200 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:27 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:26 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/200 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5
10.07.2013 18:32:23 207.46.14.63 TCP_MISS/200 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/Rpc/RpcProxy.dll? - 10.1.0.5
10.07.2013 18:32:20 207.46.14.63 TCP_MISS/401 https://mail.domain.com/rpc/rpcproxy.dll? - 10.1.0.5 -
Please upload the pbi first before updating the package information. :'(
Beginning package installation for squid3-dev . Downloading package configuration file... done. Saving updated package information... done. Downloading squid3-dev and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8-amd64.pbi ... could not download from there or http://files.pfsense.org/packages/amd64/8/All//squid-3.3.8-amd64.pbi. of squid-3.3.8-amd64 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for squid-3.3.8-amd64...done. Removing squid3-dev components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... done. Failed to install package. Installation halted. -
Please upload the pbi first before updating the package information. :'(
Beginning package installation for squid3-dev . Downloading package configuration file... done. Saving updated package information... done. Downloading squid3-dev and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8-amd64.pbi ... could not download from there or http://files.pfsense.org/packages/amd64/8/All//squid-3.3.8-amd64.pbi. of squid-3.3.8-amd64 failed! Installation aborted.Backing up libraries... Removing package... Starting package deletion for squid-3.3.8-amd64...done. Removing squid3-dev components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Cleaning up... done. Failed to install package. Installation halted.getting something similar for the 32bit version.
Downloading http://files.pfsense.org/packages/8/All/squid-3.3.8.tbz … could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/squid-3.3.8.tbz.
of squid-3.3.8 failed! -
The PBI version(s) was/were fixed yesterday evening (for me), I'm now running 3.3.8.
-
Hi…I'm having the same problem with the latest Squid 3.3-Dev beta 3.3.8 pkg 2.1.2 . I've got a brand new 2.0.3-RELEASE (amd64) install and I get the following when I tried to install Squid yesterday like some of the other posters.
Beginning package installation for squid3-dev...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading squid3-dev and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/amd64/8/All/squid-3.3.8.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/squid-3.3.8.tbz.
of squid-3.3.8 failed!Otherwise...love PFsense and a huge thank you to everyone who is working on this project!
-
Good day to all! Help please!
2.0.3-RELEASE (amd64)
built on Fri Apr 12 10:27:15 EDT 2013
FreeBSD 8.1-RELEASE-p13Squid3 and SquidGuard Installed. Everything works except for reverse proxy, if you turn off SquidGuard - revers proxy works fine, as soon as there is in the config Squid "redirect_program/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf" reverse falls off. Squidguard finds sqerrore.php on the web server where was мapped reverse.
I'm sorry for my english. -
Can someone confirm if the 3.38.PBI is still broken / fixed?
Any special steps to take when installing not to break anything?
I see it in the Packages now in my PFSENSE GUI but hesitant to install.
Thanks!
-
Looks like still broken. Installed and it complains about some ClamV file missing but I do not have antivirus enabled.
-
I have a pfSense 2.0.3 Box Squid3 + SquidGuard was worked nice,
i removed squid3 and installed squid3-dev from package menu i download those 6 lib file to /usr/local/lib it seems squid-dev is running since i dont have any error in system log and service status is running,But nothing can pass via pfsense i have set it up as default gateway in my workstations but not website can browse !
ping is passing without problem.i have this kind of error when trying ro restart the service or change configurations:
php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was 'squid: ERROR: Could not send signal 15 to process 6614: (3) No such process'- i didnt touch any routing,rule,nat setting they are all like default setting.
thanks
-
Would appreciate it if someone opens a new thread when this version of Squid is up and running as a package with no need to be mucking around with external libs and patches etc. ::)
-
Squid3-dev has it's own forum topic.
-
Hi Marcelloc,
I discovered a bug, i don't know if it IIS8 or the Reverse Proxy. I'm running Exchange 2010 SP3 on Server 2012
1st test:
Im using OWA on Exchange 2010 Through the Reverse Proxy, all working fine, but i can't attach larger files to an Email. I'll get connection reset and in the SQUID Log i see the Line TCP_MISS/401. i Tried Firefox and Chrome.2nd test:
i add a NAT rule to forward Port 4343 to the IIS Server on Port 443. All working fine, i test it with an attachment with 8mb in size.IIS/Exchange is configured for Basic Auth.
if i get this working, i will write a little Howto. all other thinks, like Autodiscover, Outlook Anywhere, etc. are working perfectly…
Best regards
Dave -
2nd test:
i add a NAT rule to forward Port 4343 to the IIS Server on Port 443. All working fine, i test it with an attachment with 8mb in size.This is a known issue caused by IIS… i think default is 2KB upload. can't give u more atm, but google can help you in seconds with somethin like "iis owa attachement size"
-
This is a known issue caused by IIS… i think default is 2KB upload. can't give u more atm, but google can help you in seconds with somethin like "iis owa attachement size"
i dont think so, because the test file has 8MB in size. i uploaded it with chrome on https://internalhostname/owa/ without any problems.
But anyway, i'll try your suggestion.
Edit: OWA's default size Limit is 30MB
