Squid reverse proxy + multiple ssl certificates

doublehelix

Hello,
I've pfsense running for years now and I must say it's just awesome!
I recently have installes some webservices which I want to access over wan through a https connection.
I've set up a squid3 reverse proxy at the moment which is workind fine so far. It looks like this:

domain1 –----->IP 1---------> port 443 -------> service1
domain2-------->IP 1---------> port 443-------->service2

Service 1 gets the ssl certificate from pfsense and works perfect. Service 2 gets the same cert, but is not working correct because of a different domain.
Is it possible to assign a certificate to specific routes e.g assign cert 1 to the ip from service 1 and cert 2 to the ip of service 2.

Kind regards
Herb

A Former User

@doublehelix:

Hello,
I've pfsense running for years now and I must say it's just awesome!
I recently have installes some webservices which I want to access over wan through a https connection.
I've set up a squid3 reverse proxy at the moment which is workind fine so far. It looks like this:

domain1 –----->IP 1---------> port 443 -------> service1
domain2-------->IP 1---------> port 443-------->service2

Service 1 gets the ssl certificate from pfsense and works perfect. Service 2 gets the same cert, but is not working correct because of a different domain.
Is it possible to assign a certificate to specific routes e.g assign cert 1 to the ip from service 1 and cert 2 to the ip of service 2.

Kind regards
Herb

No need to start a new topic here, as this is literally the exact same scenario I'm encountering; Am I correct in assuming assigning the reverse proxy on Squid to multiple SSL certificates (due to our IIS web server hosing multiple domains, many of which desire to become SSL'd) is impossible?

Sorry/not sorry for the necropost; I would have been typing the EXACT same thing verbatim.

gregor4711

same question to this old topic

have 2 domain wich point to the same official IP4.

abc.domain1 –----->IP4 aa.bb.cc.dd:443 -------> webservice1
def.domain2-------->IP4 aa.bb.cc.dd:443-------->webservice2

The mapping is in general working, but squid is trowing an error, it would not be allowd (since other domain)

in squid general "External FQDN" only one FQDN allowed.

any solution for that.

Same has succes with HA Proxy?

viktor_g

@gregor4711

Feature request created:
https://redmine.pfsense.org/issues/11200

Mister-Magoo

It is possible with Haproxy but ... on a independant Haproxy VM.
I don't know with Haproxy plugin

gregor4711

@viktor_g
Hi Viktor any planed release for that?

Thanks & BR
Gregor