Squid Reverse Proxy HTTPS Outside to HTTP Inside



  • Hi

    I am pretty new to pfSense but we are up and running and have been working through configuration quite well.

    I am implementing Squid Reverse Proxy at a site that only has 2 Public IP's and they want multiple services published behind this via HTTPS which is fine. The initial steps I have taken are

    1.) Add the correct SSL cert to pfSense in Cert Manager - Confirmed working
    2.) Created a NAT and Firewall Rule to from Port 443 to 127.0.0.1 Port 1433
    3.) Changed Squid Guard to listen on Loopback Adapter
    4.) Enable HTTPS on 1443
    5.) Added the Intermediate Cert for my CA
    6.) Setup Web Servers as follows: on  TST02  192.168.248.13  443  HTTPS
    7.) Setup Mappings with the url as an example webtest1.mydomain.com
    8.) Enabled Squid Guard

    This config works fine and I added a 2nd web server and that also worked fine.

    My question is if I need to load the SSL Cert on the pfSense I would rather not install it on all servers too as they are internal on a segregated network so HTTP is good with me.

    Is it possible with Squid Guard to have the WAN traffic come in on 443 and then switch it on the LAN to port 80?

    So far I tried just setting the port on the Web servers to port 80 and HTTP  (TST02  192.168.248.13  80  HTTP) but this did not work.

    Could this be because I have the Web GUI running on port 80?

    I will continue the trial and error but just wondered if anyone had any information that could help.

    Cheers
    David