Webserver ProxySQL

[Elia Domenico]

Hi everyone 😊 I'm starting to learn ProxySQL and I have to configure it to a remote machine with Ubuntu 24.04.3 as the os. The goal is to use it as a proxy server for a simple 3 node cluster, configured with Galera. 
I followed the basic configuration explained in the official documentation of ProxySQL to get it work, and I've tried also to enable the http server, but, when I try to connect to https://(public_ip):6080, the web browser returns "The connection was reset" error. 
I tried to launch "curl https://127.0.0.1:6080" command on the remote shell by using ssh, but it returns error 60: SSL certificate problem: unable to get local issuer certificate. 
I tried also "curl http://127.0.0.1:6080" but it returns error 52: empty response from server.

I'm sure that I'm missing something.

Thank you in advance 🙏

[Claus Koch]

Hi eliadom...@gmail.com,

ProxySQL uses a self-generated SSL certificate, which is rejected by all reputable browsers. I suppose this explains the "reset error" you mentioned.  With Firefox, I get a page titled "Warning: Potential Security Risk," and I must select "Advanced..." , followed by "Accept Risk and Continue," before I can access the password dialog. With Chrome, the message is "Your connection is not private," followed by "Advanced" and "Proceed to stage-cstm-proxy-11 (unsafe)."  I believe these browsers can be configured to reject untrustworthy certificates without leaving you ani choice. Your browser can probably be set to give you the option of trusting an unknown certificate. If that's not possible, you could provide ProxySQL with a valid certificate, or you could manually add the self-signed certificate to your list of trusted certificates.

ps: I can't make curl work either, but wget --no-check-certificate https://user:pass...@127.0.0.1:6080/ works fine.

[Elia Domenico]

Thank you for your reply 🙏

I did a new fresh install of proxy sql and I did again all the basic configuration. Now, the web browser shows "your connection is not private" and the "accept risk and continue" button. After clicking on it, a credential dialog box appears, but it keeps appearing again every time I try to login. I'm using the standard Admin credentials.

I tried also the wget command as your suggestion and I receive this message from terminal:

 --2025-09-25 13:46:39--  https://admin:*password*@127.0.0.1:6080/
Connecting to 127.0.0.1:6080... connected.
WARNING: cannot verify 127.0.0.1's certificate, issued by ‘CN=ProxySQL_Auto_Generated_CA_Certificate’:
  Unable to locally verify the issuer's authority.
    WARNING: certificate common name ‘ProxySQL_Auto_Generated_Server_Certificate’ doesn't match requested host name ‘127.0.0.1’.
HTTP request sent, awaiting response... 401 Unauthorized
Authentication selected: Digest realm="Access to ProxySQL status page",qop="auth",nonce="66a9b5fed3a7b33c595fa75e875b02e600002159",opaque="733b20011778ce330631c9afof70a870baddd964",algorithm=MD5
Connecting to 127.0.0.1:6080... connected.
WARNING: cannot verify 127.0.0.1's certificate, issued by ‘CN=ProxySQL_Auto_Generated_CA_Certificate’:
  Unable to locally verify the issuer's authority.
    WARNING: certificate common name ‘ProxySQL_Auto_Generated_Server_Certificate’ doesn't match requested host name ‘127.0.0.1’.
HTTP request sent, awaiting response... 401 Unauthorized

Username/Password Authentication Failed.