Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy broke after update to pfs 22.05

    Scheduled Pinned Locked Moved
    pfSense Packages
    3
    4
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisjx
      last edited by

      HAproxy 0.61_7 depends upon HAProxy 22-2.2.22

      Not getting through on my setup which uses haproxy to config letencrypt with endpoint in haproxy and http from there to web server.

      Has been working fine but a couple of days after installing 22.05, I see its not working, I don't get the status page either.

      When I re-saved front end settings, I got this at the top of the web page:

      Errors found while starting haproxy
      [NOTICE] 228/122954 (77521) : haproxy version is 2.2.22-16420af
      [ALERT] 228/122954 (77521) : parsing [/var/etc/haproxy_test/haproxy.cfg:42] : errorfile : '/var/etc/haproxy_test/errorfile_jumano.net_503_MAINTENANCE': unabled to parse headers (error offset: 0)
      [ALERT] 228/122954 (77521) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
      [ALERT] 228/122954 (77521) : Fatal errors found in configuration.

      My haproxy.cfg, Not sure why haproxy_test dir. I tried to cover my tracks here so hope I'm not leaking anything too hackable... ;)

      Thanks for any tips.

      Automaticaly generated, dont edit manually.

      Generated on: 2022-08-17 12:29

      global
      maxconn 600
      log /var/run/log local0 debug
      stats socket /tmp/haproxy.socket level admin expose-fd listeners
      uid 80
      gid 80
      nbproc 1
      nbthread 1
      hard-stop-after 15m
      chroot /tmp/haproxy_chroot
      daemon
      tune.ssl.default-dh-param 2048
      log-send-hostname HaproxyMasterNode
      server-state-file /tmp/haproxy_server_state

      listen HAProxyLocalStats
      bind 127.0.0.1:2200 name localstats
      mode http
      stats enable
      stats admin if TRUE
      stats show-legends
      stats uri /haproxy/haproxy_stats.php?haproxystats=1
      timeout client 5000
      timeout connect 5000
      timeout server 5000

      frontend myhome.net
      bind 99.99.99.99:443 name 99.99.99.99:443 ssl crt-list /var/etc/haproxy_test/myhome.net.crt_list
      bind 66.66.66.66:443 name 66.66.66.66:443 ssl crt-list /var/etc/haproxy_test/myhome.net.crt_list
      mode http
      log global
      option dontlog-normal
      option httplog
      option http-keep-alive
      option forwardfor
      acl https ssl_fc
      http-request set-header X-Forwarded-Proto http if !https
      http-request set-header X-Forwarded-Proto https if https
      timeout client 30000
      errorfile 503 /var/etc/haproxy_test/errorfile_myhome.net_503_MAINTENANCE
      acl nextcloud-acl var(txn.txnhost) -m str -i nextcloud.myhome.net
      acl gitlab-acl var(txn.txnhost) -m str -i gitlab.myhome.net
      acl photobox-acl var(txn.txnhost) -m str -i photobox.myhome.net
      acl arc-acl var(txn.txnhost) -m str -i arc.myhome.net
      acl music-acl var(txn.txnhost) -m str -i music.myhome.net
      acl aclcrt_myhome.net var(txn.txnhost) -m reg -i ^([^.]*).myhome.net(:([0-9]){1,5})?$
      http-request set-var(txn.txnhost) hdr(host)
      use_backend photobox_ipvANY if photobox-acl aclcrt_myhome.net
      use_backend music_ipvANY if music-acl aclcrt_myhome.net
      use_backend nextcloud_ipvANY if nextcloud-acl aclcrt_myhome.net
      use_backend gitlab_ipvANY if gitlab-acl aclcrt_myhome.net
      use_backend photobox-arc_ipvANY if arc-acl aclcrt_myhome.net

      backend photobox_ipvANY
      mode http
      id 105
      log global
      timeout connect 30000
      timeout server 30000
      retries 3
      server photobox 192.168.0.89:3000 id 104

      backend music_ipvANY
      mode http
      id 101
      log global
      timeout connect 30000
      timeout server 30000
      retries 3
      server music 192.168.0.94:4040 id 104

      backend nextcloud_ipvANY
      mode http
      id 103
      log global
      timeout connect 30000
      timeout server 30000
      retries 3
      server nextcloud 192.168.0.80:80 id 104

      backend gitlab_ipvANY
      mode http
      id 106
      log global
      timeout connect 30000
      timeout server 30000
      retries 3
      server gitlab 192.168.0.88:80 id 104

      backend photobox-arc_ipvANY
      mode http
      id 100
      log global
      timeout connect 30000
      timeout server 30000
      retries 3
      server arc0 192.168.0.174:3000 id 104

      C 1 Reply Last reply Reply Quote 0
      • C
        chrisjx @chrisjx
        last edited by

        OK. I discovered that the errorfile 503

        errorfile 503 /var/etc/haproxy_test/errorfile_myhome.net_503_MAINTENANCE

        was the problem. It had a custom html section that obviously had a problem with something in haproxt or 22.05.

        I deleted the entry and we're back.

        1 Reply Last reply Reply Quote 0
        • K
          kaweksl
          last edited by kaweksl

          Looks like haproxy now require to have headres in errorfiles

          like
          HTTP/1.0 503 Service Unavailable
          Cache-Control: no-cache
          Connection: close
          Content-Type: text/html

          <html>asdfasdfasdf</html>

          I had same issue after updateing to pfSense Ce 2.7.0

          1 Reply Last reply Reply Quote 0
          • S
            sharmzy
            last edited by

            i had this issue, solved it after changing "httpforclose" to "httpclose" as the new version doesn't support that old config var, perhaps dev can do some some parsing magic? lucky the error code lead me to this

            1 Reply Last reply Reply Quote 0
            • First post
              Last post