Unable to log into WebUI after 25.07 upgrade
-
Hmm, I assume you haven't made any custom changes to the nginx config there?
Do you see that warning each time the webconfigurator is restarted?
What is the contents of
/var/etc/nginx-webConfigurator.conf? -
@stephenw10
No custom configs at all for nginx. I use pfsense as-is from the factory with no modifications to the filesystem of conf files.
Here is the other freaky part. I cannot log in as admin. It does not take my password - the same one ive been using for years. It doesnt even take the default admin/pfsense credentials. Yet clearly my configuration is all here. I am assuming nginx has their own local database file that it uses for credentials? Admin is not working but a custom user account i created is working but sadly that doesnt have sudo access.[25.07-RELEASE][michael@atl-fw1-inet.moore.lan]/var/etc: more nginx-webConfigurator.conf # # nginx configuration file pid /var/run/nginx-webConfigurator.pid; user root wheel; worker_processes 6; error_log /dev/null; error_log syslog:server=unix:/var/run/log,facility=local5; events { worker_connections 1024; } http { include /usr/local/etc/nginx/mime.types; default_type application/octet-stream; add_header X-Frame-Options SAMEORIGIN; server_tokens off; sendfile off; access_log syslog:server=unix:/var/run/log,facility=local5 combined; keepalive_timeout 75; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; client_header_timeout 10; server { listen 10443 ssl; listen [::]:10443 ssl; http2 on; ssl_certificate /var/etc/cert.crt; ssl_certificate_key /var/etc/cert.key; ssl_session_timeout 10m; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; add_header X-Content-Type-Options nosniff; ssl_session_tickets off; ssl_dhparam /etc/dh-parameters.4096; client_max_body_size 200m; gzip on; gzip_types text/plain text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json; root "/usr/local/www/"; location / { index index.php index.html index.htm; } location ~ (\.inc$|\.orig$|\.pkgsave$) { deny all; return 403; } location ~ \.php$ { try_files $uri =404; # This line closes a potential security hole # ensuring users can't execute uploaded files # see: https://forum.nginx.org/read.php?2,88845,page=3 fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Fix httpoxy - https://httpoxy.org/#fix-now fastcgi_param HTTP_PROXY ""; fastcgi_read_timeout 180; fastcgi_intercept_errors on; include /usr/local/etc/nginx/fastcgi_params; } location ~ (^/status$) { allow 127.0.0.1; deny all; fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Fix httpoxy - https://httpoxy.org/#fix-now fastcgi_param HTTP_PROXY ""; fastcgi_read_timeout 360; include /usr/local/etc/nginx/fastcgi_params; } } } [25.07-RELEASE][michael@atl-fw1-inet.moore.lan]/var/etc:Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
Hmm, that looks normal. Default except the number of worker processes which you must have increased from 2 to 6 at some point. That should be fine.
You have console access? Can you reset the admin password? Or try restarting the webconfigurator?
-
@stephenw10 I do have console access right now but the account I have doesn’t have admin privileges. I can’t log into the admin account for some reason.
How do I reset it from console? -
@michmoor said in Unable to log into WebUI after 25.07 upgrade:
I do have console access right now but the account I have doesn’t have admin privileges. I can’t log into the admin account for some reason.
The console is the serial(USB) or VGA/HDMI access ? That doesn't use the web server at all.
Example, if the system main password file (/etc/password) can't be accessed or is 'broken', ... that would explain a lot.3) Reset admin account and password -
Yes if the admin/root account is unavailable for some reason I'd expect to see numerous errors.
-
@michmoor said in Unable to log into WebUI after 25.07 upgrade:
I am assuming nginx has their own local database file that it uses for credentials?
Not its own.
'The' System > User Password Manager. So a user like the 'admin' is present (has to be present) in the main pfSense config file :
-
@stephenw10
Just coming back to this. Somethign is wrong here. I rebooted again and from console i get the following messageSetting up static routes...done. Setting up DNSs... <pre style="white-space: pre-wrap;">PHP ERROR: Type: 1, File: /var/unbound/pfb_unbound_include.inc, Line: 28, Message: Uncaught Error: Call to undefined function config_read_file() in /var/unbound/pfb_unbound_include.inc:28 Stack trace: #0 /etc/inc/services.inc(4309): require_once() #1 /etc/rc.bootup(335): services_unbound_configure() #2 {main} thrown</pre> *** SYSTEM BOOT FAILURE *** Failed Boot Environment: default_clone_20241126125037 R/r: Enter a recovery shell Any: Shutdown immediately Enter an option: r -
Hmm, there has to be some missing or corrupt files to hit that. It's a very commonly used function.
It rolled back to an earlier snapshot I assume?
Are you able to try upgrading from 24.11 again? Without packages?
-
@stephenw10
Ended up doing a reinstall. Netgate installer is pretty sweet. First time using it and absolutely no issues at all. Impressive.
Also restoring from ACB was a bit nerve racking as I couldn’t find my key but it all worked out in the end. Seamless to get back online to be honest
I really don’t know why people have hang up’s over the installer..it just works
