502 Bad Gateway in Web GUI at 1500+ Captive Portal Users – Need Tuning Suggestions
-
What do you see logged when that happens?
Check the Monitoring Graphs for memory usage vs CP users.
I would try bumping the PHP memory limit in Sys > Adv > Misc and see if that changes the time it takes to fail. Start by doubling it.
That hardware is massively overpowered for almost all deployments. What throughput does/can it pass?
-
@stephenw10 Thanks for the suggestion. Memory limit increased to 3072.
This system has 10 Gbps. -
@iamsumesh This issue is present in version 2.7 of pfSense. It seems the transition from IPFW to PF in the 2.7.x branch might be causing problems, or it may be related to the underlying operating system (FreeBSD). Even if you double the CPU and RAM, it will not work. Enabling the captive portal in 2.7.2 directed most traffic to CPU0, causing it to overload and crash the entire system.
You could try upgrading to version 2.8.1 to see if it resolves the issue (I have not personally tested this yet). However, version 2.7.2 will not work; I have already reported this problem.
https://forum.netgate.com/post/1151842
-
-
@stephenw10 yes and also informed there.
-
@wazim4u Thanks for the suggestion. Let me try with 2.8.0.
Version 2.8.1 is not available in https://www.pfsense.org/download/ -
Please advise if any tuning is required for PHP-FPM, sysctl parameters, or nginx configurations.
-
2.8.1 beta is available as an upgrade or available to install directly from the Net Installer.
https://docs.netgate.com/pfsense/en/latest/install/netinstaller.html -
@stephenw10, Would upgrading to Plus help solve this issue?.
-
Unlikely. The traffic handling for CP clients is identical in Plus.
