Unable to login to GUI after update to 2.3.4
-
do you have some other services running on port 443 like openvpn?!
had this problem too. sometimes after upgrades, sometimes after reboot.
maybe the reason for that is, that some other service, like openvpn is faster then nginx if they use port 443 too.
since i had much trouble with that, i went back to http at the moment. -
Having the same issue here in Hyper-V after 2.3.4 upgrade.
clog /var/log/system.log says
7872#100134: *65 upstream timed out (60: operation timed out) while reading response header from upstream, client xxx.xxx.xxx.xxx, server: , request: "GET/HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "xxx.xxx.xxx.xxx", referrer: "https://xxx.xxx.xxx.xxx/"option 16 and then 11 results in the same fault.
Nothing hosted on port 443 and plenty of resources for the VM.
*EDIT: my logins are confirmed as successful in the console.
*2nd EDIT:
So I've done some diagnostic, reassigning my LAN interfaces' IP seems to have brought my webUI back up in some fashion.
I'm now getting a response from the login as "authentication error" in console when use the correct password and webUI login page says incorrect username and password when using the incorrect password. -
rolling back to a recent config fixed the 504 gateway error.
rolling forward broke it again.
-
Update when fine, but now cannot login to the GUI I get "504 Gateway Time-out" after I put in my credential in the login page. Ran the script to update the web gui certificate from the console and still cannot login.
Is there a fix to this issue?
Thanks
cjbujold,
Try disconnecting your WAN interface, reboot and then try to log into webUI.
Disconnecting my WAN lets me get in, i assume because the gateway monitoring service goes down?I think it's the HAProxy widget causing my 504 gateway error, i removed it once i could log in and haven't been locked out since.
-
Update: tried the listed option above with no success. On reboot found that the miniupn could not send a message and PFSense lockup. Had to reinstall from scratch and when I try to restore from (tried 7 different ones) a backup on reboot it locks up again.
At this point I'm manually re-entering all of the items we had.
Noticed that the backup does not backup the packages (HAProxy) settings. Is there a way to get this back i'm a gold user and use the autobackup facility.
cjb
-
You're running HAProxy too?
Maybe the issue stems from HAProxy and 2.3.4?
-
rolling back to a recent config fixed the 504 gateway error.
rolling forward broke it again.
Diff the config on console to see what is wrong
diff -Nru oldfile newfike
-
You are correct it seems to be related to Haproxy. If I turn it on everything freezes if I turn it off everything works properly.
I checked the config file for Haproxy and it seems correct. Do not know what to try next.
Suggestion???
-
I can confirm that HAproxy broke my update too. Is it HAproxy or just the dashboard-widget as mentioned above?
Did someone try to disable HAproxy before update and reinstalling it afterwards?
The most debugging seams to be here: https://forum.pfsense.org/index.php?topic=130005.msg716408#msg716408
-
Same issue.
-
Bump, Same here
-
Can confirm, running "haproxy -V -db – /var/etc/haproxy/haproxy.cfg" does restore functionality.
-
So I've tried both 2.4 and 2.3.4 now with HAProxy and the dashboard widget and in either case mine is working fine.
Any other relevant information about the systems experiencing the problem?
Are they running full installations? NanoBSD? i386? amd64? What other packages are installed? And so on.
-
Running full install, amd64, on an NSA3110 packages installed are ACME, darkstat, haproxy, LADVD, LCDproc, mtr-nox11, nut, openvpn client export, pfblocker and snort.
Before upgrade I had 4 backends and 2 frontends (LAN and WAN) 1 of the back ends was the firewall.
My frontend was listening on 80 and 443.
SSL offloading is enabled and I am using an ACME cert.
My primary use for HA Proxy is host redirection (4 sites sitting behind one ip address on the same ports).
I dont actually do any balancing. -
If you check with "pkg update -f" and then "pkg version -vL=" does it show anything that didn't get updated?
-
For those not following the other thread, a few updates:
- This is definitely from HAProxy, typically from the widget but the stats page can also break the GUI
- The problem is HAProxy 1.7.3 and later have a bug where some recent commits broke behavior of the UNIX socket used by the widget and stats page to gather info
- The bug ONLY presents itself if you have DNS Resolvers configured on the Settings tab of the HAProxy package
- See https://redmine.pfsense.org/issues/7533 and my post to the HAProxy discourse site at http://discourse.haproxy.org/t/dns-changes-in-1-7-3-break-unix-socket-stats-when-resolvers-are-configured/1222
I created a patch which reverts the problematic HAProxy changes and applied it to our port, and bumped the HAProxy package version to pick up the changes.
If you are stuck unable to access the GUI, "killall -9 haproxy" will get you in and you can make changes as needed. Upgrade the HAProxy package to 0.52_9 or later.
You can also upgrade the package at the command line, something like "pkg update; pkg upgrade" should do the trick.
Also, upgrading from an earlier version to 2.3.4 will now pick up the fixed version of HAProxy and it will not have this problem.
-
Thanks Jim! Every thing is working as expected now.
