Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    502 Bad Gateway (nginx) after Update to 2.3

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    93 Posts 44 Posters 59.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tward800
      last edited by

      Thank you again.  I replaced the original file and re-applied the patch the proper way for pfSense.  Other than some extra spaces I had it correct.
      The router continues to be stable with this patch.

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        That's good.

        The advantage of using the patch system, apart from saving you a lot of work, is that you have a setting in the patch that allows for it to be automatically re-applied when you update pfSense. It checks to see whether it can be re-applied cleanly and does so. Obviously, if the file(s) the patches are applied against change in a way that means the patch will not cleanly apply then it does not do so, so when you use patches it's advisable to check after an update. For the average user who is not on the beta trail this means only a two or three times a year, beta testers should check every time they update.

        1 Reply Last reply Reply Quote 0
        • C
          chrcoluk
          last edited by

          tward800 thanks for your feedback, even if there is no problems, feedback is good, as it helps developers make a decision on if a patch is safe enough to rollout or not.

          pfSense CE 2.7.2

          1 Reply Last reply Reply Quote 0
          • S
            sandern
            last edited by

            The patch gives me some errors when I test it:

            /usr/bin/patch –directory=/ -t -p2 -i /var/patches/5a269040d9477.patch --check --forward --ignore-whitespace

            Hmm...  Looks like a unified diff to me...
            The text leading up to this was:

            |From 2c131b10b25db593331048d4f2b28fbf9bf5662e Mon Sep 17 00:00:00 2001
            |From: marjohn56
            |Date: Wed, 29 Nov 2017 23:18:51 +0000
            |Subject: [PATCH] Increase FPM process availability in high ram systems
            |
            |To reduce chance of nginx gateway error when interacting with FPM backend, this patch does the following, starts up extra FOM server processes at startup, allows more to stay running on standby, increases automatic shutdown time from 5 seconds to one hour.  On systems with a gig or more of ram
            |–-
            | src/etc/rc.php_ini_setup | 29 +++++++++++++++++++++--------
            | 1 file changed, 21 insertions(+), 8 deletions(-)
            |
            |diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup
            |index 5ce0ef7a31..03bc1178d9 100755
            |--- a/src/etc/rc.php_ini_setup

            +++ b/src/etc/rc.php_ini_setup
            Patching file etc/rc.php_ini_setup using Plan A...
            Hunk #1 succeeded at 265.
            Hunk #2 failed at 317.
            Hunk #3 failed at 340.
            2 out of 3 hunks failed while patching etc/rc.php_ini_setup
            done

            I'm using a new Pfsense 2.4.2 install and using the patch manager from the gui.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Try patch 2c131b1.

              Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

              1 Reply Last reply Reply Quote 0
              • S
                sandern
                last edited by

                @marjohn56:

                Try patch 2c131b1.

                Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

                Exactly the same error, so indeed not for 2.4.2. I'll do the changes manually :)

                1 Reply Last reply Reply Quote 0
                • B
                  BeerCan
                  last edited by

                  @marjohn56:

                  Try patch 2c131b1.

                  Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

                  I am getting patch fetch failed when I try this

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest
                    last edited by

                    Works fine for me, just re-entered that I'd and fetched it again, no problem.

                    1 Reply Last reply Reply Quote 0
                    • B
                      BeerCan
                      last edited by

                      @marjohn56:

                      Works fine for me, just re-entered that I'd and fetched it again, no problem.

                      Does this look right?

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        Strange I get a different ID.

                        Try the full ID 2c131b10b25db593331048d4f2b28fbf9bf5662e

                        1 Reply Last reply Reply Quote 0
                        • B
                          BeerCan
                          last edited by

                          That fails as well
                          here is what is in the log

                          Dec 5 16:46:00 	php-fpm 	70317 	/system_patches.php: Download file failed with status code 0\. URL: https://github.com/pfsense/pfsense/commit/2c131b10b25db593331048d4f2b28fbf9bf5662e.patch 
                          
                          1 Reply Last reply Reply Quote 0
                          • ?
                            Guest
                            last edited by

                            This is silly.  ???

                            Here's the full URL that I have just used.

                            https://github.com/pfsense/pfsense/commit/2c131b1.patch

                            1 Reply Last reply Reply Quote 0
                            • B
                              BeerCan
                              last edited by

                              will not fetch that one either.  This is weird

                              1 Reply Last reply Reply Quote 0
                              • L
                                lordalfa
                                last edited by

                                BeerCan, can you get into https://github.com

                                If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

                                1 Reply Last reply Reply Quote 0
                                • B
                                  BeerCan
                                  last edited by

                                  @lordalfa:

                                  BeerCan, can you get into https://github.com

                                  If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

                                  I can't get in with FF or chrome

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest
                                    last edited by

                                    Even stranger… :)

                                    I think this is one for the Netgate developers to answer, as they maintain it.

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      PiBa
                                      last edited by

                                      I don t think netgate maintains the github.com certificates.
                                      It sounds to me like like a invasive proxy with ssl bump.

                                      Edit:
                                      Or perhaps pfBlocker dnsblock list that redirects to a pfSense hosted site for tracking blocking statistics..

                                      1 Reply Last reply Reply Quote 0
                                      • ?
                                        Guest
                                        last edited by

                                        It works fine for me though, and others apparently, it's only BeerCan who is having an issue I think.

                                        PiBa, can you try and fetch the patch, see if it's working for you?

                                        To be honest, I only have to click on the link I posted yesterday and I can see the patch.

                                        I did not think that netgate maintains the Github certs, just the pfsense repository, it's just that maybe they may have an idea what's causing the issue.

                                        I've just checked Github's cert and it reports it as OK on my system.

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          PiBa
                                          last edited by

                                          Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

                                          So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

                                          1 Reply Last reply Reply Quote 0
                                          • ?
                                            Guest
                                            last edited by

                                            @PiBa:

                                            Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

                                            So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

                                            Thank you sir. I think you are correct on the likely cause.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.