Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    502 Bad Gateway (nginx) after Update to 2.3

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    93 Posts 44 Posters 61.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sandern
      last edited by

      The patch gives me some errors when I test it:

      /usr/bin/patch –directory=/ -t -p2 -i /var/patches/5a269040d9477.patch --check --forward --ignore-whitespace

      Hmm...  Looks like a unified diff to me...
      The text leading up to this was:

      |From 2c131b10b25db593331048d4f2b28fbf9bf5662e Mon Sep 17 00:00:00 2001
      |From: marjohn56
      |Date: Wed, 29 Nov 2017 23:18:51 +0000
      |Subject: [PATCH] Increase FPM process availability in high ram systems
      |
      |To reduce chance of nginx gateway error when interacting with FPM backend, this patch does the following, starts up extra FOM server processes at startup, allows more to stay running on standby, increases automatic shutdown time from 5 seconds to one hour.  On systems with a gig or more of ram
      |–-
      | src/etc/rc.php_ini_setup | 29 +++++++++++++++++++++--------
      | 1 file changed, 21 insertions(+), 8 deletions(-)
      |
      |diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup
      |index 5ce0ef7a31..03bc1178d9 100755
      |--- a/src/etc/rc.php_ini_setup

      +++ b/src/etc/rc.php_ini_setup
      Patching file etc/rc.php_ini_setup using Plan A...
      Hunk #1 succeeded at 265.
      Hunk #2 failed at 317.
      Hunk #3 failed at 340.
      2 out of 3 hunks failed while patching etc/rc.php_ini_setup
      done

      I'm using a new Pfsense 2.4.2 install and using the patch manager from the gui.

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        Try patch 2c131b1.

        Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

        1 Reply Last reply Reply Quote 0
        • S
          sandern
          last edited by

          @marjohn56:

          Try patch 2c131b1.

          Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

          Exactly the same error, so indeed not for 2.4.2. I'll do the changes manually :)

          1 Reply Last reply Reply Quote 0
          • B
            BeerCan
            last edited by

            @marjohn56:

            Try patch 2c131b1.

            Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

            I am getting patch fetch failed when I try this

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Works fine for me, just re-entered that I'd and fetched it again, no problem.

              1 Reply Last reply Reply Quote 0
              • B
                BeerCan
                last edited by

                @marjohn56:

                Works fine for me, just re-entered that I'd and fetched it again, no problem.

                Does this look right?

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest
                  last edited by

                  Strange I get a different ID.

                  Try the full ID 2c131b10b25db593331048d4f2b28fbf9bf5662e

                  1 Reply Last reply Reply Quote 0
                  • B
                    BeerCan
                    last edited by

                    That fails as well
                    here is what is in the log

                    Dec 5 16:46:00 	php-fpm 	70317 	/system_patches.php: Download file failed with status code 0\. URL: https://github.com/pfsense/pfsense/commit/2c131b10b25db593331048d4f2b28fbf9bf5662e.patch 
                    
                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest
                      last edited by

                      This is silly.  ???

                      Here's the full URL that I have just used.

                      https://github.com/pfsense/pfsense/commit/2c131b1.patch

                      1 Reply Last reply Reply Quote 0
                      • B
                        BeerCan
                        last edited by

                        will not fetch that one either.  This is weird

                        1 Reply Last reply Reply Quote 0
                        • L
                          lordalfa
                          last edited by

                          BeerCan, can you get into https://github.com

                          If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

                          1 Reply Last reply Reply Quote 0
                          • B
                            BeerCan
                            last edited by

                            @lordalfa:

                            BeerCan, can you get into https://github.com

                            If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

                            I can't get in with FF or chrome

                            1 Reply Last reply Reply Quote 0
                            • ?
                              Guest
                              last edited by

                              Even stranger… :)

                              I think this is one for the Netgate developers to answer, as they maintain it.

                              1 Reply Last reply Reply Quote 0
                              • P
                                PiBa
                                last edited by

                                I don t think netgate maintains the github.com certificates.
                                It sounds to me like like a invasive proxy with ssl bump.

                                Edit:
                                Or perhaps pfBlocker dnsblock list that redirects to a pfSense hosted site for tracking blocking statistics..

                                1 Reply Last reply Reply Quote 0
                                • ?
                                  Guest
                                  last edited by

                                  It works fine for me though, and others apparently, it's only BeerCan who is having an issue I think.

                                  PiBa, can you try and fetch the patch, see if it's working for you?

                                  To be honest, I only have to click on the link I posted yesterday and I can see the patch.

                                  I did not think that netgate maintains the Github certs, just the pfsense repository, it's just that maybe they may have an idea what's causing the issue.

                                  I've just checked Github's cert and it reports it as OK on my system.

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    PiBa
                                    last edited by

                                    Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

                                    So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      Guest
                                      last edited by

                                      @PiBa:

                                      Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

                                      So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

                                      Thank you sir. I think you are correct on the likely cause.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        BeerCan
                                        last edited by

                                        So I turned unbound off and went back to dnsmasq and github worked.  So I went back and turned unbound back on and no github.

                                        So I ran this cmd

                                        that looks like my pfblocker address.  Problem is pfblocker has been off during all this

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          PiBa
                                          last edited by

                                          Are you sure the "Enable DNSBL" box is also disabled? (not only the "Enable pfBlockerNG")

                                          1 Reply Last reply Reply Quote 0
                                          • B
                                            BeerCan
                                            last edited by

                                            @PiBa:

                                            Are you sure the "Enable DNSBL" box is also disabled? (not only the "Enable pfBlockerNG")

                                            OK I went through all of the feeds and it is dansguardian that is blocking the patch system (I xx out my uid) 
                                            https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=8&list=dansguardian

                                            found this blocks it as well  https://malc0de.com/bl/BOOT

                                            Do others have this enabled and are able to attach to the patch system?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.