Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy 0.59_4 is broken :(

    Scheduled Pinned Locked Moved Cache/Proxy
    17 Posts 4 Posters 1.7k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Smoothrunnings
      last edited by Smoothrunnings

      So there is no confusion lets start with this image alt text
      I am using pfSense 2.4.3-p1, this is a new box running an i7 3770S, 8GB of RAM, and a Intel 320 40GB SSD. Its an old SmoothWall. So pfSense is a fresh install so is HAProxy. My old pfSense firewall which is a Watchguard XTM 5 series runs 2.4.3-p1 and an older version of HAPRoxy 0.54_2

      The problem lies in the Expression list, found in the table for the ACL (access control list) look at the picture if you don't understand. This is under the Frontend. I use 'Server Name indication TLS extension matches' for the Expression on all my servers. In the new 0.59_4 this Expression isn't an option when creating new entry. But if you save what you created using any of the Expressions available and edit the Frontend again then edit any of the entries, under Expression (under the ACL table) the option for 'Server Name indication TLS extension matches' appears however after selecting it on all my servers and clicking save, going back to to verify, I noticed all my entries under the ACL table are GONE.

      I already had someone on Reddit verify this on his pfSense 2.4.3-p1 and HAProxy 0.59_4, I would like to know if there is a work around or if there will be another release soon of HAProxy addressing this issue (and others)??

      Thanks,

      P 1 Reply Last reply Reply Quote 0
      • jahonixJ Offline
        jahonix
        last edited by

        https://forum.netgate.com/search?term=HAProxy%200.59_4&in=titlesposts&matchWords=all&sortBy=relevance&sortDirection=&showAs=posts

        1 Reply Last reply Reply Quote 0
        • S Offline
          Smoothrunnings
          last edited by

          How long does it take for the committed changes to be active on pfSense? Someone gave me this link, you can see there is a HAProxy 059_5 deve level. Not sure if that's for the 2.4.4 dev or what?

          https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-haproxy

          1 Reply Last reply Reply Quote 0
          • jahonixJ Offline
            jahonix
            last edited by

            @smoothrunnings
            I have no idea.
            Follow LEVenetz advice, reinstall 0.59_2 and you're good to go again.

            1 Reply Last reply Reply Quote 0
            • P Offline
              PiBa @Smoothrunnings
              last edited by PiBa

              @smoothrunnings
              Ive tried this exact scenario.. And it works properly here.
              -Installed 2.4.3 and updated to 2.4.3p1
              -Installed 'haproxy 0.59_4'
              -Create frontend,
              -Set type to "ssl/https"
              -Choose the "Server Name Indication TLS extension matches"
              -Save / open frontend again.. settings are still there..

              p.s. if you change the type to 'http' do your acl's come back? are you sure you used the sni acl's and not the 'host matches' which is a http acl not a ssl/https one.?

              Edit:
              p.s. any javascript errors in the browser console, and what browser is used?

              Edit2:
              The 'correct' screen shot looks different.. ive got a CS checkbox in the acl's configuration:
              0_1532817719108_2018-07-29 00_33_28-Window.png

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                Smoothrunnings @PiBa
                last edited by

                @piba

                Confirmed with others on reddit it's broken. Can you show the HAProxy version you were using in a screen shot, could it be your running version 0.59_5?

                Reddit post and confirmation as of today. I don't think others would be lying...
                https://www.reddit.com/r/PFSENSE/comments/92it0e/haproxy_setup_issue/

                Thanks

                P 1 Reply Last reply Reply Quote 0
                • P Offline
                  PiBa @Smoothrunnings
                  last edited by

                  @smoothrunnings
                  0_1532818812990_2018-07-29 00_59_59-Window.png

                  S 1 Reply Last reply Reply Quote 0
                  • S Offline
                    Smoothrunnings @PiBa
                    last edited by

                    @piba LIke I said for myself and others it doesn't work. I think its fair say it's broken. I am not sure what hardware you are using or what you had installed on it previously, but I started with with nothing installed on my SmoothWall (CAR-3030) appliance. Others online have tested it and said it fails. So clearly there is a problem.

                    I found the thread to revert back to the previous build that works, I think I am going to do that. Then not update until I have some way of verifying the issue has been resolved.

                    Thanks,

                    P jahonixJ 2 Replies Last reply Reply Quote 0
                    • P Offline
                      PiBa @Smoothrunnings
                      last edited by

                      @smoothrunnings
                      Ive started with a empty VM adn installed a fresh pfSense with a fresh haproxy on it..

                      Yes there were some issues for sure with previous versions, if there still are we need to figure out how to fix them.. simply reverting is not the right option long term. And well i cannot reproduce the issue as described currently so wont be able to fix it..

                      I need your input for this, we need to find what was different between your and my installation.

                      S 1 Reply Last reply Reply Quote 0
                      • jahonixJ Offline
                        jahonix @Smoothrunnings
                        last edited by

                        @smoothrunnings said in HAProxy 0.59_4 is broken :(:

                        Others online have tested it and said it fails.

                        AFAIK PiBa is the main committer to the HAproxy package.
                        It would be in your own interest to help him sort out scenarios where it's not working rather than citing what others say or pointing to reddit.

                        At least that's what I would do if a developer responds to my problem directly...

                        1 Reply Last reply Reply Quote 0
                        • S Offline
                          Smoothrunnings @PiBa
                          last edited by

                          @piba

                          pfSense and installed packages:

                          http://www.smoothrunnings.ca/images/reddit/ha-pic1.jpg
                          http://www.smoothrunnings.ca/images/reddit/ha-pic2.jpg

                          Video one, creation of the option, notice how the drop down list is incomplete. The list shows up perfectly on my old pfsense firewall that runs the older version of HAProxy on the same machine...so its not a JAVA issue..but thanks. :)

                          https://youtu.be/eDmlbsO3X-s

                          Video 2. After have selected anything out of the list, saved my settings, tried to apply and gotten an error, then gone back into the frontend you can see my entry is completely gone. Just as others including myself have experienced in 0.59_4

                          https://youtu.be/tA3Jt6wDst8

                          P 1 Reply Last reply Reply Quote 0
                          • P Offline
                            PiBa @Smoothrunnings
                            last edited by

                            @smoothrunnings
                            And the 'type' on your video is set to 'HTTP' not to 'SSL/HTTPS' ?
                            In which case your not supposed to use SNI..
                            0_1532820932007_2018-07-29 01_34_21-Window.png

                            S 1 Reply Last reply Reply Quote 0
                            • S Offline
                              Smoothrunnings @PiBa
                              last edited by

                              @piba Your right, I stand corrected. Thanks!

                              P 1 Reply Last reply Reply Quote 0
                              • P Offline
                                PiBa @Smoothrunnings
                                last edited by

                                @smoothrunnings
                                OK no problem, with that part out of the way, can you confirm 'everything works properly' for your setup?

                                Yes when editing a frontend its possible to choose acl methods that are not applicable to that type of frontend when editing an already existing acl item.. Thats a little 'bug', but it has always been present and is actually not so easy to fix.. not going to burn myself again on that anytime soon :)

                                S 1 Reply Last reply Reply Quote 0
                                • S Offline
                                  Smoothrunnings @PiBa
                                  last edited by

                                  @piba I was able to apply the settings, checking the old firewall it is setup with SSL/HTTPS, one small step I over looked when replicating the changes. I will install the SmoothWall tomorrow but I don't expect any issues, but if there are any I will let you know.

                                  Thanks,

                                  1 Reply Last reply Reply Quote 0
                                  • M Offline
                                    maverick_slo
                                    last edited by

                                    Wow...
                                    I`m without haproxy now :)

                                    Number of packages to be reinstalled: 1
                                    [1/1] Reinstalling pfSense-pkg-haproxy-devel-0.59_5...
                                    [1/1] Extracting pfSense-pkg-haproxy-devel-0.59_5: .......... done
                                    Removing haproxy-devel components...
                                    Menu items... done.
                                    Services... done.
                                    Loading package instructions...
                                    Deinstall commands... done.
                                    Syslog entries... done.
                                    Saving updated package information...
                                    overwrite!
                                    Loading package configuration... done.
                                    Configuring package components...
                                    Loading package instructions...
                                    Custom commands...
                                    Executing custom_php_install_command()...
                                    Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/pkg/haproxy/haproxy.inc:1477
                                    Stack trace:
                                    #0 /usr/local/pkg/haproxy/haproxy.inc(2385): haproxy_writeconf('/var/etc/haprox...')
                                    #1 /usr/local/pkg/haproxy/haproxy.inc(653): haproxy_check_run(1)
                                    #2 /etc/inc/pkg-utils.inc(760) : eval()'d code(1): haproxy_custom_php_install_command()
                                    #3 /etc/inc/pkg-utils.inc(760): eval()
                                    #4 /etc/inc/pkg-utils.inc(847): eval_once('haproxy_custom_...')
                                    #5 /etc/rc.packages(74): install_package_xml('haproxy-devel')
                                    #6 {main}
                                    thrown in /usr/local/pkg/haproxy/haproxy.inc on line 1477
                                    PHP ERROR: Type: 1, File: /usr/local/pkg/haproxy/haproxy.inc, Line: 1477, Message: Uncaught Error: Cannot create references to/from string offsets in /usr/local/pkg/haproxy/haproxy.inc:1477
                                    Stack trace:
                                    #0 /usr/local/pkg/haproxy/haproxy.inc(2385): haproxy_writeconf('/var/etc/haprox...')
                                    #1 /usr/local/pkg/haproxy/haproxy.inc(653): haproxy_check_run(1)
                                    #2 /etc/inc/pkg-utils.inc(760) : eval()'d code(1): haproxy_custom_php_install_command()
                                    #3 /etc/inc/pkg-utils.inc(760): eval()
                                    #4 /etc/inc/pkg-utils.inc(847): eval_once('haproxy_custom_...')
                                    #5 /etc/rc.packages(74): install_package_xml('haproxy-devel')
                                    #6 {main}
                                    thrownpkg-static: POST-INSTALL script failed

                                    Cleaning up cache... done.
                                    Success

                                    P 1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      PiBa @maverick_slo
                                      last edited by

                                      @maverick_slo
                                      using 2.4.4'beta' with php7 i guess? PR with version 0.59_6 that should fix that one is pending..

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.