HAProxy 0.59_4 is broken :(
-
@smoothrunnings
Ive tried this exact scenario.. And it works properly here.
-Installed 2.4.3 and updated to 2.4.3p1
-Installed 'haproxy 0.59_4'
-Create frontend,
-Set type to "ssl/https"
-Choose the "Server Name Indication TLS extension matches"
-Save / open frontend again.. settings are still there..p.s. if you change the type to 'http' do your acl's come back? are you sure you used the sni acl's and not the 'host matches' which is a http acl not a ssl/https one.?
Edit:
p.s. any javascript errors in the browser console, and what browser is used?Edit2:
The 'correct' screen shot looks different.. ive got a CS checkbox in the acl's configuration:
-
Confirmed with others on reddit it's broken. Can you show the HAProxy version you were using in a screen shot, could it be your running version 0.59_5?
Reddit post and confirmation as of today. I don't think others would be lying...
https://www.reddit.com/r/PFSENSE/comments/92it0e/haproxy_setup_issue/Thanks
-
-
@piba LIke I said for myself and others it doesn't work. I think its fair say it's broken. I am not sure what hardware you are using or what you had installed on it previously, but I started with with nothing installed on my SmoothWall (CAR-3030) appliance. Others online have tested it and said it fails. So clearly there is a problem.
I found the thread to revert back to the previous build that works, I think I am going to do that. Then not update until I have some way of verifying the issue has been resolved.
Thanks,
-
@smoothrunnings
Ive started with a empty VM adn installed a fresh pfSense with a fresh haproxy on it..Yes there were some issues for sure with previous versions, if there still are we need to figure out how to fix them.. simply reverting is not the right option long term. And well i cannot reproduce the issue as described currently so wont be able to fix it..
I need your input for this, we need to find what was different between your and my installation.
-
@smoothrunnings said in HAProxy 0.59_4 is broken :(:
Others online have tested it and said it fails.
AFAIK PiBa is the main committer to the HAproxy package.
It would be in your own interest to help him sort out scenarios where it's not working rather than citing what others say or pointing to reddit.At least that's what I would do if a developer responds to my problem directly...
-
pfSense and installed packages:
http://www.smoothrunnings.ca/images/reddit/ha-pic1.jpg
http://www.smoothrunnings.ca/images/reddit/ha-pic2.jpgVideo one, creation of the option, notice how the drop down list is incomplete. The list shows up perfectly on my old pfsense firewall that runs the older version of HAProxy on the same machine...so its not a JAVA issue..but thanks. :)
https://youtu.be/eDmlbsO3X-s
Video 2. After have selected anything out of the list, saved my settings, tried to apply and gotten an error, then gone back into the frontend you can see my entry is completely gone. Just as others including myself have experienced in 0.59_4
https://youtu.be/tA3Jt6wDst8
-
@smoothrunnings
And the 'type' on your video is set to 'HTTP' not to 'SSL/HTTPS' ?
In which case your not supposed to use SNI..
-
@piba Your right, I stand corrected. Thanks!
-
@smoothrunnings
OK no problem, with that part out of the way, can you confirm 'everything works properly' for your setup?Yes when editing a frontend its possible to choose acl methods that are not applicable to that type of frontend when editing an already existing acl item.. Thats a little 'bug', but it has always been present and is actually not so easy to fix.. not going to burn myself again on that anytime soon :)
-
@piba I was able to apply the settings, checking the old firewall it is setup with SSL/HTTPS, one small step I over looked when replicating the changes. I will install the SmoothWall tomorrow but I don't expect any issues, but if there are any I will let you know.
Thanks,
-
Wow...
I`m without haproxy now :)Number of packages to be reinstalled: 1
[1/1] Reinstalling pfSense-pkg-haproxy-devel-0.59_5...
[1/1] Extracting pfSense-pkg-haproxy-devel-0.59_5: .......... done
Removing haproxy-devel components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Syslog entries... done.
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/pkg/haproxy/haproxy.inc:1477
Stack trace:
#0 /usr/local/pkg/haproxy/haproxy.inc(2385): haproxy_writeconf('/var/etc/haprox...')
#1 /usr/local/pkg/haproxy/haproxy.inc(653): haproxy_check_run(1)
#2 /etc/inc/pkg-utils.inc(760) : eval()'d code(1): haproxy_custom_php_install_command()
#3 /etc/inc/pkg-utils.inc(760): eval()
#4 /etc/inc/pkg-utils.inc(847): eval_once('haproxy_custom_...')
#5 /etc/rc.packages(74): install_package_xml('haproxy-devel')
#6 {main}
thrown in /usr/local/pkg/haproxy/haproxy.inc on line 1477
PHP ERROR: Type: 1, File: /usr/local/pkg/haproxy/haproxy.inc, Line: 1477, Message: Uncaught Error: Cannot create references to/from string offsets in /usr/local/pkg/haproxy/haproxy.inc:1477
Stack trace:
#0 /usr/local/pkg/haproxy/haproxy.inc(2385): haproxy_writeconf('/var/etc/haprox...')
#1 /usr/local/pkg/haproxy/haproxy.inc(653): haproxy_check_run(1)
#2 /etc/inc/pkg-utils.inc(760) : eval()'d code(1): haproxy_custom_php_install_command()
#3 /etc/inc/pkg-utils.inc(760): eval()
#4 /etc/inc/pkg-utils.inc(847): eval_once('haproxy_custom_...')
#5 /etc/rc.packages(74): install_package_xml('haproxy-devel')
#6 {main}
thrownpkg-static: POST-INSTALL script failedCleaning up cache... done.
Success -
@maverick_slo
using 2.4.4'beta' with php7 i guess? PR with version 0.59_6 that should fix that one is pending..
