form 2.4.3 upgrade 2.4.4rc20180904 can't open gateway GUI
-
This is what I'm running right now :
Instead of the present ( pfSense 2.4.4 Release - /etc/inc/system.inc - appr line 1460 - function system_generate_nginx_config() ) :
if (($config['system']['webgui']['ocsp-staple'] == true) or (cert_get_ocspstaple($cert_temp['crt']) == true)) { $nginx_config .= "\t\tssl_stapling on;\n"; $nginx_config .= "\t\tssl_stapling_verify on;\n"; $nginx_config .= "\t\tresolver " . implode(" ", get_dns_nameservers()) . " valid=300s;\n"; $nginx_config .= "\t\tresolver_timeout 5s;\n"; }I use :
if (($config['system']['webgui']['ocsp-staple'] == true) or (cert_get_ocspstaple($cert_temp['crt']) == true)) { $nginx_resolver_list =''; $dns_nameservers_array = array(); $dns_nameservers_array = get_dns_nameservers(); foreach ($dns_nameservers_array as $dns_nameserver) { if (is_ipaddrv6($dns_nameserver)) $nginx_resolver_list .= '[' . $dns_nameserver . '] '; else $nginx_resolver_list .= $dns_nameserver .' '; } $nginx_config .= "\t\tssl_stapling on;\n"; $nginx_config .= "\t\tssl_stapling_verify on;\n"; $nginx_config .= "\t\tresolver " . $nginx_resolver . " valid=300s;\n"; $nginx_config .= "\t\tresolver_timeout 5s;\n"; }The DNS server list obtained by get_dns_nameservers() is concatenate and separated by a space,
and IPv6 addresses are surrounded with brackets [].
Like thisresolver 127.0.0.1 [::1] valid=300s;nginx is happy now and doesn't blow out of the water when DNS IP's are IPv6.
-
@gertjan said in form 2.4.3 upgrade 2.4.4rc20180904 can't open gateway GUI:
Instead of the present ( pfSense 2.4.4 Release - /etc/inc/system.inc - appr line 1460 - function system_generate_nginx_config() ) :
YES, this is had fix in PF2.4.4 ?
-
@yon-0 said in form 2.4.3 upgrade 2.4.4rc20180904 can't open gateway GUI:
@gertjan said in form 2.4.3 upgrade 2.4.4rc20180904 can't open gateway GUI:
Instead of the present ( pfSense 2.4.4 Release - /etc/inc/system.inc - appr line 1460 - function system_generate_nginx_config() ) :
YES, this is had fix in PF2.4.4 ?
My "fix" should be applied for 2.4.4 Release, nothing else.
Didn't redmine it yet,and as said here Pfsense Bug report, where to send?, I like to have some reactions back, like, why not, yours, after you used the patch.
The bug-squash team has raised DEFCON 1 lately, they have bigger bugs to nail right now.Anyway, these are my DNS servers right now :
which means : the two local hosts (I'm NOT sending anything else my request - I'm just using the Resolver, as simple as possible) .
Note : I did not test with DNS servers like 2001:19f0:7402:d:5400:00ff:fe2a:7fb6 and 2001:41d0:8:be92::1 : you tell me if it works ;)
-
-
Update.
Keep in mind to re patch : 2.4.4-p1 doesn't like IPv6 as DNS server addresses :
Setting up something like this and the GUI will fail to start :
-
yes, now i have to renew do it. thanks!
-
why they still has no fix it?
-
You saw yourself the interesting part : https://forum.netgate.com/topic/138330/pfsense-2-4-4-release-p1-is-now-available/15
I'll have a look at it tomorrow.
edit : I guess I found it :
@jimp isn't using Stapling :if (($config['system']['webgui']['ocsp-staple'] == true) orSo this bunch of code :
$nginx_config .= "\t\tssl_stapling on;\n"; $nginx_config .= "\t\tssl_stapling_verify on;\n"; $nginx_config .= "\t\tresolver " . $nginx_resolver . " valid=300s;\n"; $nginx_config .= "\t\tresolver_timeout 5s;\n";never gets executed so the issue goes unnoticed for most people.
If he did, he will find this thread interesting - all the details are here(above)
@yon-0 don't worry, consider this : you are running an even better "2.4.4-p1" version ;)
-
Done : https://redmine.pfsense.org/issues/9160
@yon-0 : ok to you ? -
@gertjan said in form 2.4.3 upgrade 2.4.4rc20180904 can't open gateway GUI:
Done : https://redmine.pfsense.org/issues/9160
@yon-0 : ok to you ?Very good, I think this question can only be reported clearly by your, because I don't understand code programming.
-
Jimp has applied a solution. See it here https://redmine.pfsense.org/projects/pfsense/repository/revisions/4c6e3de40f56a1bd8d978a9dd4677d0ab025b8cb
