Bug in HAProxy 59_21 config generation leading to 503 error

cbersot

Hi,

I'm running PFSense 2.4.4-RELEASE-p3 with HAProxy 0.59_21.
I find something really strange in the configuration generate by HAProxy version 59_21. It's something i don't see in my PFSense with Haproxy 0.59_20.

I've created a frontend "TestFE" and one back "TEST_Backend"
In the GUI, in my frontend, I have no acl, juste a "Default Backend" instruction which point ot "TEST_Backend".

When I have no ssl offloading :

But when I have a ssl offloading on a bind :

I don't understand why this acl is created.
Moreover, since my host will never be "pfSense-5e2183c31ebed....", I get a 503 error on all my request.

Is it a known issue ?

PiBa

@cbersot
What certificate did you choose to offload the ssl with in haproxy?

As for the acl, there is a checkbox in the certificate section that will automatically check the subject names that the certificate is valid for.. You could disable that checkbox.. But probably still have a (probably invalid?) certificate served..

cbersot

Ho, okay, my probleme come from the checkbox.
Since I don't have a valid certificate for the moment, it was the webConfigurator default certificate which was used, hence the "pfsense-5e2183c31ebed" host verification.

It's weird because I don't remember unchecking this option, but if I create a Frontend in my Haproxy 59_20, it's indeed checked by default. I must have a bad memory.

Thanks PiBa =)