Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug in HAProxy 59_21 config generation leading to 503 error

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 441 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cbersot
      last edited by cbersot

      Hi,

      I'm running PFSense 2.4.4-RELEASE-p3 with HAProxy 0.59_21.
      I find something really strange in the configuration generate by HAProxy version 59_21. It's something i don't see in my PFSense with Haproxy 0.59_20.

      I've created a frontend "TestFE" and one back "TEST_Backend"
      In the GUI, in my frontend, I have no acl, juste a "Default Backend" instruction which point ot "TEST_Backend".

      When I have no ssl offloading :
      edbb3ea0-bb14-474f-b2aa-3603e55f383b-image.png

      But when I have a ssl offloading on a bind :
      59ac5389-1970-46d9-a248-965853b99110-image.png

      I don't understand why this acl is created.
      Moreover, since my host will never be "pfSense-5e2183c31ebed....", I get a 503 error on all my request.

      Is it a known issue ?

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @cbersot
        last edited by

        @cbersot
        What certificate did you choose to offload the ssl with in haproxy?

        As for the acl, there is a checkbox in the certificate section that will automatically check the subject names that the certificate is valid for.. You could disable that checkbox.. But probably still have a (probably invalid?) certificate served..

        1 Reply Last reply Reply Quote 0
        • C
          cbersot
          last edited by

          Ho, okay, my probleme come from the checkbox.
          Since I don't have a valid certificate for the moment, it was the webConfigurator default certificate which was used, hence the "pfsense-5e2183c31ebed" host verification.

          It's weird because I don't remember unchecking this option, but if I create a Frontend in my Haproxy 59_20, it's indeed checked by default. I must have a bad memory.

          Thanks PiBa =)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.