Bug in HAProxy 59_21 config generation leading to 503 error



  • Hi,

    I'm running PFSense 2.4.4-RELEASE-p3 with HAProxy 0.59_21.
    I find something really strange in the configuration generate by HAProxy version 59_21. It's something i don't see in my PFSense with Haproxy 0.59_20.

    I've created a frontend "TestFE" and one back "TEST_Backend"
    In the GUI, in my frontend, I have no acl, juste a "Default Backend" instruction which point ot "TEST_Backend".

    When I have no ssl offloading :
    edbb3ea0-bb14-474f-b2aa-3603e55f383b-image.png

    But when I have a ssl offloading on a bind :
    59ac5389-1970-46d9-a248-965853b99110-image.png

    I don't understand why this acl is created.
    Moreover, since my host will never be "pfSense-5e2183c31ebed....", I get a 503 error on all my request.

    Is it a known issue ?



  • @cbersot
    What certificate did you choose to offload the ssl with in haproxy?

    As for the acl, there is a checkbox in the certificate section that will automatically check the subject names that the certificate is valid for.. You could disable that checkbox.. But probably still have a (probably invalid?) certificate served..



  • Ho, okay, my probleme come from the checkbox.
    Since I don't have a valid certificate for the moment, it was the webConfigurator default certificate which was used, hence the "pfsense-5e2183c31ebed" host verification.

    It's weird because I don't remember unchecking this option, but if I create a Frontend in my Haproxy 59_20, it's indeed checked by default. I must have a bad memory.

    Thanks PiBa =)


Log in to reply