Bug in HAProxy 59_21 config generation leading to 503 error
-
Hi,
I'm running PFSense 2.4.4-RELEASE-p3 with HAProxy 0.59_21.
I find something really strange in the configuration generate by HAProxy version 59_21. It's something i don't see in my PFSense with Haproxy 0.59_20.I've created a frontend "TestFE" and one back "TEST_Backend"
In the GUI, in my frontend, I have no acl, juste a "Default Backend" instruction which point ot "TEST_Backend".When I have no ssl offloading :
But when I have a ssl offloading on a bind :
I don't understand why this acl is created.
Moreover, since my host will never be "pfSense-5e2183c31ebed....", I get a 503 error on all my request.Is it a known issue ?
-
@cbersot
What certificate did you choose to offload the ssl with in haproxy?As for the acl, there is a checkbox in the certificate section that will automatically check the subject names that the certificate is valid for.. You could disable that checkbox.. But probably still have a (probably invalid?) certificate served..
-
Ho, okay, my probleme come from the checkbox.
Since I don't have a valid certificate for the moment, it was the webConfigurator default certificate which was used, hence the "pfsense-5e2183c31ebed" host verification.It's weird because I don't remember unchecking this option, but if I create a Frontend in my Haproxy 59_20, it's indeed checked by default. I must have a bad memory.
Thanks PiBa =)