Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] HAProxy error after upgrade to 2.4.5-RELEASE

    Scheduled Pinned Locked Moved
    Cache/Proxy
    haproxy ssl
    1
    1
    991
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Matt2
      last edited by Matt2

      Hi all,
      I'm running a Netgate SG-2440 and just upgraded from 2.4.4-p3 to 2.4.5-Release. This upgrade looks to have changed something about HAProxy causing my configuration to no longer work.

      The error I receive on all of my https Frontends is

      Errors found while starting haproxy
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:51] : 'bind 127.0.0.1:19100' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:52] : 'bind /tmp/haproxy_chroot/hass.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:62] : 'bind 127.0.0.1:19101' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/calibre.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:63] : 'bind /tmp/haproxy_chroot/calibre.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/calibre.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:73] : 'bind 127.0.0.1:19102' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/bitwarden.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:74] : 'bind /tmp/haproxy_chroot/bitwarden.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/bitwarden.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:84] : 'bind 127.0.0.1:19103' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/blueiris.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:85] : 'bind /tmp/haproxy_chroot/blueiris.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/blueiris.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:95] : 'bind 127.0.0.1:19104' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/nextcloud.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:96] : 'bind /tmp/haproxy_chroot/nextcloud.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/nextcloud.crt_list'.
[ALERT] 115/202103 (46378) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] 115/202103 (46378) : Fatal errors found in configuration.

      I've attached a slightly modified haproxy.cfg file to help debug. I would be great to just downgrade back to 2.4.4-p3 but that doesn't seem like an easy option and would prevent me from moving forward in the future so my real goal is to get to the bottom of this problem.

      The same error

      [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:51] : 'bind 127.0.0.1:19100' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'.
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:52] : 'bind /tmp/haproxy_chroot/hass.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'.

      I use a very similar configuration for all but 1 of my front ends and the shows up over and over again. So I am assuming if I figure out this error for one of them i'll get it for the rest.

      Debugs steps tried so far,

      • Reboot
      • Renew ACME Certificate (this is the CA used for each of the front ends with the error)
      • Search Google/Forums for similar error. I've read over HAProxy not starting with ssl configuration which looked similar but didn't get me to a solution.

      wow, i can't believe this one. I'll leave this post here to help anyone who may be in the same situation later.
      I must have followed a tutorial many years ago when setting this up that had me put a long string of options in the "Advanced ssl options" section of SSL Offloading. Clearing this box solved my problem

      Matt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post