[SOLVED] HAProxy error after upgrade to 2.4.5-RELEASE
-
Hi all,
I'm running a Netgate SG-2440 and just upgraded from 2.4.4-p3 to 2.4.5-Release. This upgrade looks to have changed something about HAProxy causing my configuration to no longer work.The error I receive on all of my https Frontends is
Errors found while starting haproxy [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:51] : 'bind 127.0.0.1:19100' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:52] : 'bind /tmp/haproxy_chroot/hass.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:62] : 'bind 127.0.0.1:19101' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/calibre.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:63] : 'bind /tmp/haproxy_chroot/calibre.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/calibre.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:73] : 'bind 127.0.0.1:19102' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/bitwarden.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:74] : 'bind /tmp/haproxy_chroot/bitwarden.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/bitwarden.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:84] : 'bind 127.0.0.1:19103' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/blueiris.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:85] : 'bind /tmp/haproxy_chroot/blueiris.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/blueiris.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:95] : 'bind 127.0.0.1:19104' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/nextcloud.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:96] : 'bind /tmp/haproxy_chroot/nextcloud.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/nextcloud.crt_list'. [ALERT] 115/202103 (46378) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg [ALERT] 115/202103 (46378) : Fatal errors found in configuration.I've attached a slightly modified haproxy.cfg file to help debug. I would be great to just downgrade back to 2.4.4-p3 but that doesn't seem like an easy option and would prevent me from moving forward in the future so my real goal is to get to the bottom of this problem.
The same error
[ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:51] : 'bind 127.0.0.1:19100' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'. [ALERT] 115/202103 (46378) : parsing [/var/etc/haproxy_test/haproxy.cfg:52] : 'bind /tmp/haproxy_chroot/hass.socket' : 'crt-list' : unknown ssl keyword ssl_ciphers on line 1 in file '/var/etc/haproxy_test/hass.crt_list'.I use a very similar configuration for all but 1 of my front ends and the shows up over and over again. So I am assuming if I figure out this error for one of them i'll get it for the rest.
Debugs steps tried so far,
- Reboot
- Renew ACME Certificate (this is the CA used for each of the front ends with the error)
- Search Google/Forums for similar error. I've read over HAProxy not starting with ssl configuration which looked similar but didn't get me to a solution.
wow, i can't believe this one. I'll leave this post here to help anyone who may be in the same situation later.
I must have followed a tutorial many years ago when setting this up that had me put a long string of options in the "Advanced ssl options" section of SSL Offloading. Clearing this box solved my problemMatt