HAProxy SSL certificate selector disappeared? [Solved, browser issue]

siv · Jul 22, 2023, 2:52 AM

Previously, the UI contained a section which permitted selecting the SSL certificates to be included in SNI on shared front-ends, at both the listener and individual front-ends. The SSL selection section has mysteriously disappeared and I can find no reason for this to behavior. According to the documentation, sections which are irrelevant or which should be included elsewhere should not appear. However, the SSL selection section appears nowhere.

Is this a bug, feature, or user error?

I can see the SSL certs previously selected when the section was active:

frontend fe_wan-merged
	bind			1.2.3.4:80 name 1.2.3.4:80   
	bind			1.2.3.4:443 name 1.2.3.4:443   ssl crt-list /var/etc/haproxy/fe_wan.crt_list  
	bind			5.6.7.8:80 name 5.6.7.8:80   
	bind			5.6.7.8:443 name 5.6.7.8:443   ssl crt-list /var/etc/haproxy/fe_wan.crt_list  
	mode			http

johnpoz · Jul 21, 2023, 10:54 PM

@siv do you have ssl offloading selected in the frontend? I see all the certs in the cert manager in the dropdown

siv · Jul 21, 2023, 11:05 PM

@johnpoz Thank you for the reply.

Yes, that is one of the sections I saw previously, but it is gone now as well. Everything having to do with SSL is gone along with the shared front-end certificate selector (which permits adding multiple certificates into a list for SNI). It just.. disappeared a few days ago. This happened before I upgraded to 2.7, btw, and the issue persisted post-upgrade.

Yes, I have SSL Offloading enabled on the top-level front-end and shared front-ends:

johnpoz · Jul 21, 2023, 11:14 PM

@siv so you have ssl offloading checked.. But you don't see the ssl offloading section when you scroll down?

What version of haproxy are you using, what version of plex?

edit:
Could you be running some browser thing - like ublock or something that you can hide sections..

if I uncheck ssl offloading then yeah that whole section goes away. Maybe try toggling it off and then back on..

siv · Jul 21, 2023, 11:18 PM

This post is deleted!

siv · Jul 21, 2023, 11:22 PM

@johnpoz

No, I do not see the SSL Offloading section. A few days ago I did see that section as I have used it many times when adding front-ends. I have been using HAProxy on pfSense for several years.

haproxy-devel 0.62_13

Plex? The media server? I am not using it.

No adblockers.

I have toggled SSL Offloading (checkbox) off and on again several times since the issue presented itself. It was among the first things I tried because we all know turning it off an on again is annoyingly good at "fixing" things.

I am stumped, which is why I'm posting here. I appreciate the attention to this issue.

siv · Jul 21, 2023, 11:29 PM

@johnpoz

Oh. I tried a different browser and now I can see the SSL sections. Apparently this is a new Firefox issue. I did not realize the browser could have an effect on the content presented by pfSense UI. Fascinating.

Thank you for sharing brains and mentioning browsers. That got me unstuck. Cheers.

johnpoz · Jul 21, 2023, 11:36 PM

@siv I am using firefox and not having any issues. I believe I am on the latest 115.02

edit: plex -- hahaha sorry, plex on the brain I guess, multitasking sorry - I meant pfsense ;)

siv · Jul 21, 2023, 11:39 PM

@johnpoz Do you have any extensions installed? I am on FF 115, which is the latest on Release channel. I disabled all the adblock extensions and deleted all cookies/cache for the domain in which the pfSense instance lives. SSL sections still do not show up.

johnpoz · Jul 21, 2023, 11:43 PM

@siv yeah I use ublock origin.. but my pfsense domain it is disabled on. There are no ads on the pfsense web gui ;)

I have some other addons, but none of which would have anything to do with blocking any sort of elements of a website.

siv · Jul 21, 2023, 11:45 PM

@johnpoz I'm just going to call it gremlins because I don't have time to fiddle with it right now. Thank you for the help. Hopefully I can get FF working with the HAProxy UI again, but at least Ungoogled Chromium works.

johnpoz · Jul 21, 2023, 11:47 PM

@siv well if you fiddle with it and want to compare settings in privacy or anything.. Wonder if you load firefox in safe mode if works then? Or try another profile in FF.

But to be clear your on 115.02 right, that is current..

siv · Jul 22, 2023, 12:11 AM

@johnpoz I'm on Release Channel. According to the FF changelog that version is 115.0. You seem to be on a point build ahead of me somehow.

Whenever I get around to fiddling with it I'll be sure to post back here.

siv · Jul 22, 2023, 2:49 AM

How do I get a mod to prefix the post topic with "[Solved, browser issue] " ?

Also why is this being flagged as spam by Akismet.com ? lmao

johnpoz · Jul 22, 2023, 2:56 AM

@siv I can do that.

I am not on a point release.

https://www.mozilla.org/en-US/firefox/115.0.2/releasenotes/
Version 115.0.2, first offered to Release channel users on July 11, 2023

If you just go to about on your firefox it should update to 0.2

If you go here - it downloads "Firefox Setup 115.0.2.exe"

https://www.mozilla.org/en-US/firefox/all/#product-desktop-release