Cannot access webGui



  • Running pfSense 1.2.3, but it's not listening on port 80 or 443. Rebooting the system does not work; viewing the console while it comes up shows "Starting webConfigurator…failed!"

      WAN*                     ->	em0	->	xxx.xxx.154.21(DHCP)
      LAN*                     ->	em1	->	10.6.0.2
    

    I can SSH in over the LAN interface and access the console. Dropping to a shell and running netstat -natl shows it isn't listening for web traffic. Checking /var/log/lighttpd.error.log shows it's full of:

    2014-02-13 08:34:43: (mod_fastcgi.c.1742) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-2 
    2014-02-13 08:34:43: (mod_fastcgi.c.2943) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 2 
    2014-02-13 08:34:43: (mod_fastcgi.c.1742) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-1 
    2014-02-13 08:34:43: (mod_fastcgi.c.2943) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 1 load: 2 
    2014-02-13 08:34:49: (mod_fastcgi.c.2756) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-2 
    2014-02-13 08:34:49: (mod_fastcgi.c.2756) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-1
    

    and /var/log/lighttpd.log seems to be binary except for one instance of "CLOG".

    The killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui does not work, nor does resetting the LAN ip. If anybody has some insight for this problem or if I'm missing any pertinent details, please let me know. Thanks!

    EDIT: Resetting the webConfigurator password THEN resetting the LAN IP THEN killall…restart_webguishows it listening on port 80 and I can access the webConfigurator again.

    HOWEVER: Changing it back to HTTPS immediately brings everything crashing back down. Since this first started happening when I renewed the SSL certificate, I can only assume there's a problem with it even though everything checks out both in openssl, the company through which I got the cert, and the webConfigurator itself.

    I did make the csr with a 4096 bit key, that's the only non-default option I can think of. Maybe that's too much for this version of pfSense? Otherwise, in order to get the webConfigurator to accept the cert, I had to change the key header/footer to include "RSA" (-----BEGIN RSA PRIVATE KEY-----).



  • Hmmm - I did use a 1.2.3 system somewhere close to the turn of the last millenium  ;) I suspect most people have forgotten what features/limits were in 1.2.3. Why not upgrade and see what happens? (said by the network manager from hell)
    Anyway,

    and /var/log/lighttpd.log seems to be binary except for one instance of "CLOG"

    Use the "clog" utility to view circular logs:

    clog /var/log/lighttpd.log
    


  • Thanks for the reply!

    I'd think about updating but I've inherited this thing from a long chain of people who never touched it because it "just worked" and now nobody knows what the hell is going on. I'm loathe to just wing it since this is a "production" service and taking it down is really going to tick people off.

    As for clog:```
    clog /var/log/lighttpd.log