HEADS UP: lighttpd replaced by nginx on 2.3


  • Rebel Alliance Developer Netgate

    tl;dr: We have swapped in nginx for the web sever and removed lighttpd. This is, in all likelihood, the last disruptive change before moving 2.3 to BETA status. This is a new and large change so expect some turbulence, especially on NanoBSD.

    DO NOT USE GITSYNC IF YOU DO NOT HAVE THE NGINX BINARIES YET. Doing so will break your GUI.

    This is a significant binary change, so update using the GUI, option 13 from the console, or using pfSense-upgrade from the shell. Once a 2.3 system has nginx, it will be safe to use gitsync again. For safety, ensure you have WORKING ssh or console (or both) access before updating in case the GUI does not start as expected.

    The base system (Web GUI and CP) are converted. If any packages relied on lighttpd (e.g. pfBlocker), they will need to be adapted as well.

    We have had some issues with lighttpd over the years, such as the XMLRPC sync issues with 2.2.5. Nginx is a better path forward for stability, performance, and adaptability.

    EDIT: There is an issue on NanoBSD where /var/tmp/nginx is missing at boot up. If the GUI does not start, run "mkdir -p /var/tmp/nginx" from a shell prompt and then restart the GUI from the console menu. A fix has been committed, the next new snapshot should behave properly on NanoBSD.



  • I guess there is a build running now?

    So far I don't see any update available, currently I have on my APU:
    2.3-ALPHA (amd64)
    built on Mon Jan 04 13:29:40 CST 2016
    FreeBSD 10.2-STABLE

    and it says "You are on the latest version."


  • Rebel Alliance Developer Netgate

    Hmm all of mine updated OK to a snap from this morning (including my APU) – you might give the pkg data a nudge: pkg update -f


  • Developer Netgate

    Same here. All updated OK.



  • updated to 2.3.a.20160105.0524 and my pfsense broken , i dont know whats happens , bcuz i not in my home ( i updated from gui ) .

    >>> Unlocking package pfSense-kernel-pfSense... done.
    >>> Downloading upgrade packages...
    Checking for upgrades (5 candidates): ..... done
    Processing candidates (5 candidates): ..... done
    The following 5 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-repo-devel: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-rc: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-kernel-pfSense: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-default-config: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-base: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    
    The operation will free 21 KiB.
    41 MiB to be downloaded.
    Fetching pfSense-repo-devel-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-rc-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-kernel-pfSense-2.3.a.20160105.0524.txz: .......... done
    Fetching pfSense-default-config-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-base-2.3.a.20160105.0524.txz: .......... done
    Checking integrity... done (0 conflicting)
    >>> Upgrading pfSense kernel... 
    Checking integrity... done (0 conflicting)
    The following 2 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-kernel-pfSense: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-rc: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    
    The operation will free 33 B.
    [1/2] Upgrading pfSense-rc from 2.3.a.20160104.2246 to 2.3.a.20160105.0524...
    [1/2] Extracting pfSense-rc-2.3.a.20160105.0524: . done
    [2/2] Upgrading pfSense-kernel-pfSense from 2.3.a.20160104.2246 to 2.3.a.20160105.0524...
    ===> Keeping a copy of current kernel in /boot/kernel.old
    [2/2] Extracting pfSense-kernel-pfSense-2.3.a.20160105.0524: .......... done
    Upgrade is complete.  Rebooting in 10 seconds.
    >>> Locking package pfSense-kernel-pfSense... done.
    Success
    
    

  • Administrator

    @whitexp:

    updated to 2.3.a.20160105.0524 and my pfsense broken , i dont know whats happens , bcuz i not in my home ( i updated from gui ) .

    >>> Unlocking package pfSense-kernel-pfSense... done.
    >>> Downloading upgrade packages...
    Checking for upgrades (5 candidates): ..... done
    Processing candidates (5 candidates): ..... done
    The following 5 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-repo-devel: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-rc: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-kernel-pfSense: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-default-config: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-base: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    
    The operation will free 21 KiB.
    41 MiB to be downloaded.
    Fetching pfSense-repo-devel-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-rc-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-kernel-pfSense-2.3.a.20160105.0524.txz: .......... done
    Fetching pfSense-default-config-2.3.a.20160105.0524.txz: . done
    Fetching pfSense-base-2.3.a.20160105.0524.txz: .......... done
    Checking integrity... done (0 conflicting)
    >>> Upgrading pfSense kernel... 
    Checking integrity... done (0 conflicting)
    The following 2 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense-kernel-pfSense: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    	pfSense-rc: 2.3.a.20160104.2246 -> 2.3.a.20160105.0524 [pfSense-core]
    
    The operation will free 33 B.
    [1/2] Upgrading pfSense-rc from 2.3.a.20160104.2246 to 2.3.a.20160105.0524...
    [1/2] Extracting pfSense-rc-2.3.a.20160105.0524: . done
    [2/2] Upgrading pfSense-kernel-pfSense from 2.3.a.20160104.2246 to 2.3.a.20160105.0524...
    ===> Keeping a copy of current kernel in /boot/kernel.old
    [2/2] Extracting pfSense-kernel-pfSense-2.3.a.20160105.0524: .......... done
    Upgrade is complete.  Rebooting in 10 seconds.
    >>> Locking package pfSense-kernel-pfSense... done.
    Success
    
    

    Looks like only one of 2 repos got metadata updated, can you run a new upgrade using console option 13 and see if it fixes the issues? I'll check script and add more seatbelts to prevent situations like this in the future



  • upgrade to ngix went smooth on my old p4.



  • Upgrade on my lab pfsense running on ESXi 5.5 went smooth.



  • Great, so i hope we can use the build-in nginx as reverse proxy and don't need the squid3 package?


  • Rebel Alliance Developer Netgate

    @Valex:

    Great, so i hope we can use the build-in nginx as reverse proxy and don't need the squid3 package?

    Eventually that is the plan, yes. We're looking at Ledge.

    It's a reverse proxy only though, so there is still a use case for squid as a forward proxy unless someone can whip up a client/forward proxy that works directly in nginx.


Log in to reply