502 Bad Gateway (nginx) after Update to 2.3
-
@marjohn56:
Try patch 2c131b1.
Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.
Exactly the same error, so indeed not for 2.4.2. I'll do the changes manually :)
-
@marjohn56:
Try patch 2c131b1.
Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.
I am getting patch fetch failed when I try this
-
Works fine for me, just re-entered that I'd and fetched it again, no problem.
-
@marjohn56:
Works fine for me, just re-entered that I'd and fetched it again, no problem.
Does this look right?
-
Strange I get a different ID.
Try the full ID 2c131b10b25db593331048d4f2b28fbf9bf5662e
-
That fails as well
here is what is in the logDec 5 16:46:00 php-fpm 70317 /system_patches.php: Download file failed with status code 0\. URL: https://github.com/pfsense/pfsense/commit/2c131b10b25db593331048d4f2b28fbf9bf5662e.patch -
This is silly. ???
Here's the full URL that I have just used.
https://github.com/pfsense/pfsense/commit/2c131b1.patch
-
will not fetch that one either. This is weird
-
BeerCan, can you get into https://github.com
If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.
-
BeerCan, can you get into https://github.com
If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.
I can't get in with FF or chrome
-
Even stranger… :)
I think this is one for the Netgate developers to answer, as they maintain it.
-
I don t think netgate maintains the github.com certificates.
It sounds to me like like a invasive proxy with ssl bump.Edit:
Or perhaps pfBlocker dnsblock list that redirects to a pfSense hosted site for tracking blocking statistics.. -
It works fine for me though, and others apparently, it's only BeerCan who is having an issue I think.
PiBa, can you try and fetch the patch, see if it's working for you?
To be honest, I only have to click on the link I posted yesterday and I can see the patch.
I did not think that netgate maintains the Github certs, just the pfsense repository, it's just that maybe they may have an idea what's causing the issue.
I've just checked Github's cert and it reports it as OK on my system.
-
Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.
So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.
-
Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.
So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.
Thank you sir. I think you are correct on the likely cause.
-
So I turned unbound off and went back to dnsmasq and github worked. So I went back and turned unbound back on and no github.
So I ran this cmd
that looks like my pfblocker address. Problem is pfblocker has been off during all this
-
Are you sure the "Enable DNSBL" box is also disabled? (not only the "Enable pfBlockerNG")
-
Are you sure the "Enable DNSBL" box is also disabled? (not only the "Enable pfBlockerNG")
OK I went through all of the feeds and it is dansguardian that is blocking the patch system (I xx out my uid)
https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=8&list=dansguardianfound this blocks it as well https://malc0de.com/bl/BOOT
Do others have this enabled and are able to attach to the patch system?
-
2.4.2; haproxy ; cluster
main - patch installed from this thread ; backup -not installed ;
bot are behave, with patch seems a bit better (but I'm not sure), but actively using web management, cause a problem, an early evidence, it cant sync HA config, starting throwing sync errors , then everything collapsed ….so far my understanding since my use of pfsense version 1 ( 2009 i think) , any add-on installed , caused a potential instability ... you may get lucky it works well, or it may hang after a couple month of usage ....
so far are great product , but adding some add-on .... think twice .... that sad ...
-
also i have problem in 2.4.2-RELEASE (amd64). patch not working. also i tried do it by manual lines was different. is anybody have this problem in 2.4.2?