OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • haproxy stops working 17.7.12
« previous next »
  • Print
Pages: [1]

Author Topic: haproxy stops working 17.7.12  (Read 4472 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
haproxy stops working 17.7.12
« on: January 27, 2018, 11:44:07 pm »
Dear all,
we had the haproxy for multiple http/https. however after we update the box to 17.7.12 we have noticed the https web servers are not working over the internet.
i have checked the value and everything is still there but the interface is a bit different as before.
somehow we can't get the haproxy started.
when i try to start it using the command line
version of haproxy is 2.2
`
Code: [Select]
``
root@firewall:~ # service haproxy restart
haproxy not running? (check /var/run/haproxy.pid).
[ALERT] 026/234026 (48491) : parsing [/usr/local/etc/haproxy.conf:59] : 'tcp-request content accept' : error detected in frontend '443' while parsing 'if' condition : no such ACL : '{req_ssl_hello_type'
[ALERT] 026/234026 (48491) : parsing [/usr/local/etc/haproxy.conf:62] : unknown keyword 'tcp_request' in 'frontend' section
[ALERT] 026/234026 (48491) : Error(s) found in configuration file : /usr/local/etc/haproxy.conf
[ALERT] 026/234026 (48491) : Fatal errors found in configuration.
/usr/local/etc/rc.d/haproxy: WARNING: failed precmd routine for haproxy
root@firewall:~ #

Code: [Select]
HAProxy config contains critical errors
[ALERT] 027/000844 (7147) : parsing [/usr/local/etc/haproxy.conf:59] : 'tcp-request content accept' : error detected in frontend '443' while parsing 'if' condition : no such ACL : '{req_ssl_hello_type'
[ALERT] 027/000844 (7147) : parsing [/usr/local/etc/haproxy.conf:62] : unknown keyword 'tcp_request' in 'frontend' section
[ALERT] 027/000844 (7147) : Error(s) found in configuration file : /usr/local/etc/haproxy.conf
[ALERT] 027/000844 (7147) : Fatal errors found in configuration.

« Last Edit: January 28, 2018, 12:09:27 am by Julien »
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: haproxy stops working 17.7.12
« Reply #1 on: January 28, 2018, 12:10:48 am »
I made a ticket for that and assigned it to the maintainer:
https://github.com/opnsense/plugins/issues/526
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: haproxy stops working 17.7.12
« Reply #2 on: January 28, 2018, 01:03:18 am »
Quote from: fabian on January 28, 2018, 12:10:48 am
I made a ticket for that and assigned it to the maintainer:
https://github.com/opnsense/plugins/issues/526

Thank you Fabian,
i managed to fix this issue now.
the syntax were changed after the update.
i am using a manul rules, before the updates the option pass-though was "tcp-request inspect-delay 5s" after the updates its changes ti "tcp_request inspect-delay 5s".
the _ broke the haproxy to start.

also the second syntax was " tcp-request content accept if { req_ssl_hello_type 1 }" after the update become " tcp_request content accept if {req_ssl_hello_type 1 }
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Re: haproxy stops working 17.7.12
« Reply #3 on: January 28, 2018, 01:14:22 am »
Quote from: Julien on January 28, 2018, 01:03:18 am
the syntax were changed after the update.
i am using a manul rules, before the updates the option pass-though was "tcp-request inspect-delay 5s" after the updates its changes ti "tcp_request inspect-delay 5s".
the _ broke the haproxy to start.

I'm pretty sure this was not caused by the (OPNsense/HAProxy) update. There is no code in the plugin that would change custom rules.


Regards
- Frank
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: haproxy stops working 17.7.12
« Reply #4 on: January 28, 2018, 01:33:43 am »
Quote from: fraenki on January 28, 2018, 01:14:22 am
Quote from: Julien on January 28, 2018, 01:03:18 am
the syntax were changed after the update.
i am using a manul rules, before the updates the option pass-though was "tcp-request inspect-delay 5s" after the updates its changes ti "tcp_request inspect-delay 5s".
the _ broke the haproxy to start.

I'm pretty sure this was not caused by the (OPNsense/HAProxy) update. There is no code in the plugin that would change custom rules.


Regards
- Frank

Hi Fraenki thank you for the answer,
maybe the update won't affect haproxy if there is not syntax on the option pass-through ?
tomorrow i will update one box i have which is not using a syntax and report back.
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Re: haproxy stops working 17.7.12
« Reply #5 on: January 28, 2018, 04:58:59 pm »
Quote from: Julien on January 28, 2018, 01:33:43 am
tomorrow i will update one box i have which is not using a syntax and report back.

It would be good if you take a backup of your config.xml before attempting the update. This way we will be able to compare it after the update was successful. If there is any update/migration issue, this would reveal it.


Regards
- Frank
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • haproxy stops working 17.7.12
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2