Messages

1

Tutorials and FAQs / Re: Tutorial: OPNsense, HAProxy, Let's Encrypt, Wildcard Certs, 100% A+ SSLLabs

« on: August 26, 2023, 11:21:50 pm »

1. You dont need to use virtual IP's.
2. Use map files {Advanced --> Map files}

1. You dont need to use virtual IP's.
I totally get your point! This makes indeed sense but I think only if you have a static WAN IP.
As it would break the access from internal networks to the external URLs "service.subdomain.mydomain.tld" if one enabled that access using DNS rewrite rules. I am not aware of a way to rewrite DNS entries in Unbound to the WAN interface address.

With NAT reflection your way of setting this up can of course work.


2. Use map files {Advanced --> Map files}
I haven't used those yet but looks very promising!
This really makes sense in a big environment with lots of subdomains.
Thank you for pointing this out! I will add it to the FAQ. 

Hey there and thank you so, so much for this great tutorial! It gave me exactly what I needed!

Yet there is a reason why I'm quoting this particular post.

Configuration made basing on your tutorial was working flawlessly on version 23.7.1 (os-haproxy 4.0, haproxy26 2.6.14), but after update to 23.7.2 and haproxy26 2.6.15 HAProxy service was failing to start.

I followed sorano's suggestion to not use virtual ip and bingo! That was it (it took me hours to find out where the issue is, as there were no message in logs - just a startup failure of HAProxy).

Maybe it would be good to add adnotation or a second way to configure HTTPS_frontend?

I can confirm that it works flawlessly with dynamic WAN ip.

Once again thank you very much and @sorano too

Cheers
Paweł

2

23.7 Legacy Series / Re: [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 26, 2023, 08:56:00 pm »

After putting configuration it stopped working again, I have once again purged the config, reverted to previous version and try to put config again. I will put my findings on github too, don't worry

EDIT -------------

OK, I figured it out:

for some reason HAProxy was dying when I set https_frontend to virtual IP, after setting it to localhost everything works like a charm. I don't know if this is a bug of HAProxy or a bug of OPNSense, as the config was working flawlessly on previous version. I will post this finding in HAProxy github.

Anyways thank you for helping.

3

23.7 Legacy Series / Re: [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 26, 2023, 05:21:00 pm »

OK, time for little update.

I was finally able to start again HAProxy. I had to erase all HAProxy info from /conf/config.xml file.

Now I have to enter everything again.

I suppose that it would be nic if we had a purge plugin option in the menu, messing with xml file where config to everything is stored is pretty dangerous.

4

23.7 Legacy Series / Re: [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 25, 2023, 11:00:32 am »

Thank you for all suggestions. Did all of them, unfortunately problem persists. It's really weird as there is no error, just report about failure to start. Nightmare to troubleshoot.

I tired to clean haproxy.conf file, in a way to uninstall haproxy, then remove files from /usr/local/etc/haproxy and /usr/local/etc/haproxy.conf and staging, but after reinstalling all configuration appeared again. Any idea where I could purge those files, so I can start from scratch?

5

23.7 Legacy Series / Re: [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 25, 2023, 03:41:38 am »

Still the same, no errors, just info that it couldn't start.
Command you provided downgrades haproxy26, but not os-haproxy - this remains at version 4.1.

6

23.7 Legacy Series / Re: [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 25, 2023, 03:11:13 am »

Hi! Thanks for answer.

I saw this on GitHub, yet my problem is different. As I mentioned, I have followed tutorial pinned in this forum. This involved creating virtual IP, changing default listening ports etc. Also, everything was working perfect, until upgrade to 23.7.2
I would gladly revert to previous version, but don't know how. I don't really understand docs for opnsense-revert, and there is no --help for the command

7

23.7 Legacy Series / [23.7.2] HAProxy doesn't start after update from 23.7.1

« on: August 25, 2023, 01:17:29 am »

Hi All,

After many, many years with ubiquiti edge series I became a proud owner of virtualized OPNsense.
This software just rocks!

Yet after couple of weeks I did an update to 23.7.2 from 23.7.1 and HAProxy stopped working.
I have followed pinned tutorial from this forum, which gave me 100% of what I needed to have (local only accessed https services).

 Error states:

Code: [Select]

/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
There are no other messages in any logs, I digged through /var/log entirely.

When I check the syntax of config file - everything is great, no issues reported.
During update I saw that os-haproxy updated from 4.0 to 4.1, and haproxy26 updated to 2.6.15 from 2.6.10 (I think it was this version). Is there any way to fix it? I tried opnsense-revert, but it just reinstalls current - newest versions.

All best,
Pawel