[23.7.2] HAProxy doesn't start after update from 23.7.1

[fizykpl]

Hi All,

After many, many years with ubiquiti edge series I became a proud owner of virtualized OPNsense.
This software just rocks!

Yet after couple of weeks I did an update to 23.7.2 from 23.7.1 and HAProxy stopped working.
I have followed pinned tutorial from this forum, which gave me 100% of what I needed to have (local only accessed https services).

Error states:

Code Select Expand

/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy

There are no other messages in any logs, I digged through /var/log entirely.

When I check the syntax of config file - everything is great, no issues reported.
During update I saw that os-haproxy updated from 4.0 to 4.1, and haproxy26 updated to 2.6.15 from 2.6.10 (I think it was this version). Is there any way to fix it? I tried opnsense-revert, but it just reinstalls current - newest versions.

All best,
Pawel

[newsense]

Seems to be a similar report, so you could chime in there. If not you can open an issue as well

https://github.com/opnsense/plugins/issues/3562

[fizykpl]

Hi! Thanks for answer.

I saw this on GitHub, yet my problem is different. As I mentioned, I have followed tutorial pinned in this forum. This involved creating virtual IP, changing default listening ports etc. Also, everything was working perfect, until upgrade to 23.7.2 :(
I would gladly revert to previous version, but don't know how. I don't really understand docs for opnsense-revert, and there is no --help for the command :(

[newsense]

Try this

Code Select Expand

opnsense-revert -r 23.7.1_3 os-haproxy haproxy26

[fizykpl]

Still the same, no errors, just info that it couldn't start.
Command you provided downgrades haproxy26, but not os-haproxy - this remains at version 4.1.

[newsense]

The command is correct, it's just that os-haproxy didn't change else it would have been downgraded as well.

https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/MINT/23.7.1_3/latest/All/os-haproxy-4.1.pkg

Try rebooting, might be required, or add opnsense to the command...unsure where the actual issue needs to be fixed.

If it's not working after reboot it's probably best to upgrade haproxy and only revert opnsense

[fizykpl]

Thank you for all suggestions. Did all of them, unfortunately problem persists. It's really weird as there is no error, just report about failure to start. Nightmare to troubleshoot.

I tired to clean haproxy.conf file, in a way to uninstall haproxy, then remove files from /usr/local/etc/haproxy and /usr/local/etc/haproxy.conf and staging, but after reinstalling all configuration appeared again. Any idea where I could purge those files, so I can start from scratch?

[fizykpl]

OK, time for little update.

I was finally able to start again HAProxy. I had to erase all HAProxy info from /conf/config.xml file.

Now I have to enter everything again.

I suppose that it would be nic if we had a purge plugin option in the menu, messing with xml file where config to everything is stored is pretty dangerous.

[franco]

I suppose it's a bug with the plugin doing an on-fatal invalid configuration (if it wasn't due to DNS which seems more likely). Reporting these things to the maintainer on GitHub is often better than purgin the config and wishing someone else would have addressed it. ;)


Cheers,
Franco

[fizykpl]

After putting configuration it stopped working again, I have once again purged the config, reverted to previous version and try to put config again. I will put my findings on github too, don't worry :)

EDIT -------------

OK, I figured it out:

for some reason HAProxy was dying when I set https_frontend to virtual IP, after setting it to localhost everything works like a charm. I don't know if this is a bug of HAProxy or a bug of OPNSense, as the config was working flawlessly on previous version. I will post this finding in HAProxy github.

Anyways thank you for helping.