Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
mysterious os-haproxy critical error
« previous
next »
Print
Pages: [
1
]
Author
Topic: mysterious os-haproxy critical error (Read 2655 times)
rnicholus
Newbie
Posts: 4
Karma: 0
mysterious os-haproxy critical error
«
on:
February 16, 2019, 06:40:15 am »
Without changing anything, and only after restarting haproxy, I'm not seeing the following error (it has been running fine for a week or two):
[ALERT] 045/233516 (61176) : parsing [/usr/local/etc/haproxy.conf:40] : 'bind {REDACTED_DOMAIN_NAME}:443' unknown keyword 'rspadd'. Registered keywords :
...
I am now unable to start haproxy, which is causing me some major grief. any idea what this means? google brings up nothing
Logged
rnicholus
Newbie
Posts: 4
Karma: 0
Re: mysterious os-haproxy critical error
«
Reply #1 on:
February 16, 2019, 07:06:35 am »
no idea why my question posted twice. But i looked into it due to the severity of the issue, and noticed something odd... opnsense has mangled the haproxy.conf file. It does this on save/test.
For example, this is what opnsense writes to haproxy.conf for the frontend:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
But that does not appear to be valid haproxy config. It's jamming the rspadd in the middle of the ssl directive. When I hand edited haproxy.conf to this, everything worked again:
frontend cloud
bind {DOMAIN_REDACTED_1}:443 name {DOMAIN_REDACTED_1}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
bind {DOMAIN_REDACTED_2}:443 name {DOMAIN_REDACTED_2}:443 ssl crt-list /tmp/haproxy/ssl/{CERTLIST_PATH_REDACTED}
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
Logged
rnicholus
Newbie
Posts: 4
Karma: 0
Re: mysterious os-haproxy critical error
«
Reply #2 on:
April 25, 2019, 03:29:14 pm »
Hello? is anyone maintaining this package?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
mysterious os-haproxy critical error