Fixed: After upgrade Web GUI only available if I stop ha_proxy

[ddt3]

I was running 23.x just fine but have an issue after upgrading to 24.1 (and 24.1.1) the OPNsense webgui cannot be reached. Even when using the ip-address of the OPNsense LAN interface I cannot reach the webgui but end up on my public webserver.

I found out that when I stop ha_proxy (using a shell) the web interface is available. The moment I start ha_proxy, it becomes unavailable again. This setup had ran fine before the upgrade to 24.x

Any help / pointers/ questions for more information would be welcome, can't really use OPNsense at the moment.

[ddt3]

My system is headless so I am reluctant to start over (or even downgrade) Can anyone please give me some ideas on where to look?

[Patrick M. Hausen]

Look at the NAT > Port Forward rules. Possibly the one responsible for your public web server is to broadly specified - e.g. floating instead of WAN or similar.

[amichel]

I faced a similar issue and it turned out that after the update to 24.1 haproxy simply was working listening on all IP interfaces for port 443.
That is the only option for me as I am getting a dynamic IP Address on my WAN port so I cannot bind Haproxy to a specific one and had to us e0.0.0.0:443

So the first workaround was to move the admin website to a different port than 443

Then I fixed it by implementing a VIP where I used port forward to redirect all traffic for 443 to a different port on that VIP and then used haproxy to proxy that.

See:
https://github.com/opnsense/plugins/issues/722

Most important thing here was to redirect port 443 in the Nat to a different Port on the VIP for example 40443 and then bind haproxy to that IP/port

[ddt3]

So the first workaround was to move the admin website to a different port than 443

That fixed it! Thank you!

[amichel]

Glad to hear that!