Bug #14733
closed
CARP Master before HA Proxy is started
Added by Christopher de Haas about 1 year ago.
Updated about 1 year ago.
Affected Plus Version:
23.05.1
Affected Architecture:
All
Description
Pfsense becomes CARP master before HA proxy is started. This is a significant problem and causes unneeded outages. When the router is master and HA proxy is started, the pfsense WebUI is served instead.
Optimally, CARP master should be triggered before all services have started.
It would also be a great improvement if we could limit the interfaces which the WebUI is bound to. At least we could prevent the pfsense WebUI from being returned (with invalid certificate warnings) to users in this scenario.
- Project changed from pfSense Plus to pfSense Packages
- Category changed from High Availability to haproxy
- Status changed from New to Not a Bug
- Release Notes deleted (
Default)
Sounds like you have something misconfigured. You are trying to bind two things to the same port on the same address (the GUI binds to all IP addresses), which is a conflict.
Move the GUI to another port or run HAProxy on another port and setup port forwards to direct traffic as needed.
Either way it is not a bug.
Hi Jim,
Thanks for the quick response and suggestion. Changing the WebUI port makes sense to get rid of the conflict. Users are now not served the WebUI with an invalid certificate which is an improvement. However, it is still the case that the pfsense host becomes CARP master before haproxy is started. While it now results in a connection timeout it is still problematic, and I would argue it is a bug?
I found this, https://redmine.pfsense.org/issues/2218, but that fix was in 23.05.01 which is the version I am testing on.
Also available in: Atom
PDF