Project

General

Profile

Actions
Copy link

Bug #6484

closed

pfsense 2.3.1_1 does not accept haproxy advanced parameters

Added by Dziugas Bareikis almost 9 years ago. Updated over 8 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
06/13/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.3.1
Affected Plus Version:
Affected Architecture:

Description

Hi!

pfsense 2.3.1_1 does not accept haproxy advanced parameters. I can use redirect in version 2.2.6-RELEASE.

(https://www.haproxy.com/doc/aloha/7.0/haproxy/http_redirection.html)
redirect scheme https if http

Errors found while starting haproxy
[ALERT] 162/120610 (74062) : parsing [/var/etc/haproxy_test/haproxy.cfg:31] : 'bind 192.168.1.1:80' unknown keyword 'redirect'. Registered keywords :
[ SSL] alpn <arg>
[ SSL] ca-file <arg>
[ SSL] ca-ignore-err <arg>
[ SSL] ca-sign-file <arg>
[ SSL] ca-sign-pass <arg>
[ SSL] ciphers <arg>
[ SSL] crl-file <arg>
[ SSL] crt <arg>
[ SSL] crt-ignore-err <arg>
[ SSL] crt-list <arg>
[ SSL] ecdhe <arg>
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] generate-certificates
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] strict-sni
[ SSL] tls-ticket-keys <arg>
[ SSL] verify <arg>
[ SSL] npn <arg>
[ TCP] mss <arg>
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ TCP] defer-accept (not supported)
[ TCP] interface <arg> (not supported)
[STAT] level <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ ALL] process <arg>
[ALERT] 162/120610 (74062) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] 162/120610 (74062) : Fatal errors found in configuration.

Files

PfSenceHaProxy.JPG (87.9 KB) PfSenceHaProxy.JPG this configuration works on 2.2.6, but is unacceptable on 2.3.1_1 Dziugas Bareikis, 06/13/2016 07:15 AM
Actions
Copy link
 #1

Updated by Kill Bill almost 9 years ago

Not enough information here about what are you putting where; the entire generated configuration is available under the Settings tab - click the "Show" button at the very bottom.

Basically you need this:

redirect scheme https if !{ ssl_fc }

See http://www.haproxy.org/download/1.6/doc/configuration.txt; also there's a wiki made by the package maintainer available now: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki

Actions
Copy link
 #3

Updated by Kill Bill almost 9 years ago

Yeah, it just does not belong there at all; put the stuff to "Advanced pass thru".

Actions
Copy link
 #4

Updated by Dziugas Bareikis almost 9 years ago

Thank You.

Actions
Copy link
 #5

Updated by Kill Bill over 8 years ago

OSI layer-8 problem as noted above, can be closed.

Actions
Copy link
 #6

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Rejected
Actions
Copy link

Also available in: Atom PDF