[root@networklogon conf]# haproxy -f /usr/local/pf/var/conf/haproxy.conf
[ALERT] 126/202619 (19690) : parsing
[/usr/local/pf/var/conf/haproxy.conf:110] : 'bind 172.16.230.3:443' :
unable to load SSL private key from PEM file
'/usr/local/pf/conf/ssl/server.pem'.
[ALERT] 126/202619 (19690) : parsing
[/usr/local/pf/var/conf/haproxy.conf:156] : 'bind 172.16.200.3:443' :
unable to load SSL private key from PEM file
'/usr/local/pf/conf/ssl/server.pem'.
[ALERT] 126/202619 (19690) : parsing
[/usr/local/pf/var/conf/haproxy.conf:202] : 'bind 172.16.20.220:443' :
unable to load SSL private key from PEM file
'/usr/local/pf/conf/ssl/server.pem'.
[ALERT] 126/202619 (19690) : Error(s) found in configuration file :
/usr/local/pf/var/conf/haproxy.conf
[WARNING] 126/202619 (19690) : Proxy 'stats': in multi-process mode,
stats will be limited to process assigned to the current request.
[ALERT] 126/202619 (19690) : Proxy 'portal-https-172.16.230.3': no SSL
certificate specified for bind '172.16.230.3:443' at
[/usr/local/pf/var/conf/haproxy.conf:110] (use 'crt').
[ALERT] 126/202619 (19690) : Proxy 'portal-https-172.16.200.3': no SSL
certificate specified for bind '172.16.200.3:443' at
[/usr/local/pf/var/conf/haproxy.conf:156] (use 'crt').
[ALERT] 126/202619 (19690) : Proxy 'portal-https-172.16.20.220': no SSL
certificate specified for bind '172.16.20.220:443' at
[/usr/local/pf/var/conf/haproxy.conf:202] (use 'crt').
[ALERT] 126/202619 (19690) : Fatal errors found in configuration.
Seems like the same error from Hans Johnson.
cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key
> /usr/local/pf/conf/ssl/server.pem
worked for me aswell, seems working now!
Thanks for helping out! If more trouble arises, i'll let you know.
Yours sincerely,
Bebbet
On 7-5-2017 19:55, Durand fabrice wrote:
> Hello Bebbet,
>
> haproxy is in front of the apache portal , so have a look at haproxy and
> restart it.
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-05-07 à 13:30, Bebbet van Dinges a écrit :
>> Hello all,
>>
>> I've done a fresh PF install of 7.0.0. Since then i've got issues trying
>> to reach the portal (status/unreg).
>>
>> I've uncovered that the iptables had no 'hole' to allow the management
>> vlan/interface to reach the input-portal-if chain. Assigning another
>> role to the management interface (additional services: portal) this
>> 'restriction' is gone, and tcpdump shows incoming connections and ack's.
>> Yet there is no service*** enabled on port 80 or 443.
>>
>> Ok, there is a httpd.portal service working but only 127.0.0.1. After
>> some digging my understanding is that in
>> /usr/local/pf/conf/httpd.conf.d/httpd.portal.tt a foreach section
>> exists, that generates the url/ips to listen on. After a little more
>> digging i found sub vhosts in
>> /usr/local/pf/lib/pf/services/manager/httpd_portal.pm.
>>
>> sub vhosts {
>> my ($self) = @_;
>> if ($cluster_enabled) {
>> return
>> [
>> uniq map {
>> defined $_->{'Tvip'} && $_->{'Tvip'} ne '' ?
>> $_->{'Tvip'} : $_->{'Tip'}
>> } @internal_nets, @portal_ints
>> ];
>> } else {
>> return ["127.0.0.1"];
>> }
>> }
>>
>>
>> My setup is not cluster enabled, so the else statement is true, and
>> 127.0.0.1 is the output of vhosts. which in turn only enables the portal
>> on localhost.
>>
>> How do i enable more vhosts, or did i uncover some kind of bug/loophole?
>>
>> Hope to hear soon from you,
>> Your sincerely,
>> Bebbet
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
