[PacketFence-users] HAProxy-Portal Errors

Thu, 01 Apr 2021 13:45:41 -0700 

Good morning,

I have a new cluster installed and everything appears to be operating correctly 
except for an error on login to the Admin Interface which states:
PacketFence1.fqdn haproxy haproxy-portal - health
Haproxy_haproxy-portal.health_sdown.haproxy_backend_server_status

When I look at the Status>Cluster>Services area, I do see that HAProxy-Portal 
is checked as enabled and managed on all server, but is not running on 
PacketFence2.fqdn and PacketFence3.fqdn.

***
Here is my cluster.conf:
# Copyright (C) Inverse inc.
# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster section
# Before doing any changes to this file, read the documentation
[CLUSTER]
management_ip=10.10.10.30

[CLUSTER interface ens160]
ip=10.10.10.30

[CLUSTER interface ens192]
ip=10.45.1.1

[CLUSTER interface ens224]
ip=10.45.2.1

[packetfence1.fqdn]
management_ip=10.10.10.31

[packetfence1.fqdn interface ens160]
ip=10.10.10.31

[packetfence1.fqdn interface ens192]
ip=10.45.1.2

[packetfence1.fqdn interface ens224]
ip=10.45.2.2

[packetfence2.fqdn]
management_ip=10.10.10.32

[packetfence2.fqdn interface ens160]
ip=10.10.10.32

[packetfence2.fqdn interface ens192]
ip=10.45.1.3

[packetfence2.fqdn interface ens224]
ip=10.45.2.3

[packetfence3.fqdn]
management_ip=10.10.10.33

[packetfence3.fqdn interface ens160]
ip=10.10.10.33

[packetfence3.fqdn interface ens192]
ip=10.45.1.4

[packetfence3.fqdn interface ens224]
ip=10.45.2.4

***
Here is my HAProxy-Portal.conf
# Copyright (C) Inverse inc.
global
  external-check
  user haproxy
        group haproxy
        daemon
        pidfile %%var_dir%%/run/haproxy-portal.pid
        log /dev/log local0
        stats socket %%var_dir%%/run/haproxy-portal.stats level admin process 1
        maxconn 4000
        #Followup of https://github.com/inverse-inc/packetfence/pull/893
        #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: 
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate
        #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 
1, Windows XP IE8, Android 2.3, Java 7
        tune.ssl.default-dh-param 2048
        ssl-default-bind-ciphers <cert>
        ssl-default-bind-options no-sslv3 no-tls-tickets
        ssl-default-server-ciphers <cert>
        ssl-default-server-options no-sslv3 no-tls-tickets
        #OLD SSL CONFIGURATION. IF RC4 is required or if you must support 
clients older then the precendent list, comment all the block between this 
comment and the precedent and uncomment the following line
        #ssl-default-bind-ciphers <cert>
        lua-load %%conf_dir%%/passthrough.lua

listen stats
  bind  %%management_ip%%:1025
  mode http
  timeout connect 10s
  timeout client 1m
  timeout server 1m
  stats enable
  stats uri /stats
  stats realm HAProxy\ Statistics
  stats auth admin:packetfence


defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
        errorfile 403 %%captiveportal_templates_path%%/rate-limiting.http

backend proxy
    option httpclose
    option http_proxy
    option forwardfor
    # Need to have a proxy listening on localhost port 8888
    acl paramsquery query -m found
    http-request set-uri http://127.0.0.1:8888%[path]?%[query] if paramsquery
    http-request set-uri http://127.0.0.1:8888%[path] unless paramsquery

backend static
    option httpclose
    option http_proxy
    option forwardfor
    http-request set-uri http://127.0.0.1:8889%[path]?%[query]

%%http%%

***
Here is the error message in the haproxy-portal.log
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.1.1 started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.1.1 
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.2.1 started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.2.1 
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-66.70.255.147 
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-66.70.255.147 
started.
Mar 31 11:11:31 packetfence1 haproxy[6242]: backend 10.25.1.1-backend has no 
server available!
Mar 31 11:11:46 packetfence1 haproxy[6242]: backend 10.25.2.1-backend has no 
server available!

I get this error every time I login, and every so often when it does a check. I 
have not tried the captive portal yet from a device yet. But, it does work 
through the admin interface using the Portal_Preview.

I suspect that I'm missing a section from the Load Balancers IP in the 
Configuration>Advanced Access Configuration>Captive Portal section. But, I 
can't find anything in the cluster documentation that would indicate that's how 
it works.

Cheers,
CHRIS



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to