Hello,
upon further investigation, i guess ha-proxy-portal cannot connect to
127.0.0.1:80
Jan 30 11:25:42 srv-wlan haproxy[26179]: backend 192.168.220.1-backend
has no server available!
Jan 30 11:25:51 srv-wlan haproxy[26179]: 192.168.220.27:51630
[30/Jan/2019:11:25:48.287] portal-http-192.168.220.1 proxy/<NOSRV>
0/0/-1/-1/3005 503 212 - - SC-- 3/1/0/0/3 0/0 "GET XXXX HTTP/1.1"
some strace:
connect(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
epoll_wait(3, [], 200, 0) = 0
connect(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
recvfrom(15, NULL, 2147483647, MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL,
NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
setsockopt(15, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
close(15) = 0
but process is running, as seen from curl or netstat:
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
26313/httpd
i only see my curl in tail -f /usr/local/pf/logs/httpd.portal.access
no stuff from the network.
thanks for your time
On 30.01.2019 11:09, Uli Schellhaas wrote:
Hello Fabrice,
and thanks for your reply, i tracked the nonworking part down to:
there is no portal http instance on https://127.0.01:443
what did i do to have it be gone ? i dont know, i did not reconfigure
anything. I think it may have been the first reboot after updates
which caused that.
/usr/local/pf/var/conf/haproxy-portal.conf
backend 192.168.220.1-backend
server 127.0.0.1 127.0.0.1:80 check
curl http://127.0.0.1:80
<title>302 Found</title>
<p>The document has moved <a href="https://127.0.0.1/";>here</a>.</p>
curl https://127.0.0.1
curl: (7) Failed connect to 127.0.0.1:443; Connection refused
netstat -anp | grep 443
tcp 0 0 192.168.220.1:443 0.0.0.0:*
LISTEN 8206/haproxy
tcp 0 0 10.119.0.40:1443 0.0.0.0:*
LISTEN 8511/httpd
What did i try to solve it ? I just switched portal off on management
interface, (switched it back on later)
then i did alot of service restarts and reboots.
Question remains: Why would there be some redirect on
http://127.0.0.1:80 to https then ? Where is the error ?
i guess this block in the config is not fitting ? (as there is no
https://127.0.0.1:443 daemon listening )
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/access.* [NC]
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTP:X-Forwarded-For-PacketFence} =""
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
thanks for any insights on why it stopped working
On 30.01.2019 04:11, Durand fabrice via PacketFence-users wrote:
Hello Uli,
it's like the inline enforcement work.
Define a management interface and a inline interface and set the dns
to something like 8.8.8.8.
When a device will be in the inline vlan and if the device is unreg
then it will be forwarded to the captive portal.
Regards
Fabrice
Le 19-01-29 à 04 h 00, Uli Schellhaas via PacketFence-users a écrit :
Hello,
i wanted to know where i can configure a http redirect to the
captive portal, in case any unauthenticated user(his device) surf's
to my inlinel2 interface Port80
Also, is there a option, possibly within dhcp reply, to have Clients
know where they need to authenticate ?
Thanks for replies!
greetings
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Uli Schellhaas
Department IT and Technics
Tel: +49 (0) 6151 - 869 – 395
Hotline: +49 (0) 6151 - 869 – 111
Supportmail: [email protected]
In our service catalog <https://servicekatalog.fraunhofer.de/> you
will find all the offers of the infrastructure departments of the SIT
and the central services of the FhG.
--
Uli Schellhaas
Department IT and Technics
Tel: +49 (0) 6151 - 869 – 395
Hotline: +49 (0) 6151 - 869 – 111
Supportmail: [email protected]
In our service catalog <https://servicekatalog.fraunhofer.de/> you will
find all the offers of the infrastructure departments of the SIT and the
central services of the FhG.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
