Hello Fabrice,
and thanks for your reply, i tracked the nonworking part down to:
there is no portal http instance on https://127.0.01:443
what did i do to have it be gone ? i dont know, i did not reconfigure
anything. I think it may have been the first reboot after updates which
caused that.
/usr/local/pf/var/conf/haproxy-portal.conf
backend 192.168.220.1-backend
server 127.0.0.1 127.0.0.1:80 check
curl http://127.0.0.1:80
<title>302 Found</title>
<p>The document has moved <a href="https://127.0.0.1/";>here</a>.</p>
curl https://127.0.0.1
curl: (7) Failed connect to 127.0.0.1:443; Connection refused
netstat -anp | grep 443
tcp 0 0 192.168.220.1:443 0.0.0.0:*
LISTEN 8206/haproxy
tcp 0 0 10.119.0.40:1443 0.0.0.0:* LISTEN
8511/httpd
What did i try to solve it ? I just switched portal off on management
interface, (switched it back on later)
then i did alot of service restarts and reboots.
Question remains: Why would there be some redirect on
http://127.0.0.1:80 to https then ? Where is the error ?
i guess this block in the config is not fitting ? (as there is no
https://127.0.0.1:443 daemon listening )
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/access.* [NC]
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTP:X-Forwarded-For-PacketFence} =""
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
thanks for any insights on why it stopped working
On 30.01.2019 04:11, Durand fabrice via PacketFence-users wrote:
Hello Uli,
it's like the inline enforcement work.
Define a management interface and a inline interface and set the dns
to something like 8.8.8.8.
When a device will be in the inline vlan and if the device is unreg
then it will be forwarded to the captive portal.
Regards
Fabrice
Le 19-01-29 à 04 h 00, Uli Schellhaas via PacketFence-users a écrit :
Hello,
i wanted to know where i can configure a http redirect to the captive
portal, in case any unauthenticated user(his device) surf's to my
inlinel2 interface Port80
Also, is there a option, possibly within dhcp reply, to have Clients
know where they need to authenticate ?
Thanks for replies!
greetings
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Uli Schellhaas
Department IT and Technics
Tel: +49 (0) 6151 - 869 – 395
Hotline: +49 (0) 6151 - 869 – 111
Supportmail: [email protected]
In our service catalog <https://servicekatalog.fraunhofer.de/> you will
find all the offers of the infrastructure departments of the SIT and the
central services of the FhG.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
