Re: [PacketFence-users] Convert Cluster to Standalone

[Talan Westby via PacketFence-users]

Hi Nicolas,

Sure, we're on the latest 10.3.

HA Proxy Admin Config:

# This file is generated from a template at 
/usr/local/pf/conf/haproxy-admin.conf
# Any changes made to this file will be lost on restart

# Copyright (C) Inverse inc.
global
  external-check
  user haproxy
        group haproxy
        daemon
        pidfile /usr/local/pf/var/run/haproxy-admin.pid
        log /dev/log local0
        stats socket /usr/local/pf/var/run/haproxy-admin.stats level admin 
process 1
        maxconn 4000
        #Followup of https://github.com/inverse-inc/packetfence/pull/893
        #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: 
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate
        #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 
1, Windows XP IE8, Android 2.3, Java 7
        tune.ssl.default-dh-param 2048
        ssl-default-bind-ciphers 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
        ssl-default-bind-options no-sslv3 no-tls-tickets
        ssl-default-server-ciphers 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:D$
        ssl-default-server-options no-sslv3 no-tls-tickets
        #OLD SSL CONFIGURATION. IF RC4 is required or if you must support 
clients older then the precendent list, comment all the block between this 
comment and the precedent and uncomment the following line
        #ssl-default-bind-ciphers 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA25$
        lua-load /usr/local/pf/var/conf/passthrough_admin.lua

listen stats
  bind  192.168.221.71:1027
  mode http
 timeout connect 10s
  timeout client 1m
  timeout server 1m
  stats enable
  stats uri /stats
  stats realm HAProxy\ Statistics
  stats auth admin:packetfence


defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000

backend static
    option httpclose
    option http_proxy
    option forwardfor
    http-request set-uri 
http://127.0.0.1:8891%[path]?%[query<http://127.0.0.1:8891%25[path]?%25[query>]

backend api
        balance source
        option httpclose
        option forwardfor
        errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
        errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
        server 127.0.0.1 127.0.0.1:9999 weight 1 maxconn 100 check  ssl verify 
none


frontend admin-https-192.168.221.71
        bind 192.168.221.71:1443 ssl no-sslv3 crt 
/usr/local/pf/conf/ssl/server.pem
        errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
        errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
        capture request header Host len 40
        reqadd X-Forwarded-Proto:\ https
        http-request lua.change_host
        acl host_exist var(req.host) -m found
        http-request set-header Host %[var(req.host)] if host_exist
        http-response set-header X-Frame-Options SAMEORIGIN
        http-request lua.admin
        use_backend %[var(req.action)]
        http-request redirect location /admin if { lua.redirect 1 }
        default_backend static

backend 127.0.0.1-netdata
        option httpclose
        option http_proxy
        option forwardfor
        errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
        errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
        acl paramsquery query -m found
        http-request lua.admin
        http-request set-uri http://127.0.0.1:19999%[var(req.path)]?%[query] if 
paramsquery
        http-request set-uri http://127.0.0.1:19999%[var(req.path)] unless 
paramsquery



backend 127.0.0.1-api
        balance source
        option httpclose
        option forwardfor
        http-response set-header X-Frame-Options SAMEORIGIN
        errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
        errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
        server 127.0.0.1 127.0.0.1:9999 weight 1 maxconn 100 ssl verify none


backend 192.168.221.71-portal
        option httpclose
        option http_proxy
        option forwardfor
        acl paramsquery query -m found
        http-request set-header Host 127.0.0.1
        http-request lua.admin
        reqadd X-Forwarded-For-Packetfence:\ 127.0.0.1
        http-request set-uri http://127.0.0.1:8890%[var(req.path)]?%[query] if 
paramsquery
        http-request set-uri http://127.0.0.1:8890%[var(req.path)] unless 
paramsquery


HTTP Admin Dispatcher

# Copyright (C) Inverse inc.
:8890 {
    logger {
    level INFO
  }
  httpdportalpreview
}

:8891/static {
  root /usr/local/pf/html/pfappserver/root/static
}

:8891/admin/alt {
  root /usr/local/pf/html/pfappserver/root/static.alt/dist
  index index.html
}

LS Outputs
talan@dc-pf:/usr/local/pf/conf/caddy-services$ ls -l 
/usr/local/pf/html/pfappserver/root
total 636
-rw-r--r--  1 pf pf    137 Apr 14 17:02 babel.config.js
drwxr-xr-x  6 pf pf   4096 Jun 23 08:45 dist
drwxr-xr-x  3 pf pf   4096 Jun 23 08:45 doc
drwxr-xr-x  2 pf pf   4096 Jun 23 08:47 errors
drwxr-xr-x  2 pf pf   4096 Jun 23 08:47 interface
-rw-r--r--  1 pf pf    560 Apr 14 17:02 Makefile
-rw-r--r--  1 pf pf   1969 Apr 14 17:02 package.json
-rw-r--r--  1 pf pf 599114 Apr 14 17:02 package-lock.json
drwxr-xr-x  2 pf pf   4096 Jun 23 08:47 public
-rw-r--r--  1 pf pf   4330 Apr 14 17:02 README.md
drwxr-xr-x 12 pf pf   4096 Jun 23 08:47 src
-rw-r--r--  1 pf pf   1288 Apr 14 17:02 vue.config.js

talan@dc-pf:/usr/local/pf/conf/caddy-services$ ls -l 
/usr/local/pf/html/pfappserver/root/dist
total 36
drwxr-xr-x 2 pf pf  4096 Jun 23 08:45 css
-rw-r--r-- 1 pf pf 15086 Apr 14 17:02 favicon.ico
drwxr-xr-x 2 pf pf  4096 Jun 23 08:45 fonts
drwxr-xr-x 2 pf pf  4096 Jun 23 08:45 img
-rw-r--r-- 1 pf pf  2328 Apr 14 17:02 index.html
drwxr-xr-x 2 pf pf  4096 Jun 23 08:45 js

Thanks for your assistance thus far on this.

Regards,
Talan
From: Quiniou-Briand, Nicolas <nquin...@akamai.com>
Sent: 05 July 2021 13:36
To: Talan Westby <talan.wes...@derby-college.ac.uk>; 
packetfence-users@lists.sourceforge.net
Subject: RE: Convert Cluster to Standalone

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Hello Talan,

Could you:
0. packetfence version
1. send me your packetfence-haproxy-admin configuration 
(/usr/local/pf/var/conf/haproxy-admin.conf)
2. send me your httpadmindispatcher configuration (/usr/local/pf/ 
conf/caddy-services/httpadmindispatcher.conf)
3. output of:
* ls -l /usr/local/pf/html/pfappserver/root
* ls -l /usr/local/pf/html/pfappserver/root/dist/

Nicolas Quiniou-Briand
Product Support Engineer
[cid:image001.png@01D771A5.77CFF960]
Office: +33156696210
Akamai Technologies
145 Broadway
Cambridge, MA 02142
Connect with Us:
[cid:image002.jpg@01D771A5.77CFF960]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.akamai.com%2F&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618224679%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UKxpvWwGE%2F9qmnp3FPo7X%2FOBztLCSX%2FYeTggroeDpEw%3D&reserved=0>
 [cid:image003.png@01D771A5.77CFF960] 
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akamai.com%2F&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618234675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=R4v2IC5acpIfIy%2FnoSaLc4npdfE2TP0wF%2BnmU9b6%2FYM%3D&reserved=0>
  [cid:image004.png@01D771A5.77CFF960] 
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fakamai&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618244666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=V6rL17rcFKhD9aS83WcpARzhfHnO6zWn5K4aa9T6NNg%3D&reserved=0>
  [cid:image005.png@01D771A5.77CFF960] 
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FAkamaiTechnologies&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618244666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bBaVHNVMMIVBJ7pVtncYPz6LleFRYwFHrw56UAlQ5uM%3D&reserved=0>
  [cid:image006.png@01D771A5.77CFF960] 
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fakamai-technologies&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618254659%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SHu6wB7jTQA48pIYzR0SUDJrEmrmI717cWkvaUgtrVE%3D&reserved=0>
  [cid:image007.png@01D771A5.77CFF960] 
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618254659%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6PiO829zGQpz0anBupet%2BX8Jz9r7RZHBAkUwcyMK90o%3D&reserved=0>

_____________________________________

This electronic message contains information from Derby College which may be 
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity 
named above.

If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Internet 
communications are not secure and therefore Derby College does not accept legal 
responsibility for the contents of this message. Any views or opinions 
presented are only those of the author and not those of Derby College.

ONLY if you have received this message in error, please email 
d...@derby-college.ac.uk immediately, ensuring that you copy and paste the body 
of this message so that we can respond to your query.
_________________________________________


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users