Hi Nicolas,
Sure, we're on the latest 10.3.
HA Proxy Admin Config:
# This file is generated from a template at
/usr/local/pf/conf/haproxy-admin.conf
# Any changes made to this file will be lost on restart
# Copyright (C) Inverse inc.
global
external-check
user haproxy
group haproxy
daemon
pidfile /usr/local/pf/var/run/haproxy-admin.pid
log /dev/log local0
stats socket /usr/local/pf/var/run/haproxy-admin.stats level admin
process 1
maxconn 4000
#Followup of https://github.com/inverse-inc/packetfence/pull/893
#haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC:
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate
#Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari
1, Windows XP IE8, Android 2.3, Java 7
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:D$
ssl-default-server-options no-sslv3 no-tls-tickets
#OLD SSL CONFIGURATION. IF RC4 is required or if you must support
clients older then the precendent list, comment all the block between this
comment and the precedent and uncomment the following line
#ssl-default-bind-ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA25$
lua-load /usr/local/pf/var/conf/passthrough_admin.lua
listen stats
bind 192.168.221.71:1027
mode http
timeout connect 10s
timeout client 1m
timeout server 1m
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:packetfence
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
backend static
option httpclose
option http_proxy
option forwardfor
http-request set-uri
http://127.0.0.1:8891%[path]?%[query<http://127.0.0.1:8891%25[path]?%25[query>]
backend api
balance source
option httpclose
option forwardfor
errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
server 127.0.0.1 127.0.0.1:9999 weight 1 maxconn 100 check ssl verify
none
frontend admin-https-192.168.221.71
bind 192.168.221.71:1443 ssl no-sslv3 crt
/usr/local/pf/conf/ssl/server.pem
errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
capture request header Host len 40
reqadd X-Forwarded-Proto:\ https
http-request lua.change_host
acl host_exist var(req.host) -m found
http-request set-header Host %[var(req.host)] if host_exist
http-response set-header X-Frame-Options SAMEORIGIN
http-request lua.admin
use_backend %[var(req.action)]
http-request redirect location /admin if { lua.redirect 1 }
default_backend static
backend 127.0.0.1-netdata
option httpclose
option http_proxy
option forwardfor
errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
acl paramsquery query -m found
http-request lua.admin
http-request set-uri http://127.0.0.1:19999%[var(req.path)]?%[query] if
paramsquery
http-request set-uri http://127.0.0.1:19999%[var(req.path)] unless
paramsquery
backend 127.0.0.1-api
balance source
option httpclose
option forwardfor
http-response set-header X-Frame-Options SAMEORIGIN
errorfile 502 /usr/local/pf/html/pfappserver/root/errors/502.json.http
errorfile 503 /usr/local/pf/html/pfappserver/root/errors/503.json.http
server 127.0.0.1 127.0.0.1:9999 weight 1 maxconn 100 ssl verify none
backend 192.168.221.71-portal
option httpclose
option http_proxy
option forwardfor
acl paramsquery query -m found
http-request set-header Host 127.0.0.1
http-request lua.admin
reqadd X-Forwarded-For-Packetfence:\ 127.0.0.1
http-request set-uri http://127.0.0.1:8890%[var(req.path)]?%[query] if
paramsquery
http-request set-uri http://127.0.0.1:8890%[var(req.path)] unless
paramsquery
HTTP Admin Dispatcher
# Copyright (C) Inverse inc.
:8890 {
logger {
level INFO
}
httpdportalpreview
}
:8891/static {
root /usr/local/pf/html/pfappserver/root/static
}
:8891/admin/alt {
root /usr/local/pf/html/pfappserver/root/static.alt/dist
index index.html
}
LS Outputs
talan@dc-pf:/usr/local/pf/conf/caddy-services$ ls -l
/usr/local/pf/html/pfappserver/root
total 636
-rw-r--r-- 1 pf pf 137 Apr 14 17:02 babel.config.js
drwxr-xr-x 6 pf pf 4096 Jun 23 08:45 dist
drwxr-xr-x 3 pf pf 4096 Jun 23 08:45 doc
drwxr-xr-x 2 pf pf 4096 Jun 23 08:47 errors
drwxr-xr-x 2 pf pf 4096 Jun 23 08:47 interface
-rw-r--r-- 1 pf pf 560 Apr 14 17:02 Makefile
-rw-r--r-- 1 pf pf 1969 Apr 14 17:02 package.json
-rw-r--r-- 1 pf pf 599114 Apr 14 17:02 package-lock.json
drwxr-xr-x 2 pf pf 4096 Jun 23 08:47 public
-rw-r--r-- 1 pf pf 4330 Apr 14 17:02 README.md
drwxr-xr-x 12 pf pf 4096 Jun 23 08:47 src
-rw-r--r-- 1 pf pf 1288 Apr 14 17:02 vue.config.js
talan@dc-pf:/usr/local/pf/conf/caddy-services$ ls -l
/usr/local/pf/html/pfappserver/root/dist
total 36
drwxr-xr-x 2 pf pf 4096 Jun 23 08:45 css
-rw-r--r-- 1 pf pf 15086 Apr 14 17:02 favicon.ico
drwxr-xr-x 2 pf pf 4096 Jun 23 08:45 fonts
drwxr-xr-x 2 pf pf 4096 Jun 23 08:45 img
-rw-r--r-- 1 pf pf 2328 Apr 14 17:02 index.html
drwxr-xr-x 2 pf pf 4096 Jun 23 08:45 js
Thanks for your assistance thus far on this.
Regards,
Talan
From: Quiniou-Briand, Nicolas <[email protected]>
Sent: 05 July 2021 13:36
To: Talan Westby <[email protected]>;
[email protected]
Subject: RE: Convert Cluster to Standalone
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
Hello Talan,
Could you:
0. packetfence version
1. send me your packetfence-haproxy-admin configuration
(/usr/local/pf/var/conf/haproxy-admin.conf)
2. send me your httpadmindispatcher configuration (/usr/local/pf/
conf/caddy-services/httpadmindispatcher.conf)
3. output of:
* ls -l /usr/local/pf/html/pfappserver/root
* ls -l /usr/local/pf/html/pfappserver/root/dist/
Nicolas Quiniou-Briand
Product Support Engineer
[cid:[email protected]]
Office: +33156696210
Akamai Technologies
145 Broadway
Cambridge, MA 02142
Connect with Us:
[cid:[email protected]]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.akamai.com%2F&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618224679%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UKxpvWwGE%2F9qmnp3FPo7X%2FOBztLCSX%2FYeTggroeDpEw%3D&reserved=0>
[cid:[email protected]]
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akamai.com%2F&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618234675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=R4v2IC5acpIfIy%2FnoSaLc4npdfE2TP0wF%2BnmU9b6%2FYM%3D&reserved=0>
[cid:[email protected]]
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fakamai&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618244666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=V6rL17rcFKhD9aS83WcpARzhfHnO6zWn5K4aa9T6NNg%3D&reserved=0>
[cid:[email protected]]
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FAkamaiTechnologies&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618244666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bBaVHNVMMIVBJ7pVtncYPz6LleFRYwFHrw56UAlQ5uM%3D&reserved=0>
[cid:[email protected]]
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fakamai-technologies&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618254659%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SHu6wB7jTQA48pIYzR0SUDJrEmrmI717cWkvaUgtrVE%3D&reserved=0>
[cid:[email protected]]
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main&data=04%7C01%7CTalan.Westby%40derby-college.ac.uk%7C366e2b67167c419d362508d93fb170d6%7C7584d7479421477d8345bedc5d73bc46%7C0%7C0%7C637610853618254659%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6PiO829zGQpz0anBupet%2BX8Jz9r7RZHBAkUwcyMK90o%3D&reserved=0>
_____________________________________
This electronic message contains information from Derby College which may be
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity
named above.
If you are not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited. Internet
communications are not secure and therefore Derby College does not accept legal
responsibility for the contents of this message. Any views or opinions
presented are only those of the author and not those of Derby College.
ONLY if you have received this message in error, please email
[email protected] immediately, ensuring that you copy and paste the body
of this message so that we can respond to your query.
_________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
