Menu
▾
▴
Re: [PacketFence-users] Question about Captive Portal's haproxy port80, or dhcp option
|
From: Uli S. <uli...@si...> - 2019-01-30 10:58:00
|
Hello,
upon further investigation, i guess ha-proxy-portal cannot connect to
127.0.0.1:80
Jan 30 11:25:42 srv-wlan haproxy[26179]: backend 192.168.220.1-backend
has no server available!
Jan 30 11:25:51 srv-wlan haproxy[26179]: 192.168.220.27:51630
[30/Jan/2019:11:25:48.287] portal-http-192.168.220.1 proxy/<NOSRV>
0/0/-1/-1/3005 503 212 - - SC-- 3/1/0/0/3 0/0 "GET XXXX HTTP/1.1"
some strace:
connect(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
epoll_wait(3, [], 200, 0) = 0
connect(15, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
recvfrom(15, NULL, 2147483647, MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL,
NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
setsockopt(15, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
close(15) = 0
but process is running, as seen from curl or netstat:
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
26313/httpd
i only see my curl in tail -f /usr/local/pf/logs/httpd.portal.access
no stuff from the network.
thanks for your time
On 30.01.2019 11:09, Uli Schellhaas wrote:
>
> Hello Fabrice,
>
> and thanks for your reply, i tracked the nonworking part down to:
>
> there is no portal http instance on https://127.0.01:443
>
> what did i do to have it be gone ? i dont know, i did not reconfigure
> anything. I think it may have been the first reboot after updates
> which caused that.
>
> /usr/local/pf/var/conf/haproxy-portal.conf
>
> backend 192.168.220.1-backend
>
> server 127.0.0.1 127.0.0.1:80 check
>
> curl http://127.0.0.1:80
> <title>302 Found</title>
> <p>The document has moved <a href="https://127.0.0.1/">here</a>.</p>
>
> curl https://127.0.0.1
> curl: (7) Failed connect to 127.0.0.1:443; Connection refused
>
> netstat -anp | grep 443
>
> tcp 0 0 192.168.220.1:443 0.0.0.0:*
> LISTEN 8206/haproxy
> tcp 0 0 10.119.0.40:1443 0.0.0.0:*
> LISTEN 8511/httpd
>
> What did i try to solve it ? I just switched portal off on management
> interface, (switched it back on later)
>
> then i did alot of service restarts and reboots.
>
> Question remains: Why would there be some redirect on
> http://127.0.0.1:80 to https then ? Where is the error ?
>
> i guess this block in the config is not fitting ? (as there is no
> https://127.0.0.1:443 daemon listening )
>
> RewriteEngine On
> RewriteCond %{REQUEST_URI} !^/access.* [NC]
> RewriteCond %{HTTP:X-Forwarded-Proto} !=https
> RewriteCond %{HTTP:X-Forwarded-For-PacketFence} =""
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
>
>
> thanks for any insights on why it stopped working
>
>
> On 30.01.2019 04:11, Durand fabrice via PacketFence-users wrote:
>> Hello Uli,
>>
>> it's like the inline enforcement work.
>>
>> Define a management interface and a inline interface and set the dns
>> to something like 8.8.8.8.
>>
>> When a device will be in the inline vlan and if the device is unreg
>> then it will be forwarded to the captive portal.
>>
>> Regards
>>
>> Fabrice
>>
>> Le 19-01-29 à 04 h 00, Uli Schellhaas via PacketFence-users a écrit :
>>> Hello,
>>>
>>> i wanted to know where i can configure a http redirect to the
>>> captive portal, in case any unauthenticated user(his device) surf's
>>> to my inlinel2 interface Port80
>>>
>>> Also, is there a option, possibly within dhcp reply, to have Clients
>>> know where they need to authenticate ?
>>>
>>> Thanks for replies!
>>>
>>> greetings
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> Pac...@li...
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> Pac...@li...
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> --
> Uli Schellhaas
> Department IT and Technics
> Tel: +49 (0) 6151 - 869 – 395
> Hotline: +49 (0) 6151 - 869 – 111
> Supportmail: ad...@si...
> In our service catalog <https://servicekatalog.fraunhofer.de/> you
> will find all the offers of the infrastructure departments of the SIT
> and the central services of the FhG.
--
Uli Schellhaas
Department IT and Technics
Tel: +49 (0) 6151 - 869 – 395
Hotline: +49 (0) 6151 - 869 – 111
Supportmail: ad...@si...
In our service catalog <https://servicekatalog.fraunhofer.de/> you will
find all the offers of the infrastructure departments of the SIT and the
central services of the FhG.
|
