Netgate SG-1000 microFirewall

Author Topic: 502 Bad Gateway (nginx) after Update to 2.3  (Read 22147 times)

0 Members and 1 Guest are viewing this topic.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #75 on: December 05, 2017, 02:38:09 pm »
Works fine for me, just re-entered that I'd and fetched it again, no problem.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Online BeerCan

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #76 on: December 05, 2017, 03:24:09 pm »
Works fine for me, just re-entered that I'd and fetched it again, no problem.

Does this look right?


Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #77 on: December 05, 2017, 03:40:35 pm »
Strange I get a different ID.

Try the full ID 2c131b10b25db593331048d4f2b28fbf9bf5662e
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Online BeerCan

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #78 on: December 05, 2017, 03:47:03 pm »
That fails as well
here is what is in the log

Code: [Select]
Dec 5 16:46:00 php-fpm 70317 /system_patches.php: Download file failed with status code 0. URL: https://github.com/pfsense/pfsense/commit/2c131b10b25db593331048d4f2b28fbf9bf5662e.patch

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #79 on: December 05, 2017, 03:53:22 pm »
This is silly.  ???

Here's the full URL that I have just used.

https://github.com/pfsense/pfsense/commit/2c131b1.patch
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Online BeerCan

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #80 on: December 05, 2017, 07:21:43 pm »
will not fetch that one either.  This is weird

Offline lordalfa

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #81 on: December 06, 2017, 12:50:59 am »
BeerCan, can you get into https://github.com

If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

Online BeerCan

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #82 on: December 06, 2017, 11:05:26 am »
BeerCan, can you get into https://github.com

If your browser gives you an error, you will have problems downloading. It is something to do with HSTS.

I can't get in with FF or chrome


Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #83 on: December 06, 2017, 03:45:32 pm »
Even stranger... :)

I think this is one for the Netgate developers to answer, as they maintain it.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline PiBa

  • Hero Member
  • *****
  • Posts: 793
  • Karma: +129/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #84 on: December 06, 2017, 04:46:40 pm »
I don t think netgate maintains the github.com certificates.
It sounds to me like like a invasive proxy with ssl bump.

Edit:
Or perhaps pfBlocker dnsblock list that redirects to a pfSense hosted site for tracking blocking statistics..
« Last Edit: December 06, 2017, 04:50:53 pm by PiBa »

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #85 on: December 06, 2017, 05:02:52 pm »
It works fine for me though, and others apparently, it's only BeerCan who is having an issue I think.

PiBa, can you try and fetch the patch, see if it's working for you?

To be honest, I only have to click on the link I posted yesterday and I can see the patch.

I did not think that netgate maintains the Github certs, just the pfsense repository, it's just that maybe they may have an idea what's causing the issue.

I've just checked Github's cert and it reports it as OK on my system.
« Last Edit: December 06, 2017, 05:07:45 pm by marjohn56 »
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline PiBa

  • Hero Member
  • *****
  • Posts: 793
  • Karma: +129/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #86 on: December 06, 2017, 05:12:47 pm »
Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 549
  • Karma: +53/-3
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #87 on: December 06, 2017, 05:15:19 pm »
Fetch patch works fine, both the link in a browser and the 2c131b1 id in patches package.

So a proxy like squid with ssl bump or dns-intercept (DNSBL pfBlockerNG) are the likely causes imho.

Thank you sir. I think you are correct on the likely cause.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Online BeerCan

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #88 on: December 07, 2017, 09:33:46 am »
So I turned unbound off and went back to dnsmasq and github worked.  So I went back and turned unbound back on and no github. 

So I ran this cmd



that looks like my pfblocker address.  Problem is pfblocker has been off during all this

Offline PiBa

  • Hero Member
  • *****
  • Posts: 793
  • Karma: +129/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #89 on: December 07, 2017, 12:54:52 pm »
Are you sure the "Enable DNSBL" box is also disabled? (not only the "Enable pfBlockerNG")