Okay, I’m still new to all of this, but I really screwed up good. I suspect I know what the answer is before I ask, but I’m hoping against hope that someone will suggest a solution. I was feeling good because I finally got around to a couple of tasks I’ve been meaning to do for a long time: set up my DDNS and domain, as well as HA Proxy for Let’s Encryt and eventually accessing servers externally. I had done the backend and was setting up the front end. When it came time to enter the port, instead of entering the port for the server, I entered the port for pfsense. So now I can’t access pfsense from the browser — I get a 503 server not available error. My pfsense router has HDMI port and video capability, but I can’t get that to work yet, though I’m investigating.that. pfsense is working fine so far as I can tell, but that won’t last forever. Can anyone think of any way to fix the problem? I can ssh to it, but I can’t figure out what to do next. Any help would be appreciated.
I think the simplest way to handle this is, from the console, look for an option called Restore recent configuration. Should be option #15. Then you can undo the last edit you made (it will give you a list of every change you’ve made by date and time).
Before you setup HAProxy again, my recommendation is to create a virtual IP for the service. So if your pfSense is at 10.0.0.1, go to Firewall > Virtual IPs and create one for HAProxy (maybe 10.0.0.5 or something). There are a couple more steps for this approach (you’ll have to tell HAProxy to bind to that IP address and create a couple NAT rules to forward WAN traffic to the new address), but I think it’s much cleaner to have the service on its own IP and you’ll be able to use port 443 both for pfSense and HAProxy since they’re now on separate addresses.
Oh, wow, that sounds a lot easier than what I was going to try – I realized after this post, that rather than look for a setting to change, there were backups I could restore. I’ve been a little freaked out over this.
I’ll try your suggestion first. Thanks so much!
No prob. Good luck getting it sorted out.
No joy. My admin account was disable for security, so I searched all night how to get the menu to appear for a non-admin account. Did that and ran 15) Restore recent configuration. I get a fatal error. Here’s the output (I don’t see any compromising information in it, but I’m hardly an expert):
Fatal error: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /etc/inc/config.lib.inc:1000
Stack trace:
#0 /etc/inc/config.lib.inc(1000): fwrite(false, ‘a:30:{i:1718760…’)
#1 /etc/rc.restore_config_backup(27): cleanup_backupcache()
#2 {main}
thrown in /etc/inc/config.lib.inc on line 1000
PHP ERROR: Type: 1, File: /etc/inc/config.lib.inc, Line: 1000, Message: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /etc/inc/config.lib.inc:1000
Stack trace:
#0 /etc/inc/config.lib.inc(1000): fwrite(false, ‘a:30:{i:1718760…’)
#1 /etc/rc.restore_config_backup(27): cleanup_backupcache()
#2 {main}
thrownpfSense - Netgate Device ID: bee32807873d1b3eb344
I’m not sure what you mean about your admin account, but if account permissions are messed up, can you try this directly from the console (i.e. not over ssh, but from a keyboard at the router)?
That actually was the first thing I tried. For reasons I haven’t been able to figure out yet, I can’t access the console that way.
Hmm. This is sounding less like a simple HAProxy error and more like something seriously botched with the firewall. Might be worth thinking about a reinstall and restore from backups.
I’ve been thinking that. Is it possible to reinstall with a backup onboard the router? Obviously, I can access the OS and the file system.
Yeah, there’s a file at /conf/config.xml that has all of your settings. Here’s some info on that: Automatically Restore Configuration During Installation | pfSense Documentation. Do note that your machine isn’t in a currently working state, so it’s definitely possible the pfSense config as-is won’t fix the system.
I tried to do a restore, but couldn’t get it to work. Ended up just nuking it and doing a fresh install. Oh, well, practice makes perfect. I appreciated your help. Thanks.