pfSense 2.4.1 and Update Web Safety
172 views
Skip to first unread message
dm dm
Oct 25, 2017, 7:03:18 AM10/25/17
to Diladele Web Safety
Hello there and sorry for my English.
I have made a pfSense update from 2.3.x to 2.4. On 2.3.x run Web Safety without problems.
After update of pfSense I tried to preceed the steps
Web safety seems tu run but no page can be viewed
------------------------------------
but there are unconsistencies in the documentation.
https://docs.diladele.com/administrator_guide_5_3/install/freebsd11/index.html
the scripts in documentation are different as the script os git repository.
THIS Version does no exist!
____________________________
Help!
I have made a pfSense update from 2.3.x to 2.4. On 2.3.x run Web Safety without problems.
After update of pfSense I tried to preceed the steps
Web safety seems tu run but no page can be viewed
------------------------------------
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at admini...@diladele.lan to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
----------------------------------but there are unconsistencies in the documentation.
https://docs.diladele.com/administrator_guide_5_3/install/freebsd11/index.html
the scripts in documentation are different as the script os git repository.
THIS Version does no exist!
This is not 5.3, where is 5.3? It is no possible to browse on your ftp-server.
_________________________
DDWS_VERSION=5.2.0 DDWS_BUILD=3323 # get latest version of web safety fetch http://packages.diladele.com/websafety/$DDWS_VERSION.$DDWS_BUILD/$ARCH/release/freebsd10/websafety-$DDWS_VERSION-$ARCH.txz # and install it env ASSUME_ALWAYS_YES=YES pkg install -y websafety-$DDWS_VERSION-$ARCH.txz
____________________________
Help!
dm
Oct 25, 2017, 7:09:47 AM10/25/17
to Diladele Web Safety
Neither exist this version
| DDWS_VERSION=5.3.0 |
| DDWS_BUILD=BA07 |
|
|
| # get latest version of web safety |
fetch http://packages.diladele.com/websafety/$DDWS_VERSION.$DDWS_BUILD/$ARCH/release/freebsd11/websafety-$DDWS_VERSION-$ARCH.txz
Help!
rafael....@diladele.com
Oct 25, 2017, 9:41:51 AM10/25/17
to Diladele Web Safety
Hello dm,
Support for pfSense 2,.4 is planned in version 5.2 only. From all the OS we only started to see it working on Ubuntu.
FreeBSD is far from being ready.
Best regards,
Rafaeldm
Oct 26, 2017, 8:20:44 AM10/26/17
to Diladele Web Safety
Websafeta is running now, browsing is now possible :-)
[2017-Oct-26 13:58:11] [info] ICAP server starting on '127.0.0.1':1344
[2017-Oct-26 13:58:11] [info] Web Safety is started
[2017-Oct-26 13:58:11] [info] checking license key...
[2017-Oct-26 13:58:11] [info] license key for 7 filtered devices is valid; expires on: Oct 1 09:07:07 2018 GMT, key is registered at: xx...@xxxxxx.net, key type is: home usage only
[2017-Oct-26 13:58:11] [info] need to create filtering services, creating...
2 Questions:
1.
The problem was a running clamd and icap-d on pfsense on port 1344 such as websafety icap.
Is there a possibility to change the default port 1344 in websafety?
The configuration in /opt/websafety/etc/squid/icap.conf (1344-> 1345)
icap_service websafety1 reqmod_precache icap://127.0.0.1:1344/reqmod bypass=0
icap_service websafety2 respmod_precache icap://127.0.0.1:1344/respmod bypass=0
DOES NOT WORK
If clamd and icap-d on pfsense is runnig, websafety icap does not start
[2017-Oct-26 12:31:14] [info] ICAP server starting on '127.0.0.1':1344
[2017-Oct-26 12:31:15] [erro] unexpected exception in daemon: bind: Address already in use
2. the Problem with websafety web gui still exists
Internal Server Error (500)
[2017-Oct-26 13:58:11] [info] ICAP server starting on '127.0.0.1':1344
[2017-Oct-26 13:58:11] [info] Web Safety is started
[2017-Oct-26 13:58:11] [info] checking license key...
[2017-Oct-26 13:58:11] [info] license key for 7 filtered devices is valid; expires on: Oct 1 09:07:07 2018 GMT, key is registered at: xx...@xxxxxx.net, key type is: home usage only
[2017-Oct-26 13:58:11] [info] need to create filtering services, creating...
2 Questions:
1.
The problem was a running clamd and icap-d on pfsense on port 1344 such as websafety icap.
Is there a possibility to change the default port 1344 in websafety?
The configuration in /opt/websafety/etc/squid/icap.conf (1344-> 1345)
icap_service websafety1 reqmod_precache icap://127.0.0.1:1344/reqmod bypass=0
icap_service websafety2 respmod_precache icap://127.0.0.1:1344/respmod bypass=0
DOES NOT WORK
If clamd and icap-d on pfsense is runnig, websafety icap does not start
[2017-Oct-26 12:31:14] [info] ICAP server starting on '127.0.0.1':1344
[2017-Oct-26 12:31:15] [erro] unexpected exception in daemon: bind: Address already in use
2. the Problem with websafety web gui still exists
Internal Server Error (500)
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at admini...@diladele.lan to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
any hint?
Rafael Akchurin
Oct 26, 2017, 9:32:09 AM10/26/17
to web-s...@googlegroups.com
Well good whats in the apache log then?
Best regards,
Best regards,
Rafael Akchurin
--
You received this message because you are subscribed to the Google Groups "Diladele Web Safety" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web-safety+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
dm
Oct 26, 2017, 11:12:52 AM10/26/17
to Diladele Web Safety
cat /var/log/httpd-access.log
192.168.2.3 - - [26/Oct/2017:17:02:36 +0200] "GET / HTTP/1.1" 500 539
cat /var/log/httpd-error.log
[Thu Oct 26 17:02:30.309542 2017] [wsgi:warn] [pid 44442] mod_wsgi: Compiled for Python/2.7.11.
[Thu Oct 26 17:02:30.310068 2017] [wsgi:warn] [pid 44442] mod_wsgi: Runtime using Python/2.7.14.
[Thu Oct 26 17:02:30.317491 2017] [mpm_prefork:notice] [pid 44442] AH00163: Apache/2.4.18 (FreeBSD) mod_wsgi/4.4.21 Python/2.7.14 configured -- resuming normal operations
[Thu Oct 26 17:02:30.317595 2017] [core:notice] [pid 44442] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
[Thu Oct 26 17:02:37.673047 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] mod_wsgi (pid=44678): Target WSGI script '/opt/websafety/var/console/console/wsgi.py' cannot be loaded as Python module.
[Thu Oct 26 17:02:37.673118 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] mod_wsgi (pid=44678): Exception occurred processing WSGI script '/opt/websafety/var/console/console/wsgi.py'.
[Thu Oct 26 17:02:37.673176 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] Traceback (most recent call last):
[Thu Oct 26 17:02:37.673232 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/console/wsgi.py", line 14, in <module>
[Thu Oct 26 17:02:37.673371 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] application = get_wsgi_application()
[Thu Oct 26 17:02:37.673400 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/core/wsgi.py", line 14, in get_wsgi_application
[Thu Oct 26 17:02:37.673507 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] django.setup()
[Thu Oct 26 17:02:37.673529 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/__init__.py", line 18, in setup
[Thu Oct 26 17:02:37.673648 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] apps.populate(settings.INSTALLED_APPS)
[Thu Oct 26 17:02:37.673676 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/apps/registry.py", line 108, in populate
[Thu Oct 26 17:02:37.674013 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] app_config.import_models(all_models)
[Thu Oct 26 17:02:37.674039 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/apps/config.py", line 198, in import_models
[Thu Oct 26 17:02:37.674240 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] self.models_module = import_module(models_module_name)
[Thu Oct 26 17:02:37.674265 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/importlib/__init__.py", line 37, in import_module
[Thu Oct 26 17:02:37.674377 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] __import__(name)
[Thu Oct 26 17:02:37.674400 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/frame/models.py", line 21, in <module>
[Thu Oct 26 17:02:37.674529 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from squid.generator import Generator as SquidGenerator
[Thu Oct 26 17:02:37.674552 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/squid/generator.py", line 8, in <module>
[Thu Oct 26 17:02:37.674953 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from _domain.squid import \\
[Thu Oct 26 17:02:37.674982 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/_domain/squid/__init__.py", line 4, in <module>
[Thu Oct 26 17:02:37.675110 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from .ad_search import LdapUserSearcher, LdapGroupSearcher
[Thu Oct 26 17:02:37.675138 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/_domain/squid/ad_search.py", line 2, in <module>
[Thu Oct 26 17:02:37.675350 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] import ldap
[Thu Oct 26 17:02:37.675399 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] ImportError: No module named ldap
#
I think, the problem may be Your websafety_virtual_host
<VirtualHost *:8080>
ServerName proxy.diladele.lan
ServerAlias diladele.lan
ServerAdmin admini...@diladele.lan
WSGIDaemonProcess diladele.lan python-path=/opt/websafety/var/console user=websafety group=websafety display-name=%{GROUP}
WSGIProcessGroup diladele.lan
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /opt/websafety/var/console/console/wsgi.py
<Directory /opt/websafety/var/console/console>
<Files wsgi.py>
Order deny,allow
Allow from all
Require all granted
</Files>
</Directory>
Alias /static/ /opt/websafety/var/console/www/static/
<Directory /opt/websafety/var/console/www/static>
Order deny,allow
Allow from all
Require all granted
</Directory>
</VirtualHost>
The mixing of old and new directives is tricki. I have tried
192.168.2.3 - - [26/Oct/2017:17:02:36 +0200] "GET / HTTP/1.1" 500 539
cat /var/log/httpd-error.log
[Thu Oct 26 17:02:30.309542 2017] [wsgi:warn] [pid 44442] mod_wsgi: Compiled for Python/2.7.11.
[Thu Oct 26 17:02:30.310068 2017] [wsgi:warn] [pid 44442] mod_wsgi: Runtime using Python/2.7.14.
[Thu Oct 26 17:02:30.317491 2017] [mpm_prefork:notice] [pid 44442] AH00163: Apache/2.4.18 (FreeBSD) mod_wsgi/4.4.21 Python/2.7.14 configured -- resuming normal operations
[Thu Oct 26 17:02:30.317595 2017] [core:notice] [pid 44442] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
[Thu Oct 26 17:02:37.673047 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] mod_wsgi (pid=44678): Target WSGI script '/opt/websafety/var/console/console/wsgi.py' cannot be loaded as Python module.
[Thu Oct 26 17:02:37.673118 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] mod_wsgi (pid=44678): Exception occurred processing WSGI script '/opt/websafety/var/console/console/wsgi.py'.
[Thu Oct 26 17:02:37.673176 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] Traceback (most recent call last):
[Thu Oct 26 17:02:37.673232 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/console/wsgi.py", line 14, in <module>
[Thu Oct 26 17:02:37.673371 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] application = get_wsgi_application()
[Thu Oct 26 17:02:37.673400 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/core/wsgi.py", line 14, in get_wsgi_application
[Thu Oct 26 17:02:37.673507 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] django.setup()
[Thu Oct 26 17:02:37.673529 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/__init__.py", line 18, in setup
[Thu Oct 26 17:02:37.673648 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] apps.populate(settings.INSTALLED_APPS)
[Thu Oct 26 17:02:37.673676 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/apps/registry.py", line 108, in populate
[Thu Oct 26 17:02:37.674013 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] app_config.import_models(all_models)
[Thu Oct 26 17:02:37.674039 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/site-packages/django/apps/config.py", line 198, in import_models
[Thu Oct 26 17:02:37.674240 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] self.models_module = import_module(models_module_name)
[Thu Oct 26 17:02:37.674265 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/usr/local/lib/python2.7/importlib/__init__.py", line 37, in import_module
[Thu Oct 26 17:02:37.674377 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] __import__(name)
[Thu Oct 26 17:02:37.674400 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/frame/models.py", line 21, in <module>
[Thu Oct 26 17:02:37.674529 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from squid.generator import Generator as SquidGenerator
[Thu Oct 26 17:02:37.674552 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/squid/generator.py", line 8, in <module>
[Thu Oct 26 17:02:37.674953 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from _domain.squid import \\
[Thu Oct 26 17:02:37.674982 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/_domain/squid/__init__.py", line 4, in <module>
[Thu Oct 26 17:02:37.675110 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] from .ad_search import LdapUserSearcher, LdapGroupSearcher
[Thu Oct 26 17:02:37.675138 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] File "/opt/websafety/var/console/_domain/squid/ad_search.py", line 2, in <module>
[Thu Oct 26 17:02:37.675350 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] import ldap
[Thu Oct 26 17:02:37.675399 2017] [wsgi:error] [pid 44678] [remote 192.168.2.3:0] ImportError: No module named ldap
#
I think, the problem may be Your websafety_virtual_host
<VirtualHost *:8080>
ServerName proxy.diladele.lan
ServerAlias diladele.lan
ServerAdmin admini...@diladele.lan
WSGIDaemonProcess diladele.lan python-path=/opt/websafety/var/console user=websafety group=websafety display-name=%{GROUP}
WSGIProcessGroup diladele.lan
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /opt/websafety/var/console/console/wsgi.py
<Directory /opt/websafety/var/console/console>
<Files wsgi.py>
Order deny,allow
Allow from all
Require all granted
</Files>
</Directory>
Alias /static/ /opt/websafety/var/console/www/static/
<Directory /opt/websafety/var/console/www/static>
Order deny,allow
Allow from all
Require all granted
</Directory>
</VirtualHost>
The mixing of old and new directives is tricki. I have tried
Options Indexes FollowSymLinks AllowOverride None Require all granted
but no success, im noch apache expert.
Rafael Akchurin
Oct 26, 2017, 12:15:22 PM10/26/17
to web-s...@googlegroups.com
I guess it is:
ImportError: No module named ldap
Apparently the following comnand did not work:
pkg add $REPOURL/py27-ldap-2.4.22.txz
Best regards,
Rafael Akchurin
--
dm
Oct 26, 2017, 12:32:20 PM10/26/17
to Diladele Web Safety
Yes Yes Yes! :-D
thank You. Problem SOLVED.
thank You. Problem SOLVED.
----------------------------
I guess it is:
I guess it is:
Rafael Akchurin
Oct 26, 2017, 12:39:00 PM10/26/17
to web-s...@googlegroups.com
I will try to update the pfsense tutorial in the coming week for 5.2.
Best regards,
Rafael Akchurin
--
dm
Oct 26, 2017, 12:52:40 PM10/26/17
to Diladele Web Safety
have a look on this repository for necessary packages, it works for pfSense 2.4.1 with freebsd 11.1
http://pkg.freebsd.org/freebsd:11:x86:64/release_1/All/
http://pkg.freebsd.org/freebsd:11:x86:64/release_1/All/
Reply all
Reply to author
Forward
0 new messages