Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 11259 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web proxy failed

Ladislav Benes

Last week we found that web proxy is dead. It happend unexpectedly, there we no changes for two weeks.

I upgraded from SFOS 17.1.1 MR-1 to SFOS 17.1.2 MR-2, but web proxy is dead again.

in GUI

Configure-Systemservice - Services    for Web proxy is status Stopped

When I try to restart, I receive

XG230_WP02_SFOS 17.1.2 MR-2# service awarrenhttp:restart -ds nosync
503 Service Failed

What to do ?


This thread was automatically locked due to age.
Parents
  • 0

    Hi Ladislav,

    To investigate further, take SSH to the XG and navigate to 5. Device Management> 3. Advance and execute the following commands, we need the output from:

    1. df -h
    2. cd /var/cores 
      ls -larth
    3. csc.log and awarrenhttp.log files, refer to, https://community.sophos.com/kb/en-us/123185

    Thanks,

  • 0 in reply to sachingurung

    df -h

    Filesystem                Size      Used Available Use% Mounted on
    rootfs                  323.1M      2.4M    299.6M   1% /
    df: /newroot: No such file or directory
    df: /newroot/dev: No such file or directory
    df: /newrootrw: No such file or directory
    none                    323.1M      2.4M    299.6M   1% /
    none                      3.9G     16.0K      3.9G   0% /dev
    none                      3.9G     48.1M      3.8G   1% /tmp
    none                      3.9G     14.6M      3.8G   0% /dev/shm
    /dev/conf               385.4M     66.2M    319.2M  17% /conf
    /dev/content             11.2G    381.0M     10.8G   3% /content
    /dev/var                 96.6G     25.8G     70.8G  27% /var

    after command

    service awarrenhttp:restart -ds nosynd     

     at  9:41

     

     

    cd /var/cores 
    ls -larth

    drwxr-xr-x    2 root     0           4.0K Dec  6  2017 .
    drwxr-xr-x   98 root     0           4.0K Oct  1 09:41 ..

    csc.log

    nothing new

     

     

     

    awarrenhttp.log

     

    1538379681.664144263 [ 9339/         (nil)] acl-parsefile.c:1001  read_frm_file Processing [/static/proxy/awarrenhttp/header]
    1538379681.664256421 [ 9339/         (nil)]    acl-common.c:769   validate_addr Not CIDR mask; continuing as it is...
    1538379681.664299209 [ 9339/         (nil)]    acl-common.c:769   validate_addr Not CIDR mask; continuing as it is...
    1538379681.711574958 [ 9339/         (nil)] acl-parsefile.c:531   parse_acl_line Duplicate acl name 'ALL', at lineno 79
    1538379682.283884564 [ 9339/         (nil)] acl-parsefile.c:1001  read_frm_file Processing [/static/proxy/awarrenhttp/tailer]
    1538379682.290300639 [ 9339/         (nil)]     diskcache.c:1816  disk_cache_read fopen: /sdisk/httpcache/cacheidx: No such file or directory
    1538379682.290316089 [ 9339/         (nil)]     diskcache.c:224   disk_cache_zap creating cache
    1538379682.330131796 [ 9353/         (nil)]     diskcache.c:518   rmdir_recursive_background_func removing zapped cache root folder /sdisk/httpcache.001
    1538379682.330154024 [ 9339/         (nil)]   awarrenhttp.c:307   init_process Limits: threads: 2, maxconns: 18432, max fd: 110716, coredump: yes
    1538379682.347417352 [ 9339/         (nil)]           ssl.c:201   ssl_clear_certcache_init Fail to rename certcache (/sdisk/certcache) to (/sdisk/certcache.to_be_deleted) for removal: Directory not empty
    1538379682.400993468 [ 9339/         (nil)]           ssl.c:964   ssl_load_cert Failed to read file: '/conf/certificate/cacerts/d919ffd0.0'
    1538379682.401000741 [ 9339/         (nil)]           ssl.c:1041  ssl_prepare_chain Couldn't find Issuer certificate
    1538379682.401003168 [ 9339/         (nil)]           ssl.c:1221  init_portal Failed to create ssl chain
    1538379682.402356762 [ 9339/         (nil)]           ssl.c:964   ssl_load_cert Failed to read file: '/conf/certificate/cacerts/b35c37be.0'
    1538379682.402363629 [ 9339/         (nil)]           ssl.c:1041  ssl_prepare_chain Couldn't find Issuer certificate
    1538379682.402365915 [ 9339/         (nil)]           ssl.c:1221  init_portal Failed to create ssl chain

  • 0 in reply to Ladislav Benes

    Are you using your own certificate authority in Web \ General Settings \ HTTPS Scanning Certificate Authority?

    If so, can you switch back to SecurityAppliance_SSL_CA to see if that helps?

     

    Are you using your own certificate in Administration \ Admin Settings \ Port Setting for Admin Console?

    If so, can you switch back to Appliance Certificate to see if that helps?

     

    You may need to delete and re-upload your CA or certificate.  Note that there have been some problems with the Web Proxy properly getting the certificate chain with PKCS files.  If you can upload each part of the chain separately that may help.

     

  • 0 in reply to Ladislav Benes

    Sorry for a late response, I was OOO. Looking at the provided information, I don't see any reason that can cause the proxy to fail. I was suspecting an issue caused due to over used disk space but that looks normal here. Please check out Michael's response and update us.

Reply Children
No Data