[SOLVED] Error ssl after upgrade 3 to 4

upgrade done and it's ok !

Thanks for the quick fix !


Code: 
root@pbs:/etc/apt/sources.list.d# !185
proxmox-backup-manager version --verbose
proxmox-backup                      4.0.0        running kernel: 6.14.8-2-pve
proxmox-backup-server               4.0.12-1     running version: 4.0.12     
proxmox-kernel-helper               9.0.3                                   
proxmox-kernel-6.14.8-2-pve-signed  6.14.8-2                                 
proxmox-kernel-6.14                 6.14.8-2                                 
proxmox-kernel-6.8.12-13-pve-signed 6.8.12-13                               
proxmox-kernel-6.8                  6.8.12-13                               
proxmox-kernel-6.8.12-11-pve-signed 6.8.12-11                               
proxmox-kernel-6.8.12-4-pve-signed  6.8.12-4                                 
ifupdown2                           3.3.0-1+pmx9                             
libjs-extjs                         7.0.0-5                                 
proxmox-backup-docs                 4.0.12-1                                 
proxmox-backup-client               4.0.12-1                                 
proxmox-mail-forward                1.0.2                                   
proxmox-mini-journalreader          1.6                                     
proxmox-offline-mirror-helper       0.7.0                                   
proxmox-widget-toolkit              5.0.5                                   
pve-xtermjs                         5.5.0-2                                 
smartmontools                       7.4-pve1                                 
zfsutils-linux                      2.3.3-pve1
 
updated yesterday from pbs-test. all backup and sync jobs are done without errors this night. the monitoring system showed the web interface / api as online the entire time.
 
michaelsage said:
Looking good so far! I am running backups now to test, is there a change log available?
Click to expand...

you can run "apt changelog <package>" for a high level overview:

Code: 
rust-proxmox-backup (4.0.12-1) trixie; urgency=medium

  * update proxmox-tfa dependency to 0.6.3 to also keep old passkeys created
    with PBS 3 or earlier working, where the backup eligible state was not yet
    exposed.

  * api: openid connect: allow users of OIDC realms to opt into the HttpOnly
    cookies.

  * ui: opt OpenID connect authentication flows into the new http only flow.

  * proxy: avoid exiting connection acceptor loop in error case, like some
    monitoring and health checks of reverse proxies or load balancer cause.

 -- Proxmox Support Team <support@proxmox.com>  Thu, 07 Aug 2025 18:38:49 +0200

or check the detailed git history:
https://git.proxmox.com/?p=proxmox-backup.git;a=log

Code: 
commit e17239734487b54111a92c88703727c0ccc98c3b
Author: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date:   Thu Aug 7 18:39:03 2025 +0200

    bump version to 4.0.12-1
    
    Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

commit 9cf80dc6db539a45b9160153b96d8d56427ec06e
Author: Christian Ebner <c.ebner@proxmox.com>
Date:   Thu Aug 7 17:41:30 2025 +0200

    proxy: avoid exiting connection acceptor loop in error case
    
    The proxy waits for incoming connections passed along from the REST
    server inside a loop. If the REST server api_service call however
    failed with error, the loop was incorrectly exited. Therefore no
    further connections could be accepted.
    
    To fix this, handle the error case gracefully and avoid exiting the
    loop.
    
    The error case can be easily triggered by a HAProxy health check
    using the following backend config.
    
    ```
    backend pbs
        server pbs <PBS-IP>:8007 check ssl verify none
    ```
    
    Fixes: https://forum.proxmox.com/threads/169313/
    Co-Developed-by: Stefan Hanreich <s.hanreich@proxmox.com>
    Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
    Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
    Link: https://lore.proxmox.com/20250807154130.130646-1-c.ebner@proxmox.com

commit cf22c2415edc544b8577cc63cf3a903848e47348
Author: Shannon Sterz <s.sterz@proxmox.com>
Date:   Thu Aug 7 14:03:09 2025 +0200

    ui: opt open id authentication flows into the new http only flow
    
    otherwise the cookie would not be properly set, leading to users
    potentially getting logged out instantly again.
    
    Analyzed-by: Mira Limbeck <m.limbeck@proxmox.com>
    Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
    Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
    Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
    Link: https://lore.proxmox.com/20250807120308.257071-4-s.sterz@proxmox.com

commit f341bff9b7098fb1610bad0e1e88bddcaa2b55de
Author: Shannon Sterz <s.sterz@proxmox.com>
Date:   Thu Aug 7 14:03:08 2025 +0200

    api: openid: allow users of openid to opt into the HttpOnly cookies
    
    add a `http-only` api parameter that allows users to opt into the the
    HttpOnly cookie based authentication flow. here the server will set a
    cookie via a `Set-Cookie` header instead of providing it in the
    response's body. this protects users better against cookie stealing
    attacks and other similar attacks.
    
    note that this has the side effect of always returning extjs-like
    responses here.
    
    Analyzed-by: Mira Limbeck <m.limbeck@proxmox.com>
    Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
    Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
    Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
    Link: https://lore.proxmox.com/20250807120308.257071-3-s.sterz@proxmox.com

commit 600299ad53a42b6887ae6d835ede233933111f25
Author: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date:   Thu Aug 7 14:45:44 2025 +0200

    update proxmox-tfa dependency to 0.6.3
    
    To ensure the complete fix for webauthn AND passkeys, both old and
    newly registered, is included.
    
    Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

commit 7be9d40db7fabcab1283c86777f03c460d2dce04
Author: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date:   Wed Aug 6 19:28:55 2025 +0200

    require pbs-api-types 1.0.3 or newer
    
    Just to ensure we match latest s3-client changes w.r.t. impl/api-types
    feature.
    
    Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

commit b7fade6277919a51712d5ecd6f228b2c2c6712be
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date:   Thu Aug 7 12:10:42 2025 +0200

    proxmox-backup-proxy: fix typo in warning message
    
    Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

commit f77f908b52c79900a6aef9faadd37252c31e6c96
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date:   Thu Aug 7 12:10:16 2025 +0200

    proxmox-backup-proxy: fix formatting
    
    too deeply nested within select! for rustfmt to do this on its own..
    
    Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 
  • Like
Reactions: Chris and fireon
please provide:

"pvesm status pbs_2h" from the PVE node
"proxmox-backup-manager versions --verbose" and "dpkg --list | grep proxmox-backup" from the PBS side
 
Hello,

Finaly, i moved my PBS VM to another hosts in my PVE cluster and it looks ok.
Storage is ok since more than 72 hours.
The node where was the VM has died few hours ago (Probably died SSD). This may could explain the encountered behavior.
 
You must log in or register to reply here.
Top Bottom