Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: mephisto20 on January 17, 2022, 11:00:04 AM

Title: GUI: Missing Configuration connecting through Reverse Proxy
Post by: mephisto20 on January 17, 2022, 11:00:04 AM
Hi,

I am using OPNsense 21.7.7-amd64 in a Lab Enviroment.
to make the Web GUI available from outside I have set up an external reverse Proxy to connect to the GUI.

I have set Alternate Hostnames accordingly and I am able to log into the GUI.
Strange thing is ... I am missing some parts of the configuration altough I am logged in with root.

e.g. Settings for the ACME client are missing: Plugin is disabled, no account is defined, etc.

If I log in with the same user locally (not using the external reverse proxy) ... I can see the full config Plugin is enabled, account is set up, etc.

I am pretty new to OpnSense .... Can anybody give me a hint ?

Title: Re: GUI: Missing Configuration connecting through Reverse Proxy
Post by: Fright on January 17, 2022, 04:44:11 PM
Hi
you can try to look in proxy logs and browser dev console. may be some api calls are blocked
Title: Re: GUI: Missing Configuration connecting through Reverse Proxy
Post by: mephisto20 on January 18, 2022, 09:28:59 AM
Thnx for your reply !

I checked with browser console and it gives the following error:

Code Select
scheme
https
host
reverse.domain.com
filename
/api/core/menu/search/
_
16545493428251
Adresse
217.154.123.111:443
Status
401
Unauthorized
VersionHTTP/1.1
Übertragen239 B (48 B Größe)
Referrer Policysame-origin

menu.search : Unauthorized

So I guess this means that you r right and API calls are blocked.
I cannot see anything unnormal in the logs of the Reverse Proxy.

Is OPNSense blocking these calls ?
What can I do to prevent it from doing so ?

Title: Re: GUI: Missing Configuration connecting through Reverse Proxy
Post by: Fright on January 18, 2022, 02:00:37 PM
is your reverse proxy requires authentication?
if so try to not pass Authorization header to opnsense host
Title: Re: GUI: Missing Configuration connecting through Reverse Proxy
Post by: mephisto20 on January 18, 2022, 04:35:01 PM
It turns out you are right again.

I have configured my reverse proxy with Basic Authentication:

Code Select
   <Proxy *>
       Order deny,allow
       Allow from all
       Authtype Basic
       Authname "Password Required"
       AuthUserFile /etc/apache2/.htpasswd
       Require valid-user
#       SetEnv proxy-chain-auth
   </Proxy>


So i gues the problem is that Authentication headers are passed to OpnSense.
Once I remove Basic Authentication on the Reverse Proxy everything works just fine.

Can anybody give me a hint on how to not passing the Authorization header ?

Title: Re: GUI: Missing Configuration connecting through Reverse Proxy
Post by: Fright on January 18, 2022, 04:45:25 PM
looks like Apache? sorry, not using it. but google is full of answers )
like https://serverfault.com/questions/707889/how-to-stop-apache-https-reverseproxy-passing-basic-auth-to-tomcat
Text only | Text with Images