Hello,
When I upgrade my firewall running 23.1.5_4 to 23.1.7_3, after the reboot my NGINX reverse proxy running on OPNsense starts giving PR_END_OF_FILE_ERROR when trying to load a SSL site. I've checked the obvious logs but I don't see anything. The only way I can get NGINX to work again is by restoring from backup or snapshot.
Any ideas? I'm happy to try another upgrade again and pull relevant logs if I know which logs to pull.
Thanks!
Just to add - I'm getting the same errors since the update. I can't get any of my SSL sites to load. Did you manage to find a resolution other than revert?
Unfortunately not. I tried different things relating to the error such as re-issuing certificates. Nothing worked. Restoring from backup/snapshot was the only way to get things working again.
I'm thinking I might just have to move back to a separate NGINX reverse proxy. :-\
Hi.
Same for version 23.1.9. Any news?
Thanks in advance.
I found a solution:
I removed all lines "proxy_protocol" in all my servers and restared Nginx.
Step by step:
ssh root@<OPNSENSE-IP>
Select "8 ) Shell"
To debug error:
tail -f /var/log/nginx/*.log
You must to access to your url to force errror.
Probably you will see somthing like:
2023/06/15 12:37:12 [error] 90378#100106: *43 broken header
cd /usr/local/etc/nginx/
grep -i "proxy_protocol" *
cp nginx.conf nginx.conf-BACKUP
vi nginx.conf
Yoy must to remove ALL lines "proxy_protocol" in all your servers:
For example, if you have:
listen 443 http2 ssl proxy_protocol;
Change it like this:
listen 443 http2 ssl;
Then restart Nginx:
/usr/local/etc/rc.d/nginx configtest
/usr/local/etc/rc.d/nginx stop
/usr/local/etc/rc.d/nginx status
/usr/local/etc/rc.d/nginx start
/usr/local/etc/rc.d/nginx status
Now check you url one more time.
It has worked for me.
Thanks! Removing proxy_protocol directive (in 23.7.4) restored nginx functionality.
Is it a bug or feature? :P