Text only | Text with Images

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: MichaDebuss on January 05, 2024, 01:36:26 PM

Title: [SOLVED] OPNsense - NGINX => internal website
Post by: MichaDebuss on January 05, 2024, 01:36:26 PM
Hello,

I have installed the ghost.org system (website, running on Proxmox).

It works very well locally.
IP: 192.168.5.55

Unfortunately I can't get to the page via url. I used NGINX in the OPNsense for this purpose.

That is my configuration in OPNsense

Dynamic DNS:
(works fine) website.example.com

ACME Client:
SSL-Certificate: (works fine), ACME-Status OK website.example.com

Firewall - Rules - WAN:
Protocol: IPv4 TCP
Source: *
Port: *
Destination: WAN address
Port: 80,443  (as ALIAS)
Gateway: *
Schedule: *


I have configured the following in OPNsense - Services - Nginx:

General Settings:
Enable nginx: TRUE

Upstream Server:
Description: Website
Server: 192.168.5.55
Port: 80
Server Priority: 1
Max. Connection: 1000
Max. Failures: 10
Fail Timeout: 900

Upstream:
Description: Website_Pool
Server Entries: Website
Load Ballancing Algo: Weighted Round Robin
Enable TLS (HTTPS): FALSE
nothing more configured on this page

Location
Description: Website_location
URL Pattern: /
Upstream Servers: Website_Pool
Force HTTPS: TRUE
nothing more configured on this page

HTTP Server
HTTP Listen Address: 80
HTTPS Listen Address: 443
Default Server: FALSE
Server Name: website.example.com
Location: Website_location
TLS Certificate: website.example.com (ACME Client)
Client CA Certificate: R3 (ACME Client)
Enable Let's Encrypt Plugin Support: TRUE
HTTPS Only: TRUE
nothing more configured on this page

Unfortunately I get an error message when calling https://website.example.com
This page isn't working
website.example.com redirected you too many times.
ERR_TOO_MANY_REDIRECTS

Does anyone have any idea what could be causing this?
Somehow I can't find the error.

Thank you for any advice.

Best regards

Michael
Title: Re: OPNsense - NGINX => internal website
Post by: Monviech (Cedrik) on January 05, 2024, 02:13:24 PM
TOO_MANY_REDIRECTS means that there is a redirection loop.

Test with curl why it happens (from the same client that couldn't connect with its browser):

Test with HTTP:
Code Select
curl -L -v --max-redirs 10 http://example.com

Test with HTTPS:
Code Select
curl -L -v --max-redirs 10 https://example.com

Look for the "location:" header in the output and you can see which locations cause the redirection loop to happen.
Title: Re: OPNsense - NGINX => internal website
Post by: MichaDebuss on January 05, 2024, 03:11:11 PM
Thank you for your help.

The location is always website.example.com (see logfile attached). ???

Do you have any ideas what the problem could be?

Title: Re: OPNsense - NGINX => internal website
Post by: MichaDebuss on January 05, 2024, 04:13:17 PM
I have tweaked a few things. It works now.  :)

Changed the following:
Upstream Server: Port changed to 443
Upstream: TLS Enabled = TRUE
Location: Force HTTS = FALSE

Many thanks for your support @Monviech .
That gave me the decisive food for thought.
Text only | Text with Images