Hi
I really like OPNSense and I'm using NGINX for reverse proxy
But I can't find how to set options like headers
Adding few lines of custom options in locations field would be good enough
Do you have any plans to add that?
Quote from: park0kyung0won on October 17, 2018, 08:26:13 AM
But I can't find how to set options like headers
security headers like content security policy etc. are all in the security headers section and can be assigned to the location.
Other headers are currently not supported (which one are missing because most other headers can be usually set by the application itself?)
Quote from: park0kyung0won on October 17, 2018, 08:26:13 AM
Adding few lines of custom options in locations field would be good enough
Do you have any plans to add that?
Definitely no because it can easily break the configuration which may be a huge issue if also the web interface runs on the affected nginx instance.
How about proxy headers like X-Forwarded-For ?
Some applications behind proxy need that
Can I manually set /etc/nginx/nginx.conf file by ssh login into OPNSense?
Quote from: park0kyung0won on October 18, 2018, 02:35:21 PM
How about proxy headers like X-Forwarded-For ?
Should already exist:
https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L98
Quote from: park0kyung0won on October 18, 2018, 02:35:21 PM
Some applications behind proxy need that
I know. This is why I have hardcoded in for all proxy upstreams to add it automatically. Is it missing or does something not work? If yes, that's a bug.
Quote from: park0kyung0won on October 18, 2018, 02:35:21 PM
Can I manually set /etc/nginx/nginx.conf file by ssh login into OPNSense?
Beside that this file should not exist - the plugin will overwrite it as soon as you change something in the GUI.
I faced this problem while setting up Openstack noVNC
https://ask.openstack.org/en/question/12606/front-nova-novncproxy-with-nginx/
All these necessary options are already there?
Almost all are automatically added, the only one which has to be manually added is the upgrade. This one can be enabled via a special checkbox for websockets.
See:
https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L96-L99
https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf#L95-L99
I have looked into it, there is a bug which I've fixed and it is now in review:
https://github.com/opnsense/plugins/pull/925
you can patch it using opnsense-patch -c plugins dcfcd41
Quote from: fabian on October 19, 2018, 07:28:19 PM
I have looked into it, there is a bug which I've fixed and it is now in review:
https://github.com/opnsense/plugins/pull/925
you can patch it using opnsense-patch -c plugins dcfcd41
Thank you very much
Is this patch merged into production branch?
And from where can I check websocket option?
Quote from: park0kyung0won on October 24, 2018, 01:35:36 PM
Is this patch merged into production branch?
not yet, this usually happens before the release is built but it will very likely be in the next release.
Quote from: park0kyung0won on October 24, 2018, 01:35:36 PM
And from where can I check websocket option?
Should be in the location configuration.
I don't see the websocket option in location was this ever resolved ?
it's advanced
Thanks.
FYI everyone advanced didn't show for me until I toggled advanced on the Global HTTP Settings tab , might have just been cache but now I see websocket.
Still unable to access novnc over nginx , getting the following errors anyone able to assist ?
(//)
This error means your upstream does not serve the web socket (it may not be deployed). Try to check your server config as it does not get a response from the upstream.
upstream works fine when going to server url directly , only failing when using nginx plugin .
@Fabian sorry I had misunderstood what you meant I was able to re-configure my app/service and now websocket works and performance is much better thank you for all your work/help !
Is it possible to run Windows Admin Center behind NGINX reverse proxy ? I can't get it top connect after login error code 400. Only able to find success with this setup on web , https://www.tech-coffee.net/deploy-windows-admin-center-in-ha-through-kemp-load-balancer/ . It migh be issue with WAC from what im reading just thought I would bounce it off you? After additional research it looks like its possible with NTLM auth described in these two threads , is this option available in the plugin?
https://caddy.community/t/doesnt-work-when-reverse-proxy-windows-admin-center/6408/41
https://stackoverflow.com/questions/21284935/nginx-reverse-proxy-with-windows-authentication-that-uses-ntlm
Tried :
proxy_pass http://http_backend/;
proxy_http_version 1.1;
proxy_set_header Connection "";
in conf but the Connection "", was overidden with Connection $connection_upgrade;
From a setting in gui conf
We socket support is an advanced checkbox.