OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: fabian on July 19, 2018, 09:54:57 pm

Title: CFT: nginx plugin
Post by: fabian on July 19, 2018, 09:54:57 pm

Since Franco and I merged the branch, Franco created a new release (the release candidate 2) on which you can install a developer preview of the nginx plugin. The plugin should work but be careful with your locations. You must not enable security rules if you don't have rules. I am not sure if the patch for this issue is already out there for the nginx package. Also the error pages are still not perfectly designed. However the plugin itself should work.
Features:Proxy with WAF, TLS offloading and Authentication
Local Webserver (can currently serve static content)Webserver to serve the web interface (not enabled - can be done via command line by modifying some files).

Install:pkg install os-nginx-devel

Title: Re: CFT: nginx plugin
Post by: mimugmail on July 20, 2018, 05:56:48 am

Can you write the steps for a simple Reverse setup? I dont get it with Upstream and Upstream Server ...

Title: Re: CFT: nginx plugin
Post by: fabian on July 20, 2018, 05:10:31 pm

I already did but it is not yet on the docs server:
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/nginx.rst

Title: Re: CFT: nginx plugin
Post by: mimugmail on July 20, 2018, 05:15:01 pm

Ah, I'll try this, thanks

Title: Re: CFT: nginx plugin
Post by: mimugmail on July 23, 2018, 10:12:45 am

Ok, tried it out.

Does upstream server also support https? There's only a server and port field and I get complains that the site was reached via plain http.

Also I would try to choose different naming .. upstream and upstream server is a bit confusing. Or you reorder the Subtabs to the order how to add a new site?

Also the heading of edit upstream and edit upstream server is identical.

Title: Re: CFT: nginx plugin
Post by: fabian on July 23, 2018, 10:43:04 pm

@mimugmail:

at the moment it is only http. If you like, I can add a https flag which is only adding an "s" to the upstream call ;)
You can add a ticket so it can get into next or a later release - I prefer to do only bug fixes until the first stable version.

Title: Re: CFT: nginx plugin
Post by: Julien on July 30, 2018, 02:36:29 pm

Is this comparing HAproxy ?
Would like to have the https to test as well.
thank you

Title: Re: CFT: nginx plugin
Post by: fabian on July 30, 2018, 07:04:07 pm

HTTPS backends are in the next build but usually you don't need it (HTTPS backends are usually for applications that support only HTTPS). The Frontend (server) supports HTTPS since the beginning (for example if you want to listen on TCP/443 for HTTPS - which supports HTTP/2 BTW).

Title: Re: CFT: nginx plugin
Post by: Julien on July 30, 2018, 10:50:33 pm

Quote from: fabian on July 30, 2018, 07:04:07 pm

HTTPS backends are in the next build but usually you don't need it (HTTPS backends are usually for applications that support only HTTPS). The Frontend (server) supports HTTPS since the beginning (for example if you want to listen on TCP/443 for HTTPS - which supports HTTP/2 BTW).

let say we wanna have https open on the WAN for exchange and OPS. http/2 would do the job ?

Title: Re: CFT: nginx plugin
Post by: mimugmail on July 31, 2018, 06:01:31 am

Exchange only Runs HTTPS, thats why c
Backend HTTPS is a must

Title: Re: CFT: nginx plugin
Post by: Julien on August 06, 2018, 01:23:10 am

i have installed this version showed here https://github.com/opnsense/docs/blob/master/source/manual/how-tos/nginx.rst
i have noticed the screenshots of the installed version are different than the one on the tutorial. " maybe its a new release "  ?

Quote

The process will require 4 MiB more space.
868 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/3] Fetching os-nginx-devel-0.4.txz: 100%   26 KiB  27.0kB/s    00:01
[2/3] Fetching nginx-1.14.0_10,2.txz: 100%  524 KiB 536.6kB/s    00:01
[3/3] Fetching brotli-1.0.5,1.txz: 100%  318 KiB 325.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing brotli-1.0.5,1...
[1/3] Extracting brotli-1.0.5,1: 100%
[2/3] Installing nginx-1.14.0_10,2...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[2/3] Extracting nginx-1.14.0_10,2: 100%
[3/3] Installing os-nginx-devel-0.4...
[3/3] Extracting os-nginx-devel-0.4: 100%
Stopping configd...done
Starting configd.
Keep version OPNsense\Nginx\Nginx (0.0.0)
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Nginx: OK
Message from nginx-1.14.0_10,2:

i need to create two servers for port 80 and 443. right now we are using haproxy and it working but i do really wanna try this.


the issue i have is i cannot get the upstream configured well, really need a full tutorial in order to get this working.

on the option 4 Create a HTTP server it not showing the created servers . also i've created a location and it does not shows it.

i hope someone can provide a working tutorial.

Title: Re: CFT: nginx plugin
Post by: fabian on August 06, 2018, 06:05:58 pm

I cannot reproduce the error. In my version all servers do show up as expected (all upstream servers in the upstreams and all upstreams in the locations).

Title: Re: CFT: nginx plugin
Post by: Julien on August 06, 2018, 11:25:44 pm

i tried today on a different box but the same error for now i'll stick with the haproxy.
Thank you Fabian