1
Web Proxy Filtering and Caching / [SOLVED] Nginx not recognising upstream servers
« on: February 22, 2024, 12:15:46 pm »
I am trying to get the nginx reverse proxy to work with multiple upstream servers using their own ssl cert. The issue that I'm running into is that one of the upstreams is not used and when a client requests a specific webpage the wrong server is used.
When I look in /usr/local/etc/nginx/nginx.conf I see that the upstream servers are listed and point to the correct servers.
In HTTP(S) -> HTTP Server I have 4 servers all listening on the same IP (my OPNsense has only 1 wan ip) on port 443.
In HTTP(S) -> Location I have 3 locations matching "/" with Match Type "None" and no URL rewriting.
Security rules and Learning mode are enabled.
Custom Security Policies are enabled based on the NAXSI WAF.
Upstream servers is pointing to the correct servers.
In Data Streams -> Stream servers I have 2 entries which both listen on the WAN address on port 443 using the TLS cert that is configured by ACME and pointing to the correct Upstream Servers.
The "Route With" option is currently set to "SNI Upstream Mapping" with the correct Upstream Server and corresponding SNI Upstream Mapping.
For this it doesn't matter if I use SNI Upstream Mapping as "Route with" or "Upstream".
In Data Streams -> SNI based routing I have 2 entries.
Entry one has hostname map sub.domain.tld pointing to the correct upstream server and www.sub.domain.tld pointing to the same upstream server.
Entry two is basically the same but using a different domain and different upstream server.
In Upstream -> Upstream server I have 6 entries (3 backend servers using 443 and 80 for which I only need to configure 2 for the time being). All Upstream servers have priority 1.
In Upstream -> Upstream I have 3 entries for the 3 servers that are in the backend.
See attached nginx.conf for reference
When I look in /usr/local/etc/nginx/nginx.conf I see that the upstream servers are listed and point to the correct servers.
In HTTP(S) -> HTTP Server I have 4 servers all listening on the same IP (my OPNsense has only 1 wan ip) on port 443.
In HTTP(S) -> Location I have 3 locations matching "/" with Match Type "None" and no URL rewriting.
Security rules and Learning mode are enabled.
Custom Security Policies are enabled based on the NAXSI WAF.
Upstream servers is pointing to the correct servers.
In Data Streams -> Stream servers I have 2 entries which both listen on the WAN address on port 443 using the TLS cert that is configured by ACME and pointing to the correct Upstream Servers.
The "Route With" option is currently set to "SNI Upstream Mapping" with the correct Upstream Server and corresponding SNI Upstream Mapping.
For this it doesn't matter if I use SNI Upstream Mapping as "Route with" or "Upstream".
In Data Streams -> SNI based routing I have 2 entries.
Entry one has hostname map sub.domain.tld pointing to the correct upstream server and www.sub.domain.tld pointing to the same upstream server.
Entry two is basically the same but using a different domain and different upstream server.
In Upstream -> Upstream server I have 6 entries (3 backend servers using 443 and 80 for which I only need to configure 2 for the time being). All Upstream servers have priority 1.
In Upstream -> Upstream I have 3 entries for the 3 servers that are in the backend.
See attached nginx.conf for reference