Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ursus

Pages 1 2
#16
19.1 Legacy Series / Re: nginx as Reverse Proxy
May 02, 2019, 07:28:45 PM
I'll check the nginx config at the weekend and will report back here!
#17
19.1 Legacy Series / Re: nginx as Reverse Proxy
May 02, 2019, 07:28:03 PM
as far as I can see nothing @ port 80. funnily enough I installed 16GB of memory today which meant I needed to reboot - now I can start and stop nginx -> weird

here is the output

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     sshd       62715 3  tcp4   192.168.1.254:22      192.168.1.109:57539
root     sshd       62715 6  stream (not connected)
root     ntpd       27262 3  dgram  -> /var/run/logpriv
root     ntpd       27262 20 udp6   *:123                 *:*
root     ntpd       27262 21 udp4   *:123                 *:*
root     ntpd       27262 22 udp4   192.168.1.254:123     *:*
root     ntpd       27262 23 udp6   fe80::4262:31ff:fe07:2014%igb0:123 *:*
root     ntpd       27262 24 udp4   192.168.100.254:123   *:*
root     ntpd       27262 25 udp6   fe80::4262:31ff:fe07:2016%igb2:123 *:*
root     ntpd       27262 26 udp6   ::1:123               *:*
root     ntpd       27262 27 udp4   127.0.0.1:123         *:*
root     sshlockout 45630 3  dgram  -> /var/run/logpriv
root     cron       82577 5  stream /var/run/configd.socket
root     cron       82577 7  stream /var/run/configd.socket
_flowd   flowd      56325 3  udp4   127.0.0.1:2056        *:*
_flowd   flowd      56325 5  stream -> ??
root     flowd      22368 4  stream -> ??
root     python2.7  59694 5  dgram  -> /var/run/logpriv
www      nginx      46282 6  stream /var/run/nginx_status.sock
www      nginx      46282 7  stream -> ??
root     nginx      18591 3  stream -> ??
root     nginx      18591 6  stream /var/run/nginx_status.sock
root     nginx      18591 7  stream -> ??
www      php-fpm    28965 5  stream /var/run/php-www.socket
www      php-fpm    80491 5  stream /var/run/php-www.socket
root     php-fpm    41995 5  stream /var/run/php-webgui.socket
root     php-fpm    16719 5  stream /var/run/php-webgui.socket
root     php-fpm    68793 4  stream -> ??
root     php-fpm    68793 6  stream -> ??
root     php-fpm    68793 7  stream /var/run/php-webgui.socket
root     php-fpm    68793 8  stream /var/run/php-www.socket
root     syslogd    41931 5  dgram  /var/run/log
root     syslogd    41931 6  dgram  /var/run/logpriv
root     syslogd    41931 7  dgram  /var/dhcpd/var/run/log
root     syslogd    41931 8  dgram  /var/unbound/var/run/log
root     syslogd    41931 9  udp6   *:514                 *:*
root     syslogd    41931 10 udp4   *:514                 *:*
unbound  unbound    88113 4  udp4   *:53                  *:*
unbound  unbound    88113 5  tcp4   *:53                  *:*
unbound  unbound    88113 6  tcp4   127.0.0.1:953         *:*
unbound  unbound    88113 7  dgram  (not connected)
unbound  unbound    88113 8  stream -> ??
unbound  unbound    88113 9  stream -> ??
unbound  unbound    88113 10 stream -> ??
unbound  unbound    88113 11 stream -> ??
unbound  unbound    88113 12 stream -> ??
unbound  unbound    88113 13 stream -> ??
unbound  unbound    88113 14 stream -> ??
unbound  unbound    88113 15 stream -> ??
dhcpd    dhcpd      70928 4  dgram  -> /var/dhcpd/var/run/log
dhcpd    dhcpd      70928 9  udp4   *:67                  *:*
root     php-cgi    35698 0  stream /tmp/php-fastcgi.socket-1
root     php-cgi    98274 0  stream /tmp/php-fastcgi.socket-1
root     php-cgi    86780 0  stream /tmp/php-fastcgi.socket-1
root     php-cgi    53680 0  stream /tmp/php-fastcgi.socket-0
root     php-cgi    20334 0  stream /tmp/php-fastcgi.socket-0
root     php-cgi    91107 0  stream /tmp/php-fastcgi.socket-0
root     php-cgi    98186 0  stream /tmp/php-fastcgi.socket-1
root     php-cgi    51374 0  stream /tmp/php-fastcgi.socket-0
root     lighttpd   6723  5  tcp4   *:8080                *:*
root     lighttpd   6723  6  tcp6   *:8080                *:*
root     lighttpd   6723  7  dgram  (not connected)
root     sshd       52157 3  tcp6   *:22                  *:*
root     sshd       52157 4  tcp4   *:22                  *:*
root     dpinger    64646 6  dgram  -> /var/run/logpriv
root     dpinger    64646 7  stream /var/run/dpinger_WANGW.sock
root     filterlog  37742 5  dgram  -> /var/run/logpriv
root     sshlockout 9838  3  dgram  (not connected)
root     devd       27894 5  stream /var/run/devd.pipe
root     devd       27894 6  seqpac /var/run/devd.seqpacket.pipe
root     devd       27894 8  dgram  -> /var/run/logpriv
root     python2.7  25442 5  stream /var/run/configd.socket
root     python2.7  25442 8  dgram  -> /var/run/logpriv
?        ?          ?     ?  tcp4   192.168.1.254:8080    192.168.1.109:57536
#18
19.1 Legacy Series / Re: nginx as Reverse Proxy
May 01, 2019, 09:44:01 PM
Thank you for your reply. I did have the webGUI @ 80, moved it to 8080 and restarted but am still getting the same errors unfortunately. Any other ideas?
#19
19.1 Legacy Series / Re: nginx as Reverse Proxy
May 01, 2019, 08:09:32 PM
oh, I did press the small and the large reload buttons multiple times  ;D
#20
19.1 Legacy Series / nginx as Reverse Proxy
May 01, 2019, 08:08:06 PM
Hi.

Sorry for the long post but I've been trying the whole afternoon :)

I have read the forums but cannot seem to find an answer to my question. I have a MailInABoxServer in my DMZ. I have setup port forwarding rules and everything is working perfectly! I have www.mydomain.com working. I now would like to add a Wordpress server for my blog at blog.mydomian.com. The mailinabox server is at 192.168.100.1 and the Wordpress machine at 192.168.100.2.

I therefore added the os-nginx plugin and can configure it without any problems. I used this how to https://wiki.opnsense.org/manual/how-tos/nginx.html to configure. I tried to configure but have a couple of questions:

1. I added an upstream server -> do I need to add one per port (you need to add the port on the config document)

2. I created the upstream, one per server

3. I created one location for www.mydomain.com and one for blog.mydomain.com. What do I enter for the Match Type, I have been using Exact Match ("="), correct?

4. I then created one server for www and added the www location document to it and one server for the blog and added the blog location to it.

When I deactivate the port forward rules I do not see my sites and get the following error in Logs/Global Error Log => invalid PID number "" in "/var/run/nginx.pid"

No matter what I do I cannot seem to start nginx (did this via the command line):

/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
root@firewall:~ # sudo service nginx start
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] still could not bind()
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx

does anybody have any tips for me?

Thx
#21
19.1 Legacy Series / Re: setup for DNS/WEB Server in DMZ
April 29, 2019, 11:41:05 PM
I have a similar setup to you, as long as you are not doing host header (more than one 80/443 site per port) you can just do port forwarding. I need different sub domains going to different machines in the DMZ so will use nginx or haproxy- not sure which atm 😊
#22
19.1 Legacy Series / Re: DM/NAT/Port forwarding
April 29, 2019, 11:37:06 PM
Too be honest I allow all from the DMZ to WAN. I will specify ports I in the future but am learning OPNSense atm 😊 will want to setup ad blocking, IPsec instead of Arlo like I am using and a reverse proxy to host my other sites (tinyRSS and a wordpress site).
#23
19.1 Legacy Series / Re: DM/NAT/Port forwarding
April 27, 2019, 03:42:47 PM
ok, found my error. When creating the NAT rules you need to select WAN address and not WAN net when creating the rule. It is also necessary to create an outgoing rule in the DMZ for the Mail in a box server.
#24
19.1 Legacy Series / DM/NAT/Port forwarding
April 26, 2019, 09:21:10 PM
I am moving from Ubiquity 3Port Firewall. I have setup a DMZ and have my MailInABox server running perfectly. I thought I could setup the same thing on OPNSense - I am making a mess somehow and cannot find my error. When I have the Firewall: NAT: Port Forward rules set (attached) I can access the sites perfectly from the Internet (it therefore seems as if the rules are OK) but from the LAN side I am getting very weird responses. I enter a URL (eg. http://hecklerdesign.com/product/cliff/) -> the hecklerdesign.com part gets replaced with my own URL -> http://www.mydomain.cc/product/cliff/

I am not sure way this is but I was wondering if it might have something to do with the fact that MailInABox acts as a DNS server? Anybody have any pointers form me?

Thank you in advance
Pages 1 2