Messages

Hoi, Ik kwam hier voor wat anders, maar las dit ook, denk ga eens kijken of ik mijn 1 GB wel haal, niet dus... na deze aanpassinge kom ik er wel in de buurt!

If you apply your nginx configuration it should work, otherwise it just keeps the old one until reboot.


Cheers,
Franco

Hi,

This is weird, I just loaded my snapshot (I run OPNsense in an ESXi VM) of my last test (faster then updating again from 22.1.8_1) and this time everyting booted and started fine. I could swear I did a reboot yesterday after I discoverd the problem...

Yes so the latest version is 1.28_1 as you can see from the link:

http://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD%3A13%3Aamd64/22.1/latest/All/os-nginx-1.28_1.pkg

1.27 definitely doesn't work with the latest nginx software shipped.

Just updated again 22.1.10
NGINX won't start: os-nginx (installed)   1.28_1   908KiB   OPNsense   Nginx HTTP server and reverse proxy

same error: unknown directive "js_include" in /usr/local/etc/nginx/nginx.conf:40

I mean the plugin os-nginx. Maybe you locked it.


Cheers,
Franco

This is now: os-nginx (installed)   1.27   902KiB   OPNsense   Nginx HTTP server and reverse proxy
You want to know what version it is when I've updated to 22.1.10 again?
If so, I think I can try again this evening.

It looks ok to me. What version is your nginx plugin?

This is what I get (amongst the rest of the packages) when I open the update page:
nginx   1.20.2_9,2   1.22.0_6,2   upgrade   OPNsense

Which mirror are you using or are you managing a mirror yourself? It was fixed in a hotfix update.


Cheers,
Franco

Hi,

I'm coming from OPNsense 22.1.8_1-amd64 using mirror OPNsense in Amsterdam.
When I check for update I only see 22.1.10, so I skipped 22.1.9 and 22.1.9_1.
Is there a 22.1.10_1?

Just updated to 22.1.10 and can't start NGINX anymore...
unknown directive "js_include" in /usr/local/etc/nginx/nginx.conf:40

Restoring to older version of NGINX does not help (opnsense-revert -r 22.1.8 nginx):
SyntaxError: Illegal export statement in ngx_functions.js:51, included in /usr/local/etc/nginx/nginx.conf:40

I added a new physical nic with 4 ports and user passthrough. This way I can also manage the VLAN natively in OPNsense.

So this is merged into version 21.7.6 :)

Unfortunately I am unable to find a combination of cipher suites (with TLS 1.3) where I score 100 on every bar.
I chose this one finally: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

It has no weak ciphers (according to SSL labs) but It's not scoring 100% because of breaking compatibility with older devices.

If someone knows a better one...

PS. you can enter this in: Services > Nginx > Configuration > HTTP(S) > HTTP Server
Edit your HTTP server enable advanced and find the value: TLS Ciphers

The curl command went fine, no problems...

Figured it out though, it was a special char in the file, to bad OPNsense can't handle this or throws a usable error.
But the alias and the firewall rules It's used in is working fine again.

Hi,

We use a URL table alias that refreshes every day to centrally manage a list of IP's that are used in firewall rules.
This worked great untill now.

I keep getting this error:
2021-10-17T18:50:01   /update_tables.py[58137]   error fetching alias url https://bla.bla.com/support.txt   
2021-10-17T18:50:01   /update_tables.py[58137]   fetch alias url https://bla.bla.com/support.txt (lines: 8)

So it downloads the file as it knows it's 8 lines, but then throws an error. I can't seem to find why, is there any other log I can view to figure out why it throws an error?

Ah great, now have A+!

I hope the pull request will get all four bars to 100% :)

Hi,

I did not change my single gateway.
I changed the prefix on my WAN to 2a00:xxx:13x:0:0:0:0:5 /64
I changed my LAN to 2a00:xxx:13x:8000::5 /64

I can still ping to Google DNS from WAN but not from LAN.

Hmm, so after some Googling I think I need to add a custom security header, but then I'm lost, so many options, none of them read HSTS, could you point me in the right direction?

Aaah great another pull request that looks on track for merging, I subscribed to get notified, thnx!

PS. I'm aiming for an all green output of the test, I assumed only all green would provide A+, if less does, thats great, aiming for perfect :)