Messages

This is pretty nice!

Any chance to have Grafana updated to a newer version? 8.5.20 is not even the latest release in the 8.5.x series and the latest release is 10.4.1 now.

Thanks!

That is the odd thing, there is nothing relevant in the logs either.

I am starting to think that something changed so that my firewall rules that point incoming connections to port 80/443 don't work any longer. That would also be consistent with the observation that the connections just time out when trying to open the pages in a browser.

Could you please share how your firewall rule is set up in the working config? Thanks!

Thanks for the help so far.

But it is really strange... even after cleaning up everything and recreating a basic config (and triple-checking everything) nothing seems to work anymore with Nginx as a reverse-proxy, not even a basic http redirection.

It does however start again now, so the problem seems to be somewhere else.

The exact same config was working fine before with multiple websites and SNI redirection etc.

Is there anything that changed significantly that needs to be adapted for the config?

Can anyone confirm that Nginx is still working at all after this update?

Something about the recent Nginx update messed up my configuration (it somehow fails to add a listen to one of the server configs according to "nginx -t") and as I am running out of ideas how to fix it, I would like to fully reset the configuration and start new.

However even after rm the entire /usr/local/etc/nginx folder the broken old config comes up again in the OPNsense GUI.

I looked around, but I can't seem to find where the config files really are.

Thanks for the help.

P.S.: And pointers why the update broke my config would be also appreciated as this is the first time this happened after 2 years using OPNsense with the same Nginx config.

Yes I want to separate out different domain names to different backend servers/clusters.

Like having domain1.com point to one upstream server/cluster and domain2.com point to another.

Huh, I don't follow at all why this would only make sense for Kubernetes???

I have a rather simple home-lab where I don't want to terminate all the SSL connections on the firewall but rather pass them through to various servers that terminate the SSL connection themselves. That way I don't have the load on the OPNsense firewall that already does the heavy load of routing etc. and internal connections are still encrypted to the end-point.

The only way I found to do that is with SNI, and it works very nicely using the build in Nginx in OPNsense.

But since I have multiple services in various subdomains the list has grown very unwieldy and I also have to manually add a subdomain for every service. If wildcards were supported the list would shrink by at least 3/4 in size and I could easily spin up new subdomains on the servers without having to touch the OPNsense config.

Does that make sense?

I have been trying to configure SNI Upstream Maps as explained here: https://docs.opnsense.org/manual/how-tos/nginx_streams.html#sni-upstream-maps

And with regular domain names it works great, but to simplify the setup it would be nice to just set something like *.example.com for a mapping.

However when trying this I get an error about this not being possible.

Is this not supported, or did I do something wrong? Thanks for the help!