Messages

I think in my general troubleshooting I did add UDP as an option. I also switched over to having it track the cloudflare IPs (my DNS host at this point for all the things) and things have generally been working better compared to me utilizing a GEOIP limited approach to the port forward.

I've been utilizing cloudflare for my DNS provider and domain host. I've set it so that 443 is port forwarded to an Nginx Proxy Manager and it has been working beautifully until roughly a week ago. Now I'm getting constant hits on the system's Default deny / state violation rule for inbound connections. I've attempted to setup an alias for cloudflare to be allowed inbound but still getting blocks on it. Current release I'm running is 25.1.12.
Any tips/thoughts/ideas?

I've got my GUI port changed to accomodate this

Just to make sure I follow this. If I set it in the locations then I don't need to set it in the http server section? Sadly I don't have any larger files to test against it at the moment.
Next time I have a large file to upload to my Nextcloud that this is ultimately being set for I can post about it again.

Yeah for some reason setting it within the web interface it just won't set it to 5000m max body upload but editing it from the actual nginx.conf file does work. So not sure what the new issue is for that since here's the result from trying to set it from the web interface

Code Select Expand

2022-02-05T12:20:59 configd.py[15718] [72c5f666-a604-4786-a9b6-42d15ecbc8ca] Script action stderr returned "b'[05-Feb-2022 12:20:59] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\n[05-Feb-2022 12:20:59] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\nnginx: the configuration file /usr/local/etc/nginx/nginx.co'"

Now if I can just figure out why it's not  letting me adjust the max file size upload from 200m to 5000m I'd be all set. I've set the size adjustment under both of my inbound location entries for my Nextcloud. I've also set it on the http server entry as well but when hitting Apply it's setting it back to 200m in my nginx.conf file and I see it shows in the logs that the file is updated successfully

@Fright
I wanted to let you know that you are my hero!
Plan A worked immediately. Upon removing all disabled rules that referenced the old deleted server the nginx.conf file updated to include my new system that I've been wanting to add in as soon as I hit Apply on the main Nginx plugin page.

So I just realized the one system it shows in upstream server that does not exist in the web interface. Should I remove that from the nginx.conf file altogether or how should I go about getting it removed? I could also try removing the last of the remnant entries I have in the web interface that reference the old server that I have removed from the upstream settings.

As far as the error I got in the move to 21.7.7 I had to manually change the bind ports since it was trying to use 80 and 443 when I have Nginx set to bind to 8443. I do have backups of my entire opnsense based on backing it up to my Nextcloud dating back to what I believe is prior to the update and need for manual intervention so would that be useful? If not then I don't have system backups that are old enough to roll back to.

So here's what I found with that.

Code Select Expand

2022-02-03T11:27:42 configd.py[15718] [342270de-c733-4f42-a177-ac64122631dc] Script action stderr returned "b'[03-Feb-2022 11:27:42] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\n[03-Feb-2022 11:27:42] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\nnginx: the configuration file /usr/local/etc/nginx/nginx.co'"
2022-02-03T11:27:42 configd.py[15718] [9e7ae3bb-a8a3-4ef0-b493-baedabdbb34c] trigger config changed event
2022-02-03T11:27:42 configd.py[15718] [fac01a40-ae95-4085-9787-1da7fab52d53] request pf current overall table record count and table-entries limit
2022-02-03T11:27:42 configd.py[15718] [342270de-c733-4f42-a177-ac64122631dc] reloading nginx
2022-02-03T11:27:42 configd.py[15718] [64c0b534-a0d3-4242-a2d8-bf8bf1f07b7d] Inline action failed with OPNsense/Nginx OPNsense/Nginx/nginx.conf 'dict object' has no attribute 'serverentries' at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/template.py", line 267, in _generate content = j2_page.render(cnf_data) File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 1304, in render self.environment.handle_exception() File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 925, in handle_exception raise rewrite_traceback_stack(source=source) File "/usr/local/opnsense/service/modules/../templates/OPNsense/Nginx/nginx.conf", line 21, in top-level template code {% include "OPNsense/Nginx/http.conf" %} File "/usr/local/opnsense/service/modules/../templates/OPNsense/Nginx/http.conf", line 72, in top-level template code {% include "OPNsense/Nginx/upstream.conf" ignore missing with context %} File "/usr/local/opnsense/service/modules/../templates/OPNsense/Nginx/upstream.conf", line 15, in top-level template code {% for upstream_serveruuid in upstream.serverentries.split(',') %} File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 474, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'serverentries' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 506, in execute return ph_inline_actions.execute(self, inline_act_parameters) File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 51, in execute filenames = tmpl.generate(parameters) File "/usr/local/opnsense/service/modules/template.py", line 344, in generate raise render_exception File "/usr/local/opnsense/service/modules/template.py", line 335, in generate for filen
2022-02-03T11:27:42 configd.py[15718] generate template container OPNsense/Nginx


So it's finding some issues I'm just not the most versed in establishing how to resolve the issue. I'm attempting to set this up as I've done all of my other Reverse Proxies in the past. I did have an issue after updating to 21.7.7 where my Nginx wouldn't launch since it was trying to bind to the wrong ports that I had not set it to and had to manually edit the file to make it work.
Any tips or ideas to go in would be great.

I've been searching for additional insight into this as well. I've checked in /var/log/nginx for any files that may give me details about that. I've also checked /var/log/system.log but found nothing there either. Any additional logs you recommend checking?

Yup I just tried that again and it's not working. Essentially what I'm currently trying to do is add another system for Reverse Proxy and it's not acknowledging that my rewrite rule is there so it just acts like the system doesn't exist. I also had to manually adjust max file size upload limits for my Nextcloud since it wouldn't change from the default 200m even with me setting it in the web interface.

In the past when I've made changes I'd just restart the plugin and that would work. Is that not the correct way to do it? I also just now tried selecting the refresh button to the right of the add button to see if that would have an effect and it did not. So I'm guessing I'm doing something wrong in regards to regenerating the config. How do I do it the correct way?

I'm currently running 21.7.7 and am using the Nginx plugin to manage reverse proxy on my network. When I make a change in the web interface then check the nginx.conf file it is not writing my changes to there. This means the only way I've been able to do anything with it is to manually edit the nginx.conf file. So for things like increasing the max size of uploads or currently I'm attempting to add a new server to the reverse proxy but none of my changes are being written to it. Do I need to make a copy of the file for backup and delete it and hope it recreates the file and actually writes to it or is there something else that I should be checking here? I'm willing to provide whatever info is necessary.

I figured out the issue. My outbound VPN service is having an issue so it was causing anything meant to go outbound through the VPN to have issues since it was down more often than not so I just switched the rule while working through that issue.

I upgraded to 21.1.8_1 a couple days ago and things were working fine. I started noticing today that my Linux systems were unable to run updates because all repos are not responding. I started doing some additional testing by just verifying that pings to the firewall work. When trying to ping to the internet though OPNsense responds even though OPNsense should be handing out PiHole as the DNS to the network. When OPNsense responds it just says host unreachable but it does not attempt to relay the pings to the WAN it just immediately says they're unreachable. This was confirmed through a tcpdump both on LAN and WAN side. OPNsense itself can ping the internet and DNS resolves without an issue. Anybody have some recommendations of what to check since my configuration has not changed in months but I did check them anyways to confirm.

I've recently got my hands on a Juniper SRX210 for free and seeing that it uses linux uboot to then boot into freebsd I wanted to see if it would be possible to get a build of OPNsense that would work on this. I'd love to get my OPNsense off of my server and back on to it's own hardware so it's more convenient on the family if I work on the server and take it down I don't take the internet with it. The cpu is mips based it's one of the Octeon family processors but I don't remember the exact one. I know that OPNsense has mips technically built in through freebsd but is only built for x86. I've got basically no experience with doing a build from source so I want to see if anybody else may have some experience that could assist with this crazy project of mine. My goal is to get a bootable serial installer for mips architecture. I've setup a freebsd VM that would be my build machine and have added mips into the build.conf file but it fails since I know there are several additional edits that would be needed to do this. If anybody has some time or wants to throw some pointers my way I would greatly appreciate it.