Messages

1

Tutorials and FAQs / Re: Multiple Wireguard VPN Gateways with Unbound DNS - Working in OPNsense 24.1

« on: April 16, 2024, 03:26:16 pm »

Is there any possibility to use unbound over a WireGuard interface without using an DNS over TLD forwarder?

As with the change to the no static IP on a tunnel interface, unbound can't use it to route DNS request to.

" By default all interfaces are used. Note that setting explicit outgoing interfaces only works when they are statically configured."

2

Web Proxy Filtering and Caching / Re: NGINX Redirect

« on: January 20, 2023, 08:06:15 pm »

The hook pointed me in the right direction
Creating the <uid>_post directory with a 497_error_page.conf in it.
Containing error_page  497 https://$host:9090$request_uri;
Makes http request to the https port redirect succesful.

Ps. adding the error_page 497 to the nginx.conf also makes it work.
But I guess this will not survive any modifications done in the GUI.
I hope this custom survives firmware upgrades.

Since this is a pretty nice way to redirect http to https I hope this will soon be added as defailt in GUI.

3

Web Proxy Filtering and Caching / Re: NGINX Redirect

« on: January 20, 2023, 07:07:42 pm »

This checkbox does nothing for my config. Even after reboot.
On the opnsense reverse proxy server settings I have only specified a https port, just like in my example config.
It doesn't seem to like binding same port to https and http.

I still get: The plain HTTP request was sent to HTTPS port, error 400,
when connecting on http://mydomain.com:myport

4

Web Proxy Filtering and Caching / NGINX Redirect

« on: January 20, 2023, 03:29:35 pm »

I have a reverse nginx proxy running on an ubuntu box.
Running non standard ssl ports, an example of my config:

server {
    listen 9090 default_server ssl http2;
    server_name blabla;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-XSS-Protection "1; mode=block";

    ssl_certificate /etc/letsencrypt/live/blablafullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/blabla/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/blabla/chain.pem;
    include snippets/ssl.conf;
    error_page  497 https://$host:9090$request_uri;

    access_log /var/log/nginx/blabla.access.log apm;
    error_log /var/log/nginx/blabla.error.log warn;

    location / {
        proxy_pass        http://127.0.0.1:8080;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
    }
}

I wanted to move this functionality to OPNsense, and it works nicely with the nginx plugin.

One thing I don't get to work the HTTP to HTTPS redirect.
In the example above I get this going with the: error_page  497 https://$host:9090$request_uri;
this redirects HTTP requests to HTTPS.

But I can't find this in the error pages overview in OPNsense, and no idea how I or even if this can be done.

Any tip or help is apreciated. Thanks.