Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jzcad1828

Pages1
#1
General Discussion / Re: Nginx problems
May 30, 2023, 12:09:28 AM
@Fright - that is exactly what I'm using! All traffic comes in on TCP80/443 streams and uses SNI mappings. I've applied the patch and restarted Nginx. Initially nothing seemed to change after restarting Nginx service, so reading what your patch does, and just to be sure, I made sure proxy protocol was disabled on the stream that's using SNI, re-saved, and applied configuration. Sites are all up and running again. Thanks a ton for such a quick response!!!

Code Select
# opnsense-patch -c plugins -a kulikov-a 3683586
Fetched 3683586 via https://github.com/kulikov-a/plugins
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 368358625e3126f0a73530739d00bf3d589e099f Mon Sep 17 00:00:00 2001
|From: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
|Date: Mon, 29 May 2023 21:16:26 +0300
|Subject: [PATCH] 'upstream' is undefined quickfix
|
|dont try to set proxy_protocol value for sni mapped streams
|---
| .../src/opnsense/service/templates/OPNsense/Nginx/streams.conf  | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/streams.conf b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/streams.conf
|index a2d306079c..8915f32653 100644
|--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/streams.conf
|+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/streams.conf
--------------------------
Patching file opnsense/service/templates/OPNsense/Nginx/streams.conf using Plan A...
Hunk #1 succeeded at 96.
done
All patches have been applied successfully.  Have a nice day.
#2
General Discussion / Nginx problems
May 28, 2023, 05:39:10 PM
Hello! I am new to the forum and made the switch from PFsense/Netgate to OPNsense almost a year ago now. I've been extremely satisfied with this firewall, but have started to have some issues with my Nginx plugin. I am getting an error that I'm having great difficulty tracking down.

I have tried to remove the plugin, delete all related files, remove config.xml nginx data, but have hit a knowledge gap. I have a highly configured environment with multiple VLANs, VPNs, Proxied services, etc.  which of course has effectively taken down my entire hosting situation (combination L4+L7 services). In any case, this undefined upstream is a real mystery to me, as is any luck trying to rebuild my entire nginx configuration from scratch. Additional information:

Code Select
OPNsense 23.1.8-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

Code Select
pkg install os-nginx
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        nginx: 1.22.1_5,3
        os-nginx: 1.32

Number of packages to be installed: 2

The process will require 5 MiB more space.

Proceed with this action? [y/N]: y
[1/2] Installing nginx-1.22.1_5,3...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[1/2] Extracting nginx-1.22.1_5,3: 100%
[2/2] Installing os-nginx-1.32...
[2/2] Extracting os-nginx-1.32: 100%
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
[b]Reloading template OPNsense/Nginx: Execute error[/b]
Reloading template OPNsense/Syslog: OK
=====
Message from nginx-1.22.1_5,3:

--
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.

Code Select
Error configd.py [f36c5176-acea-4081-a6b1-998c20c73a4f] Inline action failed with OPNsense/Nginx OPNsense/Nginx/nginx.conf 'upstream' is undefined at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/template.py", line 272, in _generate content = j2_page.render(cnf_data) File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 1301, in render self.environment.handle_exception() File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 936, in handle_exception raise rewrite_traceback_stack(source=source) File "/usr/local/opnsense/service/templates/OPNsense/Nginx/nginx.conf", line 31, in top-level template code {% include "OPNsense/Nginx/streams.conf" %} File "/usr/local/opnsense/service/templates/OPNsense/Nginx/streams.conf", line 103, in top-level template code proxy_protocol {% if upstream.proxy_protocol == '1' %}on{% else %}off{% endif %}; File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 485, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'upstream' is undefined During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 510, in execute return ph_inline_actions.execute(self, inline_act_parameters) File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 51, in execute filenames = tmpl.generate(parameters) File "/usr/local/opnsense/service/modules/template.py", line 349, in generate raise render_exception File "/usr/local/opnsense/service/modules/template.py", line 340, in generate for filename in self._generate(template_name, create_directory): File "/usr/local/opnsense/service/modules/template.py", line 275, in _generate raise Exception("%s %s %s" % (module_name, template_filename, render_exception)) Exception: OPNsense/Nginx OPNsense/Nginx/nginx.conf 'upstream' is undefined

Any ideas?
Pages1