Messages

Maybe as well additional info for those who don't read patch notes ;)

Q-Feeds is as well officially documented in OPNsense docs.

https://docs.opnsense.org/manual/qfeeds.html

Regards,
S.

I am guessing there is a critical error on the firewall rules setup instructions?

I am using Caddy to get rid of the annoying HTTPS GUI risk errors for my switches, APs, HomeAssistant, unRAID, cameras etc.

Everything is working lovely, but my Caddy error log is constantly spammed with entries like this;

Code Select Expand

"warn","ts":"2025-06-25T10:07:59Z","logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"10.10.1.1:8443","duration":0.042737367,"request":{"remote_ip":"10.0.3.3","remote_port":"52165","client_ip":"10.0.3.3","proto":"HTTP/1.1","method":"GET","host":"opnsense.mydomain.net","uri":"/api/diagnostics/traffic/stream/1","headers":{"X-Forwarded-For":["10.0.3.3"],"Sec-Fetch-Dest":["empty"],"Priority":["u=4"],"Pragma":["no-cache"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["cors"],"Accept":["text/event-stream"],"Referer":["https://opnsense.mydomain.net/ui/core/dashboard"],"X-Forwarded-Host":["opnsense.mydomain.net"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cookie":["REDACTED"],"Via":["1.1 Caddy"],"Accept-Language":["en-GB,en;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"opnsense.mydomain.net"}},"error":"reading: context canceled"}

Code Select Expand

"debug","ts":"2025-06-25T09:33:14Z","logger":"http.handlers.reverse_proxy","msg":"streaming error","upstream":"10.10.6.2:80","duration":0.001746601,"request":{"remote_ip":"10.0.3.3","remote_port":"50503","client_ip":"10.0.3.3","proto":"HTTP/1.1","method":"GET","host":"unraid.mydomain.net","uri":"/graphql","headers":{"Accept":["*/*"],"Upgrade":["websocket"],"Sec-WebSocket-Key":["DGBO2HIVqUx6DeTiLcb+FQ=="],"Sec-Fetch-Site":["same-origin"],"Cookie":["REDACTED"],"Sec-WebSocket-Version":["13"],"Cache-Control":["no-cache"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Connection":["Upgrade"],"Sec-Fetch-Dest":["empty"],"Pragma":["no-cache"],"Sec-WebSocket-Extensions":["permessage-deflate"],"X-Forwarded-For":["10.0.3.3"],"Sec-WebSocket-Protocol":["graphql-transport-ws"],"X-Forwarded-Host":["unraid.mydomain.net"],"Accept-Language":["en-GB,en;q=0.5"],"Via":["1.1 Caddy"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 Firefox/139.0"],"X-Forwarded-Proto":["https"],"Origin":["https://unraid.mydomain.net"],"Sec-Fetch-Mode":["websocket"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"unraid.mydomain.net"}}}
Can anyone shed any light on these errors even though everything appears to be working correctly?

Dnsmasq uses the DNS servers defined in "System - Settings - General" as upstream.

Otherwise, you need this patch:

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commit/220dbc7931e11c71587734ed9c1731abdf9eaff8

With it you can set "Do not forward to system defined DNS servers" in dnsmasq and provide your own ones in the "Domain" tab. Just use an asterisk (*) to specify any domain, and then define an IP address (e.g. 1.1.1.1) or Unbound if it runs on a different port (127.0.0.1, Port 53053).

Just finished doing this with thanks from your help. Everything working great, apart from my Blocklist now just gets ignored. Any way around this?