Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Brashquido

Pages1
#1
Web Proxy Filtering and Caching / NGINX Caching Setup?
May 27, 2025, 01:02:49 PM
Hi All

Just wondering if anyone had knowledge on how to correctly setup NGINX so that it caches responses?

What I've tried.
  • I've created myself a Cache Path and verified via SSH that it was created and is owned by the WWW user.
  • Set my Location to use the Cache Path I just created, leaving Cache: Minimum Uses to the default of 1.
  • Generate web traffic to the specified site to trigger cache generation

Looking at the cache directory and it is empty. I'm trying to cache a Wordpress site if that is of any relevance. Really appreciate any tips here as caching will be great to have in place for performance as well as keeping content up for short periods while any backend service maintainance is going on.
#2
Web Proxy Filtering and Caching / Re: NGNIX Upstream TLS Verification?
May 26, 2025, 04:05:00 PM
Thanks for the reply. I'm a bit daft, it was actually a lot simpler than that. In all my clicking I had set the TLS: Trusted Certificate in my Upstream service to use my LE certificate. Set that back to nothing and it all started working.
#3
Web Proxy Filtering and Caching / NGNIX Upstream TLS Verification?
May 24, 2025, 10:22:47 AM
Hi All,

Looking to use NGINX as a WAF for my selfhosted Wordpress site (running in a Turnkey LXC container) and am completely lost in regard to getting TLS to work all the way through to my internal server without unchecking Configuration>Upstream>TLS:Verify Certificate option which is also accompanied with the text, "
Don't turn it off unless you really know what you are doing! Never do it because a random website tells you to do."

What I have done so far on my Opnsense Router;
  • Setup ACME Wildcard cert to have a single cert in use for all the various subdomains I'll run.
  • Configured ACME Automations to upload certs to my Wordpress LXC and restart Apache.
  • Configured NGINX with Upstream Servers for port 80 & 443, 
  • Created an NGINX upstream service including both HTTP and HTTPS Upstream Servers
  • Created an NGNIX Location with WAF in learning mode only
  • Created an NGNIX HTTP Server with the server name set the same as the FQDN of the website.

Seems to work fine on HTTP, however HTTPS only seems to work with the above-mentioned TLS: Verify Certificate option disabled. NGNIX HTTPS Error logs have entries including text such as 
Code Select
SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream
Is this referring to the Apache web server my Wordpress LXC is using. Are there certain upstream Apache configuration items that have to be set for this to work? What are the implications of having this TLS: Verifiy Certificate option turned off?
 
Pages1