Show Posts
1
Web Proxy Filtering and Caching / NGINX Redirect
« on: January 20, 2023, 03:29:35 pm »
I have a reverse nginx proxy running on an ubuntu box.
Running non standard ssl ports, an example of my config:
server {
listen 9090 default_server ssl http2;
server_name blabla;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
ssl_certificate /etc/letsencrypt/live/blablafullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blabla/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/blabla/chain.pem;
include snippets/ssl.conf;
error_page 497 https://$host:9090$request_uri;
access_log /var/log/nginx/blabla.access.log apm;
error_log /var/log/nginx/blabla.error.log warn;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
I wanted to move this functionality to OPNsense, and it works nicely with the nginx plugin.
One thing I don't get to work the HTTP to HTTPS redirect.
In the example above I get this going with the: error_page 497 https://$host:9090$request_uri;
this redirects HTTP requests to HTTPS.
But I can't find this in the error pages overview in OPNsense, and no idea how I or even if this can be done.
Any tip or help is apreciated. Thanks.
Running non standard ssl ports, an example of my config:
server {
listen 9090 default_server ssl http2;
server_name blabla;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
ssl_certificate /etc/letsencrypt/live/blablafullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blabla/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/blabla/chain.pem;
include snippets/ssl.conf;
error_page 497 https://$host:9090$request_uri;
access_log /var/log/nginx/blabla.access.log apm;
error_log /var/log/nginx/blabla.error.log warn;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
I wanted to move this functionality to OPNsense, and it works nicely with the nginx plugin.
One thing I don't get to work the HTTP to HTTPS redirect.
In the example above I get this going with the: error_page 497 https://$host:9090$request_uri;
this redirects HTTP requests to HTTPS.
But I can't find this in the error pages overview in OPNsense, and no idea how I or even if this can be done.
Any tip or help is apreciated. Thanks.