Okay that's wild. I saw the posts about Captive portal being active on all interfaces and stopped it. https works again. Will now revert Zenarmor etc, maybe that was it.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Show posts Menuupstream dashboard {
# insert the http port of your dashboard container here
server 127.0.0.1:8011;
# Improve performance by keeping some connections alive.
keepalive 10;
}
upstream signal {
# insert the grpc port of your signal container here
server 127.0.0.1:10000;
}
upstream management {
# insert the grpc+http port of your signal container here
server 127.0.0.1:8012;
}
server {
# HTTP server config
listen 80;
server_name _;
# 301 redirect to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
# HTTPS server config
listen 443 ssl http2;
server_name _;
# This is necessary so that grpc connections do not get closed early
# see https://stackoverflow.com/a/67805465
client_header_timeout 1d;
client_body_timeout 1d;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Proxy dashboard
location / {
proxy_pass http://dashboard;
}
# Proxy Signal
location /signalexchange.SignalExchange/ {
grpc_pass grpc://signal;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Proxy Management http endpoint
location /api {
proxy_pass http://management;
}
# Proxy Management grpc endpoint
location /management.ManagementService/ {
grpc_pass grpc://management;
#grpc_ssl_verify off;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
}
opnsense-update -zkr 23.1.2-netmap2 && opnsense-shell reboot
Fetching kernel-23.1.2-netmap2-amd64.txz: .......[fetch: https://mirror.dns-root.de/opnsense/FreeBSD:13:amd64/snapshots/sets/kernel-23.1.2-netmap2-amd64.txz.sig: No address record] failed, no signature found