Messages

121

Web Proxy Filtering and Caching / Re: Optimal nginx configuration for Nextcloud

« on: December 14, 2023, 04:05:13 pm »

Hi
suggested config is for NC on the same host with nginx (/var/www/nextcloud)

122

23.7 Legacy Series / Re: Syslog-ng: freeradius option vanished from remote destination

« on: December 13, 2023, 04:20:13 pm »

Hi!
hm..what is the last version where the freeradius were in this list?
i think syslog facility for remote targets never registerd in freeradius.inc

123

23.7 Legacy Series / Re: Nginx -> HTTP server -> Real IP Source

« on: December 11, 2023, 07:01:36 pm »

Ah! I think this is an incorrect use of the XFF header (intended to convey the client address)
but you can try to use the headers-more module directives (https://github.com/openresty/headers-more-nginx-module#more_set_input_headers) in _post-hooks to replace 'standard' headers.
Headers More module should be enabled at Global HTTP Settings for this

124

23.7 Legacy Series / Re: LDAP set up problems

« on: December 10, 2023, 04:10:19 pm »

don't know from the top of my head if OPNsense supports this

yes,it is ) as an 'extended query' like "&(memberOf=CN=vpn_user,CN=Users,DC=foo,DC=bar)"

login to the web interface does not

need to import user first

125

23.7 Legacy Series / Re: Nginx -> HTTP server -> Real IP Source

« on: December 09, 2023, 09:59:32 pm »

became clearer but only partially 
What values do you set for these headers in this case (and how do you get the real IP)?

126

23.7 Legacy Series / Re: Nginx -> HTTP server -> Real IP Source

« on: December 09, 2023, 09:02:33 pm »

parameter 'None' for 'Real IP Source' does'n disable 'X-Real-IP' and 'X-Forwarded-' headers

Real IP Source field defines 'real_ip_header' directive value. not the 'proxy_set_header'
https://github.com/opnsense/plugins/blob/d714e8fc24b233c93556c16c33ac17f26b2cfde1/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L152-L159


at the moment, the mentioned headers are hardcoded and uses widely used values (it is not clear from the question whether it is worth making a request to change this)
https://github.com/opnsense/plugins/blob/d714e8fc24b233c93556c16c33ac17f26b2cfde1/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf#L163-L167

127

23.7 Legacy Series / Re: LDAP set up problems

« on: December 09, 2023, 07:23:23 am »

"Authentication failed." is a general error indicating that a user with the provided credentials will not be able to authenticate.

The second error ("error: User DN not found") is actual errors passed from the authentication provider.

This shows that the binding is successful, but the user cannot be found.

Is the authentication container selected incorrectly?

128

General Discussion / Re: URL Table alias with TAR.GZ list on FTP

« on: December 08, 2023, 06:37:38 pm »

http only

129

23.7 Legacy Series / Re: LDAP set up problems

« on: December 08, 2023, 06:33:21 pm »

Could you please provide the exact error text (a screenshot would be better) and the access server settings (binding credentials, naming attribute, etc.)?

130

23.7 Legacy Series / Re: NGINX and dynamic load balance using FQDN hosts

« on: December 07, 2023, 01:18:59 pm »

Hi!
i think you can try (not with gui. with the hooks only) something like
https://tenzer.dk/nginx-with-dynamic-upstreams/

131

Web Proxy Filtering and Caching / Re: Nginx: combine Advanced ACL and IP ACL

« on: December 02, 2023, 10:14:07 am »

Hi!
Config looks good at first glance. Now I can only assume that there is an upstream proxy, which is why the OPN-nginxplugin sees the “wrong” ip. At the time of the authentication request, which address will appear in the log with a 401 response, does it correspond to what is allowed in the ACL?

132

23.7 Legacy Series / Re: NGINX no resolver defined

« on: November 18, 2023, 08:55:12 pm »

I might be mistaken but "Uses system resolver by default." didnt work for me

yes, nginx produces warning message in log if no 'resolver' defined but it will try to use the system resolver in this case (works fine on my tests).
but, of course, it is easy to imagine situations where a directive is desirable or necessary

you can add the pr

for the ref. https://github.com/opnsense/plugins/pull/3678

133

23.7 Legacy Series / Re: NGINX no resolver defined

« on: November 17, 2023, 05:46:09 pm »

If i configure "::1" as a resolver i get this error

yep, as the validation message indicates, the model expects brackets for ipv6

once a resolver has been configured in nginx the warning doesnt apear again

sorry, so the patch works as expected or you adding 'resolver' manually?

134

23.7 Legacy Series / Re: NGINX no resolver defined

« on: November 17, 2023, 10:48:34 am »

technically this is not an error but a warning.
and in most cases, stapling will work without the resolver directive.
However, if you are ready to check the patch:
https://github.com/kulikov-a/plugins/commit/4c5634ad174dda9ded6af480d30d04b2ccecae14

Code: [Select]

opnsense-patch -c plugins -a kulikov-a 4c5634aand it turns out to be working, I'll try to add it to the next pr 

135

Web Proxy Filtering and Caching / Re: Nginx: combine Advanced ACL and IP ACL

« on: November 14, 2023, 06:32:54 pm »

Hi!
should work the way you need it.
are you sure that the config does not contain additional inclusions (_pre/_post confs) and nginx sees requests from the LAN as requests from the "allowed" subnet(s)?