Recent posts

#1
26.1 Series / Re: [Solved] Problem Reverse P...
Last post by Patrick M. Hausen - Today at 03:41:26 PM
If the backend is HTTPS the host header is now forced to the configured backend URL. I find this quite reasonable - the backend might even rely on SNI ...
#2
26.1 Series / Re: [Solved] Problem Reverse P...
Last post by meyergru - Today at 03:40:36 PM
Probably because it expects to handle TLS termination and distribution of sites to different backend by itself, anyway.
However, even if it does that, a reverse proxy should aim for maximum transparency, also with the client info that is passed on.

I like HAproxy better as well. It has some distinguishing features that set it apart and with @TheHellSites tutorial, it works just great for me.

#3
26.1 Series / Re: Cron script
Last post by FredFresh - Today at 03:39:48 PM
Many many thanks!
#4
General Discussion / Re: AI integration for OPNsens...
Last post by pfry - Today at 03:21:48 PM
What's your level of trust for running configuration tests and such offboard? A local implementation seems unlikely.
#5
26.1 Series / Re: New features
Last post by pfry - Today at 03:13:45 PM
Quote from: OPNenthu on Today at 08:43:13 AMFeature idea: Can OPNsense give me a report of the ports/protocols seen in firewall logs, by host, so that I can make quick decisions about which ones I need to keep open and which ones I can safely block?  This is useful for e.g. egress filtering and tightening down the default 'allow LAN to any' rules.

I assume you're looking at the client/internal side. But such a report could be... more useful with, say, data transferred and session time. I don't think pf logging is really amenable to that, though.
#6
26.1 Series / Re: [Solved] Problem Reverse P...
Last post by viragomann - Today at 03:11:31 PM
I see. Thank you.

I don't run HTTPS backends behind Caddy to be honest. But I do behind HAproxy.

However, I'm wondering, what's the particular meaning of removing the host header or overriding it with something else.
The host header is mostly used differentiator to select the proper virtual server, when running multiple websites on a single backend. The client is sending the proper header value. So why does Caddy change it?

HAproxy doesn't behave like that.
#7
26.1 Series / Re: New features
Last post by sammy - Today at 03:01:37 PM
the ability to add a description to each entry within a multi-entry alias list
#8
25.7, 25.10 Series / Re: some LDAP users was automa...
Last post by ahro_john - Today at 02:42:42 PM
Have you checked /var/log/system.log or the audit logs around 01:00? Even if the GUI cron is empty, system-level cron or package tasks might still trigger something
#9
Development and Code Review / Re: OpenID Connect SSO plugin
Last post by l3golas - Today at 02:41:26 PM
Update on the problem:
Login with my Authentik works if I use the link https://<my_opnsense_hostname>/api/oidc/auth/login?provider=openid
But no button

Cheers,
Giacomo
#10
General Discussion / Re: [Solved] How can a url be ...
Last post by tcris - Today at 02:35:07 PM
Is that working? With https? (not plain http)

I guess not, not without mitm, forcing some certificate on the client side