Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
NGINX plugin does not copy cert to /keys for TCP stream proxy
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: NGINX plugin does not copy cert to /keys for TCP stream proxy (Read 5974 times)
henningkessler
Newbie
Posts: 46
Karma: 3
Re: NGINX plugin does not copy cert to /keys for TCP stream proxy
«
Reply #15 on:
January 15, 2021, 09:41:01 pm »
Hi, the end goal is to make an LDAPS request from an MDM system which does not accept self-signed certifcates to 2 Samba domain controller which need to use private certs from a private CA. The idea is terminate TLS with Nginx using an lets encrypt certificate and the use TLS to connect to the DCs
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX plugin does not copy cert to /keys for TCP stream proxy
«
Reply #16 on:
January 16, 2021, 06:25:32 am »
got it. so there are no serious requirements for the DCs certificates verification on nginx?
there is a feeling that the setup.php needs serious rework.
as well as the stream template (I don't see many directives there, including upstream verifications).
so I don't think you can do much with streams (via GUI). unless you are ready to try it through the hooks and make some changes by hands
looking at the activity on github, a huge plugin updates is expected (though not in the part of streams). thanks to
@8191
!.
I would gladly contribute in this, but, unfortunately, I still don't really understand how to contact the maintainer correctly for this
Logged
henningkessler
Newbie
Posts: 46
Karma: 3
Re: NGINX plugin does not copy cert to /keys for TCP stream proxy
«
Reply #17 on:
January 16, 2021, 10:58:11 pm »
Thats really unfortunate but thanks a lot for your help !!!
I will See how I can workaround this issue...
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX plugin does not copy cert to /keys for TCP stream proxy
«
Reply #18 on:
January 17, 2021, 05:46:46 am »
actually, it's not that bad.
nginx supports so many directives that imho there will never be a GUI for all of them.
for this, hooks are used.
unfortunately, these hooks are not already present in all templates (mainly in the part of the http server) and, of course, it is worth making a FR at least to add _pre and _post hooks to all templates so they don't get overwritten during plugin update.
in general, you can always try to add missing directives through hooks and add key, pem-files to /key dir by hands.
hook adding\usage example:
https://forum.opnsense.org/index.php?topic=19758.0
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
NGINX plugin does not copy cert to /keys for TCP stream proxy