[Solved, RFC needed?] NGINX as IMAP reverse proxy

[Fright]

don't think so
you can look at https://forum.opnsense.org/index.php?topic=16595.msg87573#msg87573
as an example of adding a hook
in "stream server" case its streams.conf template in /usr/local/opnsense/service/templates/opnsense/nginx/
at the end of the file before last brace you can insert hook for server post-conf. like

Code: [Select]

{%   endif%}
    include {{ server['@uuid'] }}_post/*.conf;
    }
{% endfor %}
{% endif %}



[ruggerio]

Thx! Gonna read this!

Roger

[ruggerio]

OK, gave it a try, changed the template and reloaded, added the hook according the rtfm, having proxy_protocol = on; with in, then the following problem occured: The entry is double.

I then removed the proxy_protocol-entries within the streams.conf on the listen-lines. still the same. There must be somewhere else an entry for this. Do you have an idea? proxy_protocol will be written into the streams from other places than streams.conf from template-directory?

Or, is there a parameter to give to nginx to accept the last loaded parameter only?

[Fright]

im a little confused.
did you turn off PROXY in GUI?
proxy_protocol parameter in listen directive is set from gui

Code: [Select]

{%   if server.listen_port is defined %}
        listen  {{ server.listen_port }}{% if server.udp is defined and server.udp == '1' %} udp{% endif %}{% if tls_enabled %} ssl{% endif %}{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %} proxy_protocol{% endif %};
        listen  [::]:{{ server.listen_port }}{% if server.udp is defined and server.udp == '1' %} udp{% endif %}{% if tls_enabled %} ssl{% endif %}{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %} proxy_protocol{% endif %};
{%   endif %}
if you add "proxy_protocol on;" directive via hook you need to disable PROXY in GUI
also
you need to remove "proxy_protocol" string from template or (better imho) make this change:
before:

Code: [Select]

        proxy_protocol {% if server.proxy_protocol == '1' %}on{% else %}off{% endif %};after:

Code: [Select]

{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %}
           proxy_protocol on;
{% endif %}


[ruggerio]

Hi Fright,

Confused? Right, so i was...

Those were the lines i modified (listen-directive) and commented (proxy_protocoll) - but still i got the message. I also thought to have forgotten to uncheck proxy_protocol. Looking at the the code, it seems, the directive is written in each case, if its on in GUI, it will be set to on, if not, then it will be set to off.

It seems, that i have to prepare manually a nginx.conf, having those lines corrected or to set the proxy_protocol=on; each time, i modified it.

Thx.

[ruggerio]

so for the interested ones (if somebody could verify, pls) a working config (mucho bricollagio):

Prerequiste: proxy protocol is not enabled in WebGUI for streams!

1) create in streams.conf under /usr/local/opnsense/service/templates/OPNsense/Nginx the following entry:

Code: [Select]

include {{ server['@uuid'] }}_post/*.conf; right before the last } of the last %endfor - reload streams config in WebGUI

2) go to

Code: [Select]

/usr/local/etc/enginx/nginx.conf and copy the uuid of the stream(s) which have been newly created. They begin as include as last line per stream, e.g.

Code: [Select]

    server {
        listen  143;
        listen  [::]:143;

        access_log  /var/log/nginx/stream_1ef25291-7e82-4e66-a677-a4629270ff87.access.log main;
        error_log  /var/log/nginx/stream_1ef25291-7e82-4e66-a677-a4629270ff87.error.log info;


        proxy_ssl off;
        proxy_pass upstream3605708c54c0460ca656e8fbaeadabb9;
#        proxy_protocol off;
  include 1ef25291-7e82-4e66-a677-a4629270ff87_post/*.conf; ---> UUID here!




3) create manually a folder with the uuid copied from 2) under

Code: [Select]

/usr/local/etc/enginx/
4) within the newly created directory from 3)  create a file e.g. proxy_protcol.conf, only content ist

Code: [Select]

proxy_protocol on;
5) within the file streams.conf (the same as from 1)) search this line

Code: [Select]

proxy_protocol {% if server.proxy_protocol == '1' %}on{% else %}off{% endif %}; and comment it.

6) copy this one here right below the commented line from 5)

Code: [Select]

{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %}
           proxy_protocol on;
{% endif %}

apply configuration in WebGUI and reload service. You should be done.

Thx @Fright for you help!