NGINX plugin does not copy cert to /keys for TCP stream proxy

[henningkessler]

Hi, the end goal is to make an LDAPS request from an MDM system which does not accept self-signed certifcates to 2 Samba domain controller which need to use private certs from a private CA. The idea is terminate TLS with Nginx using an lets encrypt certificate and the use TLS to connect to the DCs
 

[Fright]

got it. so there are no serious requirements for the DCs certificates verification on nginx?
there is a feeling that the setup.php needs serious rework.
as well as the stream template (I don't see many directives there, including upstream verifications).
so I don't think you can do much with streams (via GUI). unless you are ready to try it through the hooks and make some changes by hands
looking at the activity on github, a huge  plugin updates is expected (though not in the part of streams). thanks to @8191!.
I would gladly contribute in this, but, unfortunately, I still don't really understand how to contact the maintainer correctly for this

[henningkessler]

Thats really unfortunate but thanks a lot for your help !!!
I will See how I can workaround this issue...

[Fright]

actually, it's not that bad.
nginx supports so many directives that imho there will never be a GUI for all of them.
for this, hooks are used.
unfortunately, these hooks are not already present in all templates (mainly in the part of the http server) and, of course, it is worth making a FR at least to add _pre and _post hooks to all templates so they don't get overwritten during plugin update.
in general, you can always try to add missing directives through hooks and add key, pem-files to /key dir by hands.
hook adding\usage example:
https://forum.opnsense.org/index.php?topic=19758.0