Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Redirect
« previous
next »
Print
Pages: [
1
]
Author
Topic: NGINX Redirect (Read 4163 times)
Junktroep
Newbie
Posts: 4
Karma: 0
NGINX Redirect
«
on:
January 20, 2023, 03:29:35 pm »
I have a reverse nginx proxy running on an ubuntu box.
Running non standard ssl ports, an example of my config:
server {
listen 9090 default_server ssl http2;
server_name blabla;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
ssl_certificate /etc/letsencrypt/live/blablafullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blabla/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/blabla/chain.pem;
include snippets/ssl.conf;
error_page 497 https://$host:9090$request_uri;
access_log /var/log/nginx/blabla.access.log apm;
error_log /var/log/nginx/blabla.error.log warn;
location / {
proxy_pass
http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
I wanted to move this functionality to OPNsense, and it works nicely with the nginx plugin.
One thing I don't get to work the HTTP to HTTPS redirect.
In the example above I get this going with the: error_page 497 https://$host:9090$request_uri;
this redirects HTTP requests to HTTPS.
But I can't find this in the error pages overview in OPNsense, and no idea how I or even if this can be done.
Any tip or help is apreciated. Thanks.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX Redirect
«
Reply #1 on:
January 20, 2023, 06:32:46 pm »
"HTTPS Only" checkbox in Server config or "Force HTTPS" checkbox in Location config do the same with the
Code:
[Select]
if ($scheme != "https") {
return 302 https://$host$request_uri;
}
Logged
Junktroep
Newbie
Posts: 4
Karma: 0
Re: NGINX Redirect
«
Reply #2 on:
January 20, 2023, 07:07:42 pm »
This checkbox does nothing for my config. Even after reboot.
On the opnsense reverse proxy server settings I have only specified a https port, just like in my example config.
It doesn't seem to like binding same port to https and http.
I still get: The plain HTTP request was sent to HTTPS port, error 400,
when connecting on
http://mydomain.com
:myport
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX Redirect
«
Reply #3 on:
January 20, 2023, 07:18:58 pm »
yep, need to bind http also for this.
497 error_page is not in gui yet
so you need to use server hook for this imho (
https://forum.opnsense.org/index.php?topic=31234.0
)
there it will be possible to add a directive missing in the gui
Logged
Junktroep
Newbie
Posts: 4
Karma: 0
Re: NGINX Redirect
«
Reply #4 on:
January 20, 2023, 08:06:15 pm »
The hook pointed me in the right direction
Creating the <uid>_post directory with a 497_error_page.conf in it.
Containing error_page 497 https://$host:9090$request_uri;
Makes http request to the https port redirect succesful.
Ps. adding the error_page 497 to the nginx.conf also makes it work.
But I guess this will not survive any modifications done in the GUI.
I hope this custom survives firmware upgrades.
Since this is a pretty nice way to redirect http to https I hope this will soon be added as defailt in GUI.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Redirect