Access via reverse proxy no longer possible

Started by lucak, August 29, 2024, 08:51:10 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 29, 2024, 08:51:10 AM
Hi

I have a problem which I don't quite understand.

I have an Ubuntu 22.04 with Nextcloud on it. I access it via nginx reverse proxy on the OPNsense. This worked fine until yesterday.

Yesterday I set up a new VM, set up OnlyOffice on it and then configured access via reverse proxy. This also worked so far. However, since then (round about) access to Nextcloud no longer works with the following error from OPNsense in the browser:


However, I did not (at least intentionally) touch the nginx configuration for Nextcloud and only created a new one for OnlyOffice.

I have already done the following to narrow down the problem:
- Checked Upstream Server, Upstream, HTTP Location and HTTP Server in the Nginx Config for the Nextcloud as well as OnlyOffice. I don't see any errors here.
- Removed all bans in nginx for today and yesterday, but I didn't see a problem there either.
- Tested the access with the local IP (without reverse proxy) to Nextcloud, that worked fine.
- Tried to ping the local IP of Nextcloud from the OPNsense. Also worked
- Tried a port probe from the OPNsense to the local IP with port 80 on the OPNsense. Also works.
- Tried a CURL from the OPNsense to the local IP. Also worked.
- I also restored a backup from before the changes. Unfortunately this did nothing.

The OPNsense itself (with CURL) can probably access Nextcloud. But somehow nginx cannot access it on the OPNsense because I always see the following message in the HTTP error logs of nginx:
Code Select
119 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.4.6, server: nextcloud.domain.tld, request: "GET /index.php/login HTTP/2.0", upstream: "http://192.168.3.7:80/index.php/login", host: "nextcloud.domain.tld" 


For me it is unclear how this can be, that OPNsense can access Nextcloud, but nginx on the OPNsense can't access Nextcloud. Does anyone here have any ideas?

Ludaku
August 29, 2024, 09:00:12 AM #1
I have not yet used NginX as a reverse proxy on OPNsense, but did you possibly create two separate instances/servers on WAN? That would not work. You need a single server with all certificates and then pick the correct backend based on SNI.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 29, 2024, 09:13:26 AM #2
As from my understanding you can't create two servers/instances of nginx on one OPNsense/WAN. I attached a drawing of the structure.
Also this would not make sense, as OnlyOffice via nginx (as rev. proxy) works.
Print
Go Up Pages1
User actions