Re: Nginx ACLs - Unexpected error - Solved

Started by ThyOnlySandman, November 13, 2024, 11:35:45 PM

Previous topic - Next topic
November 13, 2024, 11:35:45 PM Last Edit: November 15, 2024, 09:22:05 PM by ThyOnlySandman
Needing to adjust some NGINX ACLs today and ACL issue.

Upon editing ACL to add new IP I am getting "Unexpected error, check log for details"
Then tried creating new ACL and it worked.  Then tried editing same ACL.  Same error.

So then created brand new ACL with all needed IPs and saved ok.
Then went to HTTP server and attempted to change ACL to new ACL.  Same error. 
Cannot change HTTP server ACL.  :-/

Also tried all same above with NGINX service stopped.  Same error.

Reviewed NGINX log, Opnsense general + backend logs. Don't see anything mentioned about NGINX config / ACL.

Anyone aware of NGINX ACL issues or suggestions?

OPNsense 24.7.8
os-nginx 1.34_2

Had the same issue which will hopefully be fixed in next release(?).

This worked for me
https://forum.opnsense.org/index.php?topic=43920.msg218984#msg218984
HP EliteDesk 800 G2 Mini - i5 3.2Ghz, 8GB RAM, 1TB SSD

November 14, 2024, 09:07:10 PM #2 Last Edit: November 14, 2024, 09:31:31 PM by ThyOnlySandman
Tried the patch - opnsense-patch -c plugins 1e23572

Unfortunately did not fix it.  Tried Nginx restart.  Reverted patch.

Still cannot edit existing Nginx ACL or change active ACL on HTTP server.

Edit: actually just editing HTTP server with zero changes and attempting to save results in error.

Probably best to open an issue on Github

Quote from: newsense on November 15, 2024, 07:13:19 AM
Probably best to open an issue on Github

Created github issue - https://github.com/opnsense/plugins/issues/4358

I reviewed it a bit more and attempting to edit any config results in error.  Hunch is a writable permission issue since nothing of my nginx config can be changed.

Believe main config directory is /usr/local/etc/nginx  , directory root / wheel , root has rwx , wheel only has r-x, other r-x.

Also - never used but looked into opnsense-revert tool.  But nginx has been on 1.34 since opnsense 24.7.x
I also don't understand the _2 version of os-nginx.  Per release notes its just 1.34 yet opnsense plugin is 1.34_2
https://github.com/opnsense/plugins/blob/stable/24.7/www/nginx/pkg-descr

opnsense-patch -c plugins 1e23572

Patch is the fix, however my setup did require a full opnsense reboot after installing patch.