NGINX reverse proxy configuration help needed (Solved)

[Jaco1960]

Hi,

I have a problem with setting up nginx as a reverse proxy. I followed the guide on setting it up as a loadbalancer and used the advices found here on this forum, but so-far I have not been able getting it to work.

Let me first explain what I want to achieve:
- i have an internal server running on https://192.168.x.y:5001
- i want to access this server from the internet via https://myserver.mydomain.com/

DNS has been configured such that myserver.mydomain.com points to my WAN IP.

I have installed the os-nginx plugin and have it enabled and up and running with the following settings:

Services: NGINX: Configuration: General
- Enable nginx: Checked

Services: NGINX: Configuration: Upstream Server
- Description: myserver_server
- Server: 192.168.x.y
- Port: 5001
- Server Priority: 1
- other settings: default

Services: NGINX: Configuration: Upstream
- Description: myserver_upstream
- Server Entries: myserver_server
- other settings: default

Services: NGINX: Configuration: HTTP(S): Location
- Description: myserver_location
- URL Pattern: /
- Match Type: None
- Upstream Servers: myserver_upstream
- other settings: default

Services: NGINX: Configuration: HTTP(S): HTTP Server
- HTTP Listen Port: [blank]
- HTTPS Listen Port: 443
- Server Name: localhost
- Location: myserver_location
- other settings: default

I also have setup a firewall rule to allow WAN traffic port 443 from any source to "this firewall"

Logging shows that the https request from the internet to https://myserver.mydomain.com/ is passed, however nginx does not show anything in the HTTP(s) logs

I have also tried for the HTTP server name various alternatives.
- "Localhost"
- "127.0.0.1"
- "myserver.mydomain.com"
- "My WAN IP adress"

Does anyone have a suggestion to get this working:
- Is there something in the Nginx configuration incorrect or missing
- What HTTP server name should I use?
- Is the firewall rule correct?
- Anything else?

[fabian]

Have you moved the web interface to another port? By default 80 and 443 are blocked.

[Jaco1960]

For OPNsense web GUI both http and https are set to port 440. If I connect on port 80 to the firewall it redirects to the web GUI https on port 440. If I connect to port 443, the connection times out.

[fabian]

Have you disabled the redirect rule after the port in the administration page for the firewall web interface?

[Jaco1960]

I do now, but it does not make a difference

[Jaco1960]

I have had a closer look to the Nginx.conf and found that it was not updating when I made changes in the OPNSense configuration pages for Nginx. The way to get this solved it to go the the general settings tab and hit the Apply button and then restart Nginx. Having an "Apply" button and a warning in the GUI on the other tabs would be nice...

After having figured that out, I now see that nginx logs the request made. But now I hit a new problem. Nginx responds with a 404 error. I use "myserver.mydomian.com" for the HTTP Server name. Any idea's?

[fabian]

First issue: There is a config reload button on the bottom of the page.

Second question: can you post the nginx config of the server segment which does not work?

[Jaco1960]

First issue: In my screen there is no reload button at the bottom of the page. See screenshot. I run the vastest version  OPNSense

I have attached the nginx.conf

[hbc]

Of course there is a reload button. There orange red circled arrows on right, bottom.

[fabian]

your slash is wrong - it should be "/" instead of "\". The one yo uget on shift + 7 on the German keyboard or the one beside the dot as far as I know on the US keyboard.

[Jaco1960]

Solved! :)

Many thanks Fabian. I totally overlooked the \ instead of / .

NB: the reload button deviates a lot from the normal Apply button found in the other OPNsense screens. Also it has a refresh icon, to make things more confusing :-\