20.7.1 nginx. sni parameters still not working together

Started by Fright, August 17, 2020, 07:53:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 17, 2020, 07:53:01 AM Last Edit: August 17, 2020, 07:58:34 AM by Fright
HI.
Upgraded to 20.7.1
location.conf overwritten by upgrade process and SSL handshakes with backends not work anymore.
Please, let's figure it out how parameters
proxy_ssl_server_name
proxy_ssl_name
works.
(https://forum.opnsense.org/index.php?topic=17637.0)
I beleive that this parameters SHOULD  work together:
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_server_name
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_name
If proxy_ssl_name is not defined then URL of proxy_pass used. not url from user request.
Now location.conf sni part looks like:
{%     if location.proxy_ssl_server_name is defined and location.proxy_ssl_server_name == '1' %}
    proxy_ssl_server_name on;
{%     else %}
    proxy_ssl_server_name off;
{%         if upstream.tls_name_override is defined and upstream.tls_name_override != '' %}
    proxy_ssl_name {{ upstream.tls_name_override }};
{%         endif %}
{%     endif%}

So i beleive that location.conf part shoud look like this:

{%     if location.proxy_ssl_server_name is defined and location.proxy_ssl_server_name == '1' %}
    proxy_ssl_server_name on;
{%     else %}
    proxy_ssl_server_name off;
{%    endif %}
{%         if upstream.tls_name_override is defined and upstream.tls_name_override != '' %}
    proxy_ssl_name {{ upstream.tls_name_override }};
{%     endif%}

August 19, 2020, 04:20:56 PM #1 Last Edit: August 19, 2020, 04:24:16 PM by Fright
yet another location.conf issue
https://github.com/opnsense/plugins/issues/1986
GUI TLS:Verify Certificate parameter not working
please, add proxy_ssl_verify directive to location.conf template
Print
Go Up Pages1
User actions