Archive > 21.7 Legacy Series
GUI: Missing Configuration connecting through Reverse Proxy
mephisto20:
Hi,
I am using OPNsense 21.7.7-amd64 in a Lab Enviroment.
to make the Web GUI available from outside I have set up an external reverse Proxy to connect to the GUI.
I have set Alternate Hostnames accordingly and I am able to log into the GUI.
Strange thing is ... I am missing some parts of the configuration altough I am logged in with root.
e.g. Settings for the ACME client are missing: Plugin is disabled, no account is defined, etc.
If I log in with the same user locally (not using the external reverse proxy) ... I can see the full config Plugin is enabled, account is set up, etc.
I am pretty new to OpnSense .... Can anybody give me a hint ?
Fright:
Hi
you can try to look in proxy logs and browser dev console. may be some api calls are blocked
mephisto20:
Thnx for your reply !
I checked with browser console and it gives the following error:
--- Code: ---scheme
https
host
reverse.domain.com
filename
/api/core/menu/search/
_
16545493428251
Adresse
217.154.123.111:443
Status
401
Unauthorized
VersionHTTP/1.1
Übertragen239 B (48 B Größe)
Referrer Policysame-origin
menu.search : Unauthorized
--- End code ---
So I guess this means that you r right and API calls are blocked.
I cannot see anything unnormal in the logs of the Reverse Proxy.
Is OPNSense blocking these calls ?
What can I do to prevent it from doing so ?
Fright:
is your reverse proxy requires authentication?
if so try to not pass Authorization header to opnsense host
mephisto20:
It turns out you are right again.
I have configured my reverse proxy with Basic Authentication:
--- Code: --- <Proxy *>
Order deny,allow
Allow from all
Authtype Basic
Authname "Password Required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# SetEnv proxy-chain-auth
</Proxy>
--- End code ---
So i gues the problem is that Authentication headers are passed to OpnSense.
Once I remove Basic Authentication on the Reverse Proxy everything works just fine.
Can anybody give me a hint on how to not passing the Authorization header ?
Navigation
[0] Message Index
[#] Next page
Go to full version