Archive > 21.7 Legacy Series

GUI: Missing Configuration connecting through Reverse Proxy

(1/2) > >>

mephisto20:
Hi,

I am using OPNsense 21.7.7-amd64 in a Lab Enviroment.
to make the Web GUI available from outside I have set up an external reverse Proxy to connect to the GUI.

I have set Alternate Hostnames accordingly and I am able to log into the GUI.
Strange thing is ... I am missing some parts of the configuration altough I am logged in with root.

e.g. Settings for the ACME client are missing: Plugin is disabled, no account is defined, etc.

If I log in with the same user locally (not using the external reverse proxy) ... I can see the full config Plugin is enabled, account is set up, etc.

I am pretty new to OpnSense .... Can anybody give me a hint ?

Fright:
Hi
you can try to look in proxy logs and browser dev console. may be some api calls are blocked

mephisto20:
Thnx for your reply !

I checked with browser console and it gives the following error:


--- Code: ---scheme
https
host
reverse.domain.com
filename
/api/core/menu/search/
_
16545493428251
Adresse
217.154.123.111:443
Status
401
Unauthorized
VersionHTTP/1.1
Übertragen239 B (48 B Größe)
Referrer Policysame-origin

menu.search : Unauthorized
--- End code ---

So I guess this means that you r right and API calls are blocked.
I cannot see anything unnormal in the logs of the Reverse Proxy.

Is OPNSense blocking these calls ?
What can I do to prevent it from doing so ?

Fright:
is your reverse proxy requires authentication?
if so try to not pass Authorization header to opnsense host

mephisto20:
It turns out you are right again.

I have configured my reverse proxy with Basic Authentication:


--- Code: ---   <Proxy *>
       Order deny,allow
       Allow from all
       Authtype Basic
       Authname "Password Required"
       AuthUserFile /etc/apache2/.htpasswd
       Require valid-user
#       SetEnv proxy-chain-auth
   </Proxy>

--- End code ---

So i gues the problem is that Authentication headers are passed to OpnSense.
Once I remove Basic Authentication on the Reverse Proxy everything works just fine.

Can anybody give me a hint on how to not passing the Authorization header ?

Navigation

[0] Message Index

[#] Next page

Go to full version