NGINX ReverseProxy - ACL ignored not updating.

[itngo]

We had a Location/Server where we applied an ACL with one Subnet and 3 additional IP-Adresses.
Access from these adresses does work. We then added another IP and get 403 from nginx even after complete reboot of the whole firewall the change is not honored. Where to look?

Logs / Global Error says all good.

[Fright]

Where to look?

Services: Nginx: Banned, access logs, error logs, nginx.conf ? ;)

[itngo]

Hi, sorry for the late reply.

Had a look in the nginx.conf under /usr/local/etc/nginx/nginx.conf ang also found the IP ACL.

But the added IP is not there while WebUI shows it is configured.

[itngo]

I found another Log where an issue is reported. In System->Logfiles->Backend we have:

[6dc4e6f3-b14e-4730-b1a9-9d6607a91aad] Inline action failed with OPNsense/Nginx OPNsense/Nginx/nginx.conf 'dict object' has no attribute 'serverentries' at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/template.py", line 272, in _generate content = j2_page.render(cnf_data) File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 1301, in render self.environment.handle_exception() File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 936, in handle_exception raise rewrite_traceback_stack(source=source) File "/usr/local/opnsense/service/templates/OPNsense/Nginx/nginx.conf", line 24, in top-level template code {% include "OPNsense/Nginx/http.conf" %} File "/usr/local/opnsense/service/templates/OPNsense/Nginx/http.conf", line 80, in top-level template code {% include "OPNsense/Nginx/upstream.conf" ignore missing with context %} File "/usr/local/opnsense/service/templates/OPNsense/Nginx/upstream.conf", line 15, in top-level template code {% for upstream_serveruuid in upstream.serverentries.split(',') %} File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 485, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'serverentries' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 510, in execute return ph_inline_actions.execute(self, inline_act_parameters) File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 51, in execute filenames = tmpl.generate(parameters) File "/usr/local/opnsense/service/modules/template.py", line 349, in generate raise render_exception File "/usr/local/opnsense/service/modules/template.py", line 340, in generate for filename in self._generate(template_name, create_directory): File "/usr/local/opnsense/service/modules/template.py", line 275, in _generate raise Exception("%s %s %s" % (module_name, template_filename, render_exception)) Exception: OPNsense/Nginx OPNsense/Nginx/nginx.conf 'dict object' has no attribute 'serverentries'

[itngo]

Never mind... was a Location which had no Server, cause it was deleted in Upstream....

An "logical" "check" feature in the NGINX Plugins would be really nice.....

Like, "you can not delete this" it is "used" in "xyzzy"....

[Fright]

https://github.com/opnsense/plugins/blob/a4b63d523b713045947494b0a876280f27dcb36a/www/nginx/pkg-descr#L21 ?

[itngo]

https://github.com/opnsense/plugins/blob/a4b63d523b713045947494b0a876280f27dcb36a/www/nginx/pkg-descr#L21 ?

;D ;D ;D ;D ;D Awesome!