Touble with nginx: broken header and no reverse proxy since last update

[salakis]

Hello everyone, I hope I'm posting at the right place.

I've updated yesterday to the last version of opnsense and its plugins. However, since, I've got massive errors and the reverse proxy is not working anymore.

A little background first: I'm using opnsense to handle all certificates (ACME) and Nginx to reverse proxy all my websites.
HTTPS is forced for everything coming from/going outside, but inside, only HTTP. Worked well for almost 2 years, so I guess I was fine.

Since the update, I'm not able to reach any website, firefox is getting PR_END_OF_FILE_ERROR, and chrome is getting ERR_CONNECTION_CLOSED.

I'm trying to see the logs, but, "Fun fact":



I've tried to reinstall nginx, purge the configuration, but honestly, I'm not that knowledgable on reverse proxy to find the solution.

Does someone has any ideas?

If that could help, I've attached the confs.

Thanks a lot!

[Fright]

Hi
I'll try to look in an hour

[danieleb]

Same problem here after automatic firmware update. Rollback to yesterday backup.

[salakis]

Same problem here after automatic firmware update. Rollback to yesterday backup.

Did you used opnsense-revert? What did you do? Did it worked?

[Fright]

@salakis
I don't see any obvious errors in the config yet.
logs would be very helpful i guess ..
what did you mean by "broken header"?

I'm trying to see the logs, but, "Fun fact":

sorry, what? no logs?

[salakis]

@salakis
I don't see any obvious errors in the config yet.
logs would be very helpful i guess ..
what did you mean by "broken header"?

I'm trying to see the logs, but, "Fun fact":

sorry, what? no logs?

Thanks for looking into it :)

Here is a screenshot of the logs:

https://zupimages.net/up/23/16/7wnn.jpg

I only see "borken header" in the GUI. When looking into the logs using SSH, the log file is scattered with weird symbols. I though it was an HTTPS going to HTTP, but since I changed nothing in the config before or after the update...

[Fright]

ah, is proxy_protocol is enabled on purprose for subdomain6.domain.com server?

Code Select Expand

server {

    listen 80 proxy_protocol;
    listen [::]:80 proxy_protocol;

    listen 443 http2 ssl proxy_protocol;
    listen [::]:443 http2 ssl proxy_protocol;
    ...
    server_name  subdomain6.domain.com;

can you try without "PROXY Protocol" enabled for subdomain6.domain.com please?

ps. please, please, please. don't attach pictures from external sources. im just didn't see it..

[danieleb]

@salakis
I don't see any obvious errors in the config yet.
logs would be very helpful i guess ..
what did you mean by "broken header"?

I'm trying to see the logs, but, "Fun fact":

sorry, what? no logs?

No, just vm restore. This morning at 8.00 am all web services were down so i couldn't investigate. Later, to install zabbix-agent on the restored and not upgraded vm, I had to upgrade it and reverse proxy stopped again.

[Fright]

@danieleb

Same problem here

not helping with this kind of info, sorry

[salakis]

ah, is proxy_protocol is enabled on purprose for subdomain6.domain.com server?

Code Select Expand

server {

    listen 80 proxy_protocol;
    listen [::]:80 proxy_protocol;

    listen 443 http2 ssl proxy_protocol;
    listen [::]:443 http2 ssl proxy_protocol;
    ...
    server_name  subdomain6.domain.com;

can you try without "PROXY Protocol" enabled for subdomain6.domain.com please?

ps. please, please, please. don't attach pictures from external sources. im just didn't see it..

No, it shouldn't. I've removed it.

It solved the issue. Thanks a lot!

It was set on a subdomain, I was not aware it'd impact all the other domains and subdomains.

[Fright]

great! thanks for the feedback!
for the ref. https://github.com/opnsense/plugins/blob/f0bb5aec8ba006545f6630476c2f083fa92ffdb6/www/nginx/pkg-descr#L26