Upgrade to 23.1.7_3 causes PR_END_OF_FILE_ERROR in NGINX

[nightfox]

Hello,

When I upgrade my firewall running 23.1.5_4 to 23.1.7_3, after the reboot my NGINX reverse proxy running on OPNsense starts giving PR_END_OF_FILE_ERROR when trying to load a SSL site. I've checked the obvious logs but I don't see anything. The only way I can get NGINX to work again is by restoring from backup or snapshot.

Any ideas? I'm happy to try another upgrade again and pull relevant logs if I know which logs to pull.

Thanks!

[tomrwaller]

Just to add - I'm getting the same errors since the update. I can't get any of my SSL sites to load. Did you manage to find a resolution other than revert?

[nightfox]

Unfortunately not. I tried different things relating to the error such as re-issuing certificates. Nothing worked. Restoring from backup/snapshot was the only way to get things working again.

I'm thinking I might just have to move back to a separate NGINX reverse proxy.  :-\

[dcorral]

Hi.

Same for version 23.1.9. Any news?

Thanks in advance.

[dcorral]

I found a solution:

I removed all lines "proxy_protocol" in all my servers and restared Nginx.

Step by step:

ssh root@<OPNSENSE-IP>
Select "8 ) Shell"

To debug error:
tail -f /var/log/nginx/*.log

You must to access to your url to force errror.

Probably you will see somthing like:
2023/06/15 12:37:12 [error] 90378#100106: *43 broken header

cd /usr/local/etc/nginx/
grep -i "proxy_protocol" *
cp nginx.conf nginx.conf-BACKUP
vi nginx.conf

Yoy must to remove ALL lines "proxy_protocol" in all your servers:

For example, if you have:
listen 443 http2 ssl proxy_protocol;

Change it like this:
listen 443 http2 ssl;

Then restart Nginx:

/usr/local/etc/rc.d/nginx configtest
/usr/local/etc/rc.d/nginx stop
/usr/local/etc/rc.d/nginx status
/usr/local/etc/rc.d/nginx start
/usr/local/etc/rc.d/nginx status

Now check you url one more time.
It has worked for me.

[GreenMatter]

Thanks! Removing proxy_protocol directive (in 23.7.4) restored nginx functionality.
Is it a bug or feature?  :P