Opnsense 24.7.2 broke nginx server

[fforstik]

Hello

I have updated from 24.7 -> 24.7.2 and since then i have an issue for the ngning and able to access the server behind this..

It show this message if i will hit the ngning (plugin on opnsense)

Server Error
Sorry, but something went wrong on our side.

There is nothing you can do except waiting until we fix the issue.
Web Application Protection by OPNsense

[doktornotor]

Suggestion: Make use of the logs for diagnostics. Crystal balls are being serviced.

[fforstik]

i see only in debug log: NGINX setup routine started.

nothing else..

[fforstik]

only in
    - log-HTTPS access: status code 502
    - log-HTTP Error: SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client:

[doktornotor]

You really need to post the entire log entry, redacted for privacy if needed BUT preserving the required information, i.e., protocol, hostnames, IPs and ports and requests. You cannot wipe the part that's after the client: since it nukes most of the useful info and there's literally zero information about your configuration otherwise.

As a quick guess, you are trying to do HTTPS where none is supported by the backend server (wrong port or whatever).

[fforstik]

It was all working fine as I was able to access the server just before the update to 24.7.2. No other changes.

Im using ACME plugin for the SSL cert (Lets encrypt)

in ngix plugin in Logs-HTTP error:
2024/08/28   00:06:47   error   82877#100122   *1 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: <public IP>, server: <Nextcloud Domain name website>, request: "GET /favicon.ico HTTP/1.1", upstream: "https://<Internal server IP>:11000/favicon.ico", host: "<Nextcloud Domain name website>", referrer: "https://<Nextcloud Domain name website>"

2024/08/28   00:06:47   error   82877#100122   *5 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: <public IP>, server: <Nextcloud Domain name website>, request: "GET / HTTP/1.1", upstream: "https://<Internal server IP>:11000/", host: "<Nextcloud Domain name website>"

2024/08/28   00:06:47   error   82877#100122   *1 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: <public IP>, server: <Nextcloud Domain name website>, request: "GET /favicon.ico HTTP/1.1", upstream: "https://<Internal server IP>:11000/favicon.ico", host: "<Nextcloud Domain name website>", referrer: "https://<Nextcloud Domain name website>"

2024/08/28   00:06:44   error   82877#100122   *1 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: <public IP>, server: <Nextcloud Domain name website>, request: "GET /favicon.ico HTTP/1.1", upstream: "https://<Internal server IP>:11000/favicon.ico", host: "<Nextcloud Domain name website>", referrer: "https://<Nextcloud Domain name website>"

2024/08/28   00:06:44   error   82877#100122   *1 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: <public IP>, server: <Nextcloud Domain name website>, request: "GET /favicon.ico HTTP/1.1", upstream: "https://<Internal server IP>:11000/favicon.ico", host: "<Nextcloud Domain name website>", referrer: "https://<Nextcloud Domain name website>"

[fforstik]

Dont know if 24.7.1 or 24.7.2 broke as I have moved from version 24.7.0 but i see that in version 24.7.1 were some os-acme-client update and in version 24.7.2 more system update and cleanup as well..

Just wondering if other people have the same issue or similar based on what i see in the forum about other issues like CPU, sensors etc.. with the new 24.7.x upgrade..

[fforstik]

so after multiple tries and search I have found this forum which is very similar to my issue.
https://forum.opnsense.org/index.php?topic=19305.30
  - basically its says that after deleting logs it "mess" with the configuration which could happend when I have updated from 24.7 to 24.7.2


Anayway, because I have clean Opnsense install from late 2022 and always did upgrade I was trying to do a clean install and reconfigure the nginx (without any backup import) and it was the same thing. Same issue

[Grossartig]

I'm still on 24_7 with working nginx. Sounds like I should wait to upgrade until this issue is resolved understood.

[fforstik]

well probably stay as I see lots of issues raised by other people..

for my situation there could be:
    A) my HW is not supported (im using N6005 CPU and i226 2.5Gbe ethernet)
    B) new update clean some of the files and logs and messed with the config as I have always did the upgrade from GUI since late 2022. (so almost 2 years without clean install)

Because I have tried clean install and didnt worked I suspect that might be a combination of two.. It will be interesting if other people experience the same or similar issue with Nginx plugin and WAF with fresh clean install and not just upgrade to see if its just my device or global issue..