nginx plugin

Started by fabian, June 10, 2018, 12:35:30 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
October 10, 2018, 11:34:44 PM #45
I'm not sure...

I don't think so.. I was getting from master branch.
Cloudfence Open Source Team
October 11, 2018, 07:01:41 AM #46
then you can only send me your nginx section from your config.xml.
October 11, 2018, 01:38:38 PM #47
Hello Fabian!

My config.xml.

Thanks!
Cloudfence Open Source Team
October 11, 2018, 06:21:27 PM #48
Hi julio, your portal b location will probably not work because you have enabled naxsi without rules but that should not break the OPNsense template.
October 11, 2018, 06:33:07 PM #49
@julio I've imported your config and it rendered ok. You are probably missing a core patch (https://github.com/opnsense/core/commit/a7bc2188016941d301bf276d4ccd0a62a4c6e4bb)
October 11, 2018, 10:27:53 PM #50
Thanks again Fabian!
Cloudfence Open Source Team
October 11, 2018, 11:39:49 PM #51
Hi

Moderate to less than moderate nix skill, but I'm looking to migrate off Sophos UTM and WAF functionality is my biggest hurdle.  I have been playing around, getting familiar with your plugin (great work) and can't figure out one thing (aside from the WAF security rules bug).

How do we specify a default_server in the listen directive?  I want to display a not found or some generic page if someone hits my WAF by IP, etc. instead of one of the configured virtual host names.  I understand security through obscurity is not much security, but if I can not have it show my Nextcloud page when someone hits the WAF IP (without hostname in the SNI header), that would be great.

Can I specify a .conf file which gets included outside of generated nginx.conf?  (like a conf.d directory)

Thanks again for your work.
October 12, 2018, 01:56:34 AM #52
I realized this is probably the wrong thread for this stuff, but I sort of figured out a work-around.  It seems NGINX treats the servers in order they appear in the config and configd seems to generate the file in order that they were added in the GUI.  I just created the first server as a basic HTTP Server with no Locations configured.  The other server comes after which has a location and upstreams configured.  Will continue to test with some additional servers added in.
October 12, 2018, 04:57:34 PM #53
default is reserved for web interface which has an IP based ACL
October 12, 2018, 08:25:51 PM #54
That makes sense.  I guess it worked for me because I changed the management port from 443 to an alternate.
October 12, 2018, 10:48:45 PM #55
The web interface is currently not enabled because the core part is missing. If you want to try it on a development instance, you can install the nginx plugin, remove the comment character from the config, kill the lighttpd process of the web interface and then use "service nginx restart" to restart nginx without rendering the template again.

Some things you will see:
* You will communicate over HTTP/2 if you use HTTPS
* You can use the same port for other sites as well
October 26, 2018, 03:00:18 PM #56
Hello Fabian,

Is there already any plans to implement some log rotation to the nginx logs?
Cloudfence Open Source Team
October 26, 2018, 03:42:30 PM #57
Quote from: juliocbc on October 26, 2018, 03:00:18 PM
Is there already any plans to implement some log rotation to the nginx logs?
Currently not, because I am working on TCP streams load balancing in the nginx plugin. Do you need something special (cron job to rotate manually configurable or always running at a special time like midnight)?

This feature is not a lot of work to do so please create a ticket with your expectations. It can be discussed in the issue tracker.
October 26, 2018, 04:35:10 PM #58
I'm rotating with logrotate installed for now. I was wondering if will be a good idea to make a logration plugin to serve another plugins that don't use circular log format.
Cloudfence Open Source Team
October 26, 2018, 06:29:46 PM #59
I can also send the logs to syslog if that's what you want.
Print
Go Up Pages 1 2 3 4 5 6
User actions