nginx plugin

[juliocbc]

I'm not sure...

I don't think so.. I was getting from master branch.

[fabian]

then you can only send me your nginx section from your config.xml.

[juliocbc]

Hello Fabian!

My config.xml.

Thanks!

[fabian]

Hi julio, your portal b location will probably not work because you have enabled naxsi without rules but that should not break the OPNsense template.

[fabian]

@julio I've imported your config and it rendered ok. You are probably missing a core patch (https://github.com/opnsense/core/commit/a7bc2188016941d301bf276d4ccd0a62a4c6e4bb)

[juliocbc]

Thanks again Fabian!

[utahbmxer]

Hi

Moderate to less than moderate nix skill, but I'm looking to migrate off Sophos UTM and WAF functionality is my biggest hurdle.  I have been playing around, getting familiar with your plugin (great work) and can't figure out one thing (aside from the WAF security rules bug).

How do we specify a default_server in the listen directive?  I want to display a not found or some generic page if someone hits my WAF by IP, etc. instead of one of the configured virtual host names.  I understand security through obscurity is not much security, but if I can not have it show my Nextcloud page when someone hits the WAF IP (without hostname in the SNI header), that would be great.

Can I specify a .conf file which gets included outside of generated nginx.conf?  (like a conf.d directory)

Thanks again for your work.

[utahbmxer]

I realized this is probably the wrong thread for this stuff, but I sort of figured out a work-around.  It seems NGINX treats the servers in order they appear in the config and configd seems to generate the file in order that they were added in the GUI.  I just created the first server as a basic HTTP Server with no Locations configured.  The other server comes after which has a location and upstreams configured.  Will continue to test with some additional servers added in.

[fabian]

default is reserved for web interface which has an IP based ACL

[utahbmxer]

That makes sense.  I guess it worked for me because I changed the management port from 443 to an alternate.

[fabian]

The web interface is currently not enabled because the core part is missing. If you want to try it on a development instance, you can install the nginx plugin, remove the comment character from the config, kill the lighttpd process of the web interface and then use "service nginx restart" to restart nginx without rendering the template again.

Some things you will see:
* You will communicate over HTTP/2 if you use HTTPS
* You can use the same port for other sites as well

[juliocbc]

Hello Fabian,

Is there already any plans to implement some log rotation to the nginx logs?

[fabian]

Is there already any plans to implement some log rotation to the nginx logs?

Currently not, because I am working on TCP streams load balancing in the nginx plugin. Do you need something special (cron job to rotate manually configurable or always running at a special time like midnight)?

This feature is not a lot of work to do so please create a ticket with your expectations. It can be discussed in the issue tracker.

[juliocbc]

I'm rotating with logrotate installed for now. I was wondering if will be a good idea to make a logration plugin to serve another plugins that don't use circular log format.

[fabian]

I can also send the logs to syslog if that's what you want.