Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
nginx plugin
« previous
next »
Print
Pages:
1
...
4
5
[
6
]
Author
Topic: nginx plugin (Read 40635 times)
visualstation
Newbie
Posts: 3
Karma: 0
Re: nginx plugin
«
Reply #75 on:
February 12, 2019, 06:46:31 pm »
My bad,
Yes, it's in there, but only available in "Advanced Mode" in Location definition.
Logged
Soekris net6501-70, APU 2C4, Soekris net5501-70, ...
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx plugin
«
Reply #76 on:
February 12, 2019, 06:54:58 pm »
That's a problem of the interface of nginx: it has so many settings that many of them must be advanced to prevent flooding the common interface.
Logged
Alphakilo
Newbie
Posts: 49
Karma: 6
Re: nginx plugin
«
Reply #77 on:
February 13, 2019, 09:24:33 pm »
Hi fabian!
Thanks for the awesome plugin, love it! One less machine in the network to tend to.
I have a couple of questions / requests though:
Is it possible to define a listening interface?
In my case nginx is a reverse proxy. That's it's only job. The only interface it should be accessible from is WAN.
Also I don't want it to combat the existing listeners on 80,443/tcp.
Could we get to define snippets that we can include per server?
This will help to use advanced features of nginx without further cluttering the web interface.
And also help me to limit the amount of code re usage I have to do per server
Can we use existing lists (pf aliases / nginx ACLs) as httpserver.trusted_proxies?
I run behind Cloudflare. And manually adding and maintaining all Cloudflare
IPv4
and
v6
ranges is a royal pain the buttox.
Is it possible to disable / enable httpservers?
I'm thinking the way we're able to enable / disable, say, firewall rules.
I might check if I can hack the first two together when time allows. The other are beyond my skills.
Love this solid piece of advise btw:
Applies to so many things.
«
Last Edit: February 13, 2019, 09:31:16 pm by Alphakilo
»
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx plugin
«
Reply #78 on:
February 13, 2019, 10:17:48 pm »
since my session got killed and I don't want to write the long text again:
(1)
no, that is hard to implement in a stable way (interface status changes, ip address changes,...)
(2)
no but maybe an include directive can be added if it causes no problem when no file matches:
https://nginx.org/en/docs/ngx_core_module.html#include
(3)
maybe since the PF aliases have been moved to MVC, they should be possible to refer in MVC models.
(4)
no but it would be just a boolean to add to the form and the model as well as an "if" to the template around the server block
---
for the advice: You probably know why I've written that into this help text
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx plugin
«
Reply #79 on:
February 16, 2019, 11:14:21 am »
@Alphakilo: See
https://github.com/opnsense/plugins/pull/1198
- some are now implemented.
Logged
Alphakilo
Newbie
Posts: 49
Karma: 6
Re: nginx plugin
«
Reply #80 on:
February 17, 2019, 04:44:19 pm »
🥳 Thank you very much!
Logged
ibanezbass
Newbie
Posts: 2
Karma: 0
Re: nginx plugin
«
Reply #81 on:
February 28, 2019, 10:52:52 pm »
With the Naxsi plugin, how do I enable the core rules that are located in the /usr/local/etc/nginx folder? Also, I tried to recreate those rules, but when I attempt to create the policy, it won't let me select any operator except "=" (error: option not in list), and then I get this:
Incorrect line CheckRule $policy8f40a781e34045c193b56a9e5d37b585 = 4 (/usr/obj/usr/ports/www/nginx/work/naxsi-0.56/naxsi_src/naxsi_skeleton.c/646)... in /usr/local/etc/nginx/nginx.conf:229
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx plugin
«
Reply #82 on:
March 01, 2019, 06:58:45 am »
this should be already fixed (was a bug in OPNsense core)
Logged
ibanezbass
Newbie
Posts: 2
Karma: 0
Re: nginx plugin
«
Reply #83 on:
March 11, 2019, 09:46:45 pm »
Yes, you are correct. Upgrading did fix the issue. However, I can't figure out how to use the whitelist feature via the GUI. I know that in the config file for nginx, "basic rule wl:11;" would whitelist rule 11. How do I do that via the GUI? I've tried creating a separate policy and attaching a basic rule with id 11 selecting a URL value, but nginx throws an error in the log:
2019/03/11 20:42:09 [emerg] 18627#100242: matchzone doesn't target an actual zone. in /usr/local/etc/nginx/nginx.conf:301
2019/03/11 20:42:09 [emerg] 18627#100242: Naxsi-Config : Incorrect line BasicRule id:11 (/usr/obj/usr/ports/www/nginx/work/naxsi-0.56/naxsi_src/naxsi_skeleton.c/474)... in /usr/local/etc/nginx/nginx.conf:301
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx plugin
«
Reply #84 on:
March 11, 2019, 09:50:56 pm »
it should be wl:11 not id:11
Logged
Print
Pages:
1
...
4
5
[
6
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
nginx plugin