plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

www/nginx: Proxy Error with LDAP

Open marzlberger opened this issue 9 months ago • 0 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [x] The title contains the plugin to which this issue belongs

Describe the bug Enabling the "Advanced ACL Authentication Backend" leads into an "connect() to unix:/var/run/php-webgui.socket failed" error

To Reproduce Steps to reproduce the behavior:

  • Firewall IP Address 192.168.1.1
  • DNS Name git.bsdbox.local points to 192.168.1.1
  • System: Firmware: os-nginx 1.34_5
  • System: Access: Servers: Local Database / LDAP
  • System: Access: Tester: Successful

WORKING

  • Services: Nginx: Configuration:
    • General NGINX Enabled: yes
    • Upstream Server: server_git.bsdbox.local
      • Server: 192.168.1.221
      • Port: 3000
    • Upstream: pool_git.bsdbox.local
      • Server Entries: server_git.bsdbox.local
    • HTTPS Location:
      • URL Pattern: /
      • Upstream Servers: location_git.bsdbox.local
    • HTTP Server:
      • HTTP Listen Address: 8080
      • Server Name: git.bsdbox.local
      • Locations: server_git.bsdbox.local

Result: Opening the Firewall IP Address 192.168.1.1:8080 with the hostname git.bsdbox.local displays the site from 192.168.1.221:3000 OK!

NOT WORKING

Setting from above PLUS

  • Services: Nginx: Configuration:
    • HTTPS Location: location_git.bsdbox.local
      • Enable Advanced ACLs; yes
    • HTTP Server:
      • Advanced ACL Authentication Backend: Local Database

Result: Opening the Firewall IP Address 192.168.1.1:8080 with the hostname git.bsdbox.local displays the nginx "Server Error" page.

It seems that there is the "unix:/var/run/php-webgui.socket" not been started/handled correctly? Playing around with the " Satisfy" does not make any difference, its always the same error seen above.

Relevant log files

*346 connect() to unix:/var/run/php-webgui.socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.200, server: git.bsdbox.local, request: "GET /user/login HTTP/1.1", subrequest: "/opnsense-auth-request", upstream: "fastcgi://unix:/var/run/php-webgui.socket:", host: "git.bsdbox.local:8080"

*346 auth request unexpected status: 502 while sending response to client, client: 192.168.1.200, server: git.bsdbox.local, request: "GET /user/login HTTP/1.1", host: "git.bsdbox.local:8080"

Environment OPNsense 24.10.2_6 (Business Edition) AMD GX-420MC SOC (4 cores, 4 threads) DEC-675

Image

Image

Image

Image

marzlberger avatar Mar 27 '25 09:03 marzlberger