WebGUI redirects to wrong domain

jonofmac

Hello,
I have a wildcard cert for my domain.

With pfsense's https enabled, it directs from http to https, which is great. The problem is that when I type pfsense/ into chrome, it gets redirected to https://pfsense which is not valid.

I have the FQDN set up in pfsense, but how do I set PFSense up to redirect to the FQDN instead?

I cannot find an option anywhere for this... I don't want to have to type the fqdn every time, this is why I have "search domains" set in the DHCP...

SteveITS

@jonofmac Without looking I expect they just shortened the code to redirect to HTTPS for the currently used hostname. That would allow LAN IP, WAN IP, etc.

jonofmac

@steveits that's my assumption as well.

I do not leave PFSense open to the internet at all, all access is done from the internal lan for me.

I'd modify the ngnix config file handling this redirect if i knew where it existed.

I'm hoping there's some way to modify this behavior. It's annoying having to type out the fqdn to avoid the error.

johnpoz

@jonofmac said in WebGUI redirects to wrong domain:

I don't want to have to type the fqdn every time,

Why would you ever do that? Why would you not just use a bookmark?

jonofmac

@steveits I'm frequently hopping on different VMs or machines that aren't on a shared web browser account.

Typing pfsense/ is significantly faster than the fqdn.

Isnt this the whole point of using search domains in DHCP. The browser knows that pfsense/ redirects to pfsense.home.domain.com but then complains that it wasn't typed in.

I had another guy tell me "just to go to the page a lot so that the fqdn is at the top of the recommended domains when you type it in"

Is there really no solution?

SteveITS

@jonofmac I personally type "r" and then all of our router* hostnames show up :)

Forcing a specific domain would create problems for us because we get to client routers using the WAN. Maybe there could be one hostname set per interface but then I could see that create other user/support problems like the hostname not pointing to the right IP and redirecting away from the router.

I would expect a "search domain" isn't appended to a URL. It might be used in DNS but I don't think I've seen browsers correct a URL like that.

jonofmac

@steveits sadly browsers don't correct the address.

I've been fine for a while on my local lan but decided to actually start enabling https on my services and pfsense is one i go to often. On all of my other web instances on my server, a webservice/ opens the :80 host which redirects to the fqdn on https for easy navigating.

I realize this isn't for everyone and understand why you wouldn't want it for internet facing interfaces, but is there some internal Nginx config that can be edited to correct this?

A lot of the config seems hidden away.

johnpoz

@jonofmac this isn't a pfsense issue... If its not a fqdn then what is going to be resolved?

If you want to resolve a host name to some fqdn, then have your OS send the search domain with the query.

But unbound does not resolve a non fqdn, that was fixed multiple versions back where it would resolve just a host.

As a work around if you want, put that in your machines hostfile..

Or you can just use a singlelabel name as domain in the host overrides.. And that will return an IP for you.

jonofmac

@johnpoz Thanks for the reply, but perhaps I misstated my question.

If I go to chrome and type "pfsense/", it does the lookup with my domain and resolves correctly. So it is looking up the fqdn for the DNS request, but chrome doesn't use it for anything beyond resolving the IP.

C:\Users\Jonathan>nslookup pfsense
Server:  pfSense.home.domain.com
Address:  <redacted>

Name:    pfsense.home.domain.com
Address:  <IPv6 and v4 addresses redacted>

My particular question is can I make pfsense redirect to the fqdn when it receives the http request?

Right now, when I do pfsense/, it goes to http://pfsense/ (which gets resolved as pfsense.home.domain.com,), and then pfsense redirects to https://pfsense/ instead since I have https enabled.

On other websites, (lets use virtual hosts on apache as an example) you can make https only by forcing a redirect to the https link (same thing pfsense is doing), but you can also tell it which domain to forward to. So on my local sites, doing something like "ldap/" would go to http://ldap/ and get redirected to https://ldap.home.domain.com/

nginx can do this, I just don't know where to change this setting

johnpoz

@jonofmac said in WebGUI redirects to wrong domain:

but chrome doesn't use it

Pfsense isn't a webserver - it has a gui served up by nginx sure, with really no access to those settings other then redirect 80 to https port, etc.

But you could most likely just setup haproxy to what you want.. You can do redirection there..

You might be able to directly edit the files on pfsense to put in a redirect to whatever fqdn you want, etc.

But it takes what .03 seconds to type in pfsense.home.domain.com ;) Not using fqdn is a bad habit - you should break yourself of.. Webservers shouldn't answer to just hostnames either..

So pfsense.home.domain.com resolves to a public IP.. Why are you worried about redacting some rfc1918 address. My lan IP of pfsense is 192.168.9.253 - what would you do with that info??