Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nginx behind PFsense uptime problems

    General pfSense Questions
    3
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eltomation
      last edited by

      Hi there,

      Running pfSense on ESXi and an Ubuntu Server 15.04 x64 with Nginx 1.9.5 also on ESXi.
      Everything works as it should. Site is available from the internet and from the local networks.

      We have a IPv6 \48 and 7 static IPv4 addresses.
      One IPv4 address is configured as 1:1 NAT to the webserver (webserver is running in separate LAN network) (specific NATS 80->80 and 443->443 have also been tried)
      Made a firewall rule to allow IPv4/IPv6 * from * to Webserver port *
      Also tried the rule allow IPv4/IPv6 TCP/UDP from * to Webserver port 443 and 80

      Both have the same result.
      Uptime Robot and freesitestatus both tell me that the website isn't always up.
      Gateway (ping to our external IP) is allways up.
      Another webserver IIS7 is always up.

      Is this a problem in my configuration of the firewall or in nginx?
      What is the best way to configure the firewall. 1:1 NAT or specific NAT?
      Firewall rule to allow all (some kind of firewall bypass) or filtering and only allowing the needed traffic?

      Please help me to get a 100% uptime as with IIS7 and not a 98% uptime.

      ps. if this is in the wrong subforum, i'am sorry, please replace it.

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        So is your IIS server on the same network as the Nginx server? You presumably have port forwarding rules in place to allow external access to ports 80 and 443 on the IIS system - have you checked that the rules are the same for both servers? And are you using virtual IPs on the external side to forward the traffic to each of your web servers?

        In short, if you have exactly the same setup on the firewall for IIS and Nginx as far as the firewall rules go, then the issue is almost certainly with Nginx. Have you checked the Nginx server logs to see if the service is dropping or if anything is happening on the server? For that matter, are you checking the pfSense logs to see if any disconnects are occuring?

        Without any specific information about your rules or any indication you've checked your logs, this is about as much help as anyone can offer. If you need any further assistance, post your rules and any log information you can find.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          firewall rules don't say oh you can only go in 98% of the time ;)  Your issue is most likely with your actual web server or connectivity to it on your lan side.

          Does it go down on its ipv6 address?  You know when I see this "Also tried the rule allow IPv4/IPv6 TCP/UDP from * to Webserver port 443 and 80"  I have to think to myself.. WHY??  Since when does your website do anything on UDP for http or https???

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.