Problem Since upgrade to 2.3



  • Hi all,

    First sorry for my english.

    Since 2 weeks i had a problem on one of my website using Wordpress and the Plugin Wp-Rocket (js/css minification). This website is hosted by a debian webserver (apache 2.4/php-fpm) on a DMZ interface. This website worked on pfsense 2.2 with  JS/CSS minification  but since i updated pfsense to 2.3 i have this error on my page and specially on the js/css cahed file

    
     <title> 301 Moved Permanently< / title > < / head ><br /><body bgcolor="white" ><br /><center > <h1 > 301 Moved Permanently< / h1 > < / center ><br /><hr > <center > nginx< / center ><br />< / body ><br />< / html ><br /><br /></pre><br /><br />One of the new feature on Pfsense 2.3 is Nginx, so i think that Nginx from Pfsense is interfering with my apache Webserver.<br /> I tried to google my bug but i didn't find anything.<br /><br />Hope someone can help me.<br /><br />Thank you.<br /><br />Greg</title>
    

  • Rebel Alliance Global Moderator

    how would nginx on pfsense have anything to do what so ever with apache running on your webserver??

    How do you thinking running httpd whatever on box 1 has anything to do with running httpd somethingelse on another??



  • I can't answer yours questions but i did a test , i restored a pfsense backup on version 2.2 (same config) and it's working.
    None of my servers are running Nginx so when i saw this error on the cached files i found that pfsense  replaced his webserver (lighthttpd) by Nginx on version 2.3 (hummm…).
    Maybe Pfense is running also as a reverse ?



  • Is it possible to stop the service Nginx and test my website to see if i have the same error


  • Rebel Alliance Global Moderator

    are you running proxy on pfsense?



  • none


  • Rebel Alliance Global Moderator

    pfsense does not do anything with nginx on port forward… How exactly are you access this webserver behind pfsense?  From where?

    You have not packages installed?



  • I have Pfsense as a Vm on Esxi. 3 Networks Wan/DMZ/LAN. Pfsense have 3 Interfaces attached to each network.
    I have a virtual IP (Ip ALias Type) and connect it to my server through Nat 1:1 and enable Manual Outbound Nat
    Here the list of the package installed

    • Open-VM-Tools
    • openvpn-client-export
    • Shellcmd


  • I might know what the problem is.

    AFAIK, the only possibility I can think of is WP-Rocket requesting resources to modify (js, css…) by "visiting" your site from inside of the network (Server > Network > Server), it's odd if you ask me, but it's the way I've seen similar plugins doing it.

    Example Setup:
    Your site is hosted on your internal network at 192.168.1.100, your public IP address is 203.0.113.1 and your website domain is pointing to external IP.

    What happens:
    WP-Rocket on 192.168.1.100 queries your website (203.0.113.1) but... NAT reflection does not happen, leading it to query pfSense's webGUI and then webGUI redirects from port 80 to 443 (thereby the 301 Moved Permanently page).

    My advise? If this proves to be the case, I don't recommend using plugins with such broken coding design.

    You still want to do that? Enable NAT Reflection.

    System > Advanced, Firewall/NAT tab
    NAT Reflection mode for port forwards: pure NAT
    Enable NAT Reflection for 1:1 NAT: Checked
    Enable automatic outbound NAT for Reflection: Checked

    Good luck ;)


  • Rebel Alliance Global Moderator

    why do you need nat reflection.. Your site is trying to access something via its own name your local dns should resolve that name to its rfc1918 IP..  There is never a reason for nat reflection other than misconfiguration or lack of proper local name resolution.



  • I finally found the option to make it work  :D.
    I configured the virtual IP as "Proxy Arp" and not "Ip Alias "