Problem Since upgrade to 2.3
-
Hi all,
First sorry for my english.
Since 2 weeks i had a problem on one of my website using Wordpress and the Plugin Wp-Rocket (js/css minification). This website is hosted by a debian webserver (apache 2.4/php-fpm) on a DMZ interface. This website worked on pfsense 2.2 with JS/CSS minification but since i updated pfsense to 2.3 i have this error on my page and specially on the js/css cahed file
<title> 301 Moved Permanently< / title > < / head ><br /><body bgcolor="white" ><br /><center > <h1 > 301 Moved Permanently< / h1 > < / center ><br /><hr > <center > nginx< / center ><br />< / body ><br />< / html ><br /><br /></pre><br /><br />One of the new feature on Pfsense 2.3 is Nginx, so i think that Nginx from Pfsense is interfering with my apache Webserver.<br /> I tried to google my bug but i didn't find anything.<br /><br />Hope someone can help me.<br /><br />Thank you.<br /><br />Greg</title> -
how would nginx on pfsense have anything to do what so ever with apache running on your webserver??
How do you thinking running httpd whatever on box 1 has anything to do with running httpd somethingelse on another??
-
I can't answer yours questions but i did a test , i restored a pfsense backup on version 2.2 (same config) and it's working.
None of my servers are running Nginx so when i saw this error on the cached files i found that pfsense replaced his webserver (lighthttpd) by Nginx on version 2.3 (hummm…).
Maybe Pfense is running also as a reverse ? -
Is it possible to stop the service Nginx and test my website to see if i have the same error
-
are you running proxy on pfsense?
-
none
-
pfsense does not do anything with nginx on port forward… How exactly are you access this webserver behind pfsense? From where?
You have not packages installed?
-
I have Pfsense as a Vm on Esxi. 3 Networks Wan/DMZ/LAN. Pfsense have 3 Interfaces attached to each network.
I have a virtual IP (Ip ALias Type) and connect it to my server through Nat 1:1 and enable Manual Outbound Nat
Here the list of the package installed- Open-VM-Tools
- openvpn-client-export
- Shellcmd
-
I might know what the problem is.
AFAIK, the only possibility I can think of is WP-Rocket requesting resources to modify (js, css…) by "visiting" your site from inside of the network (Server > Network > Server), it's odd if you ask me, but it's the way I've seen similar plugins doing it.
Example Setup:
Your site is hosted on your internal network at 192.168.1.100, your public IP address is 203.0.113.1 and your website domain is pointing to external IP.What happens:
WP-Rocket on 192.168.1.100 queries your website (203.0.113.1) but... NAT reflection does not happen, leading it to query pfSense's webGUI and then webGUI redirects from port 80 to 443 (thereby the 301 Moved Permanently page).My advise? If this proves to be the case, I don't recommend using plugins with such broken coding design.
You still want to do that? Enable NAT Reflection.
System > Advanced, Firewall/NAT tab
NAT Reflection mode for port forwards: pure NAT
Enable NAT Reflection for 1:1 NAT: Checked
Enable automatic outbound NAT for Reflection: CheckedGood luck ;)
-
why do you need nat reflection.. Your site is trying to access something via its own name your local dns should resolve that name to its rfc1918 IP.. There is never a reason for nat reflection other than misconfiguration or lack of proper local name resolution.
-
I finally found the option to make it work :D.
I configured the virtual IP as "Proxy Arp" and not "Ip Alias "
