This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with HTTPS filtering with Nginx

I'm not able to connect to our servers via HTTPS behind the UTM firewall. I have created a virtual web server in the web application firewall for the desired domain, and have tried both using HTTPS and HTTPS and redirect options and neither one of them seem to work. I have also tried having both a HTTP and HTTPS real web server and joined it to the Virtual web server respectively for the HTTPS and HTTPS and redirect options and neither option seems to work.

This setup does work if I use Apache on the backend behind the firewall. I'm able to connect using HTTPS protocol without any problems. But if I attempt to use Nginx to serve HTTPS content then I get the following error: 

2016/06/29 19:42:21 [error] 992#992: *1 open() "/usr/share/nginx/htmlindex.php" failed (2: No such file or directory)

A bit more information about our setup, we are using AWS and traffic is hitting the IP of the UTM 9 Firewall and then is sending traffic to a private subnet in the AWS VPC. The webserver behind the firewall is running current versions of a LEMP on Ubuntu 16.04

I have also checked the box to include host headers and I still get the same problem does anyone have any suggestions?



This thread was automatically locked due to age.
Parents
  • Does Nginx work if you DNAT the traffic to it instead of running it through the WAF?  Is that the complete line from the reverseproxy log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for your response!! That snippet was from the Nginx log. The full reverse proxy log is as follows:

    2016:06:30-15:33:01 lockdown reverseproxy: id="0299" srcip="77.77.77.77" localip="10.0.1.81" size="188" user="-" host="77.77.77.77" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="1869" url="/" server="domain.com" referer="-" cookie="PHPSESSID=p74p2nea35pp7dev3jm9ock487; _ga=GA1.2.1613450291.1466807112" set-cookie="-"

    and the entire nginx log:

    ==> nginx.vhost.error.log <==
    2016/06/30 15:33:34 [error] 6231#6231: *2 open() "/usr/share/nginx/htmlindex.php" failed (2: No such file or directory), client: 10.0.1.81, server: domain.com, request: "GET / HTTP/1.1", host: "domain.com"

    **domain.com is replacing our actual domain and 77.77.77.77 is replacing our public IP.

    As for the DNAT I'm getting the same error when it tries to connect. For some reason Sophos is trying to hit the default install path that nginx has /usr/share/nginx/ and hitting a weird file "htmlindex.php" When I've set in the settings for the default server path the be /var/www/html. 

  • It actually looks like I found my issue, it was due to a configuration issue with Nginx and how I had it set to handle SSL traffic. I didn't have the root path defined properly so it was being sent to a weird place. 

    Thanks for your help in looking at it though!!

Reply Children
  • No sure if this thread is still getting views, but I am having a similar issue trying to access internal sites behind the HTML5 portal. Can you provide detailed info on what you did you Nginx to fix your issue? Like you, I can connect to the portal site fine, but when I try to access any of the sites (RDP/HTTPS) through the UTM, I am getting a web socket error.

    Thanks