Get the most out of your Centmin Mod LEMP stack
Become a Member

[Solved] Nginx Depricated setting on default vhost generation ssl config

Discussion in 'Bug Reports' started by pamamolf, Jun 10, 2024.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:24 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi,

    Adding from menu (centminmod) a new Vhost using the latest 130.00beta01 (updated) the auto generated ssl config file it still has the:

    Code:
    listen 443 ssl http2;
    instead of:


    Code:
    listen 443 ssl;
    http2 on;
    Thanks :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    12:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    See https://community.centminmod.com/threads/nginx-1-25-1-release-http2-parameter-deprecation.23890/

    You can ignore it as it should resolve itself after first centmin.sh menu option 4 nginx recompile /upgrade
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:24 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I think that it doesn't do that...

    Maybe because sometimes i do some edits inside that file or a bug in the Centminmod code?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    12:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you have test server try not editing vhosts and see if after nginx upgrade it auto fixes it or not. Then try your vhost edits and try nginx upgrade again and see if your edited nginx vhost is fixed too

    Just to clarify the order of things.

    1. Initial Centmin Mod install Nginx will give deprecated http2 parameter in listen directive warning (not error). Warnings mean Nginx can still function.
    2. Create new Nginx vhost, will have same deprecated http2 parameter warning.
    3. centmin.sh menu option 4 will correct all existing created Nginx vhosts to switch from http2 parameter in listen directive to it's own http2 directive. But doesn't not fix any new Nginx vhost created after
    4. Next created new Nginx vhost, will have same deprecated http2 parameter warning until next centmin.sh menu option 4 which fixes all existing Nginx vhosts again. It's done this way because if folks downgrade to Nginx version that doesn't support new http2 directive, Nginx will throw a hard error not warning which means Nginx service won't start up and your sites will be down.
    Might eventually add a new variable to control if newly created Nginx vhosts use newer http2 directive by default for folks who have no intention of downgrading Nginx versions.

    An example where I created nginx HTTPS vhost domain.com after Centmin Mod initial install. Then ran centmin.sh menu option 4 upgrade and in upgrade log and output further up in output you will see
    Code (Text):
    remove deprecated HTTP/2 variables in Nginx 1.19.7+
    
    /usr/local/nginx/conf/conf.d/demodomain.com.conf
    /usr/local/nginx/conf/conf.d/domain.com.conf
    /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    /usr/local/nginx/conf/conf.d/virtual.conf
    ---
    
    Update deprecated listen directive's http2 option in Nginx 1.25.1+
    /usr/local/nginx/conf/conf.d/demodomain.com.conf
    /usr/local/nginx/conf/conf.d/domain.com.conf
    /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    /usr/local/nginx/conf/conf.d/virtual.conf
    /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:17:  listen 443 ssl http2;
    ---
    /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:17:  listen 443 ssl;
    /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:18:  http2 on;
    

    auto fixed nginx HTTPS vhost
    Code (Text):
    grep -C5 'http2' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl;
      http2 on;
      
      server_name domain.com www.domain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com.crt;
    
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:24 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I tested it using:

    mytestdomain.com
    create custom certificate
    no let's encrypt certificate - (not sure what it does with it)

    so i got:
    Code:
    mytestdomain.com.ssl.conf
    with:

    Code:
    listen 443 ssl http2;
    Then without editing the config i run centmin again and option 4 and i select the same latest version 1.27.0.

    When it was done i checked again and it was fixed !

    Then i revert it to:

    Code:
    listen 443 ssl http2;
    and i run centmin again and option 4 and i select the same latest version 1.27.0.

    and it was not ok:

    Code:
    listen 443 ssl;
    http2 on;
    
    I edited the following:

    enable (remove comment in front) the:
    Code:
     server {
           listen   80;
        
           server_name mytestdomain.com www.mytestdomain.com;
           return 302 https://$server_name$request_uri;
     }

    I disable by commenting the:
    Code:
    #include /usr/local/nginx/conf/autoprotect/mytestdomain.com/autoprotect-mytestdomain.com.conf;
    I enable (remove comment in front) the:
    Code:
    include /usr/local/nginx/conf/cloudflare.conf;
    and i enable (remove comment in front) the:
    Code:
    try_files $uri $uri/ /index.php?q=$uri&$args;
    Thanks !
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    12:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that is non-HTTPS port 80 vhost so http2 directive doesn't apply, are you expecting http2 on directive in non-HTTPS port 80 vhost? That isn't how it works, auto fix on nginx upgrade applies to HTTPS port 443 vhosts only as http2 on directive is a HTTPS nginx HTTP/2 directive
     
  7. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:24 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I think that i understood something wrong...

    From the description i understood that by enabling the block i was able to force the non usage of www on my domain that i don't need as i am using it as for example:

    Code:
    mytestdomain.com 
    and not:

    Code:
    www.mytestdomain.com

    The block says also forced ssl:

    Code:
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #      
    #       server_name asemasrefile.com www.asemasrefile.com;
    #       return 302 https://$server_name$request_uri;
    # }

    but i just notice the port 80 :)

    So is it a pointless setting if using https?
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    12:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    oh sorry that is HTTPS vhost just you're enabling the non-HTTPS to HTTPS redirect which is correct steps. I'll have to check if enabling that non-HTTPS to HTTPS 302 redirect, may have confused the auto fix http2 directive grep matches as there would be now 2 listen directives in Nginx vhost

    just checked, no conflicts and auto fix on nginx recompile/upgrade works even when 302 non-HTTPS to HTTPS redirect is enabled