Welcome to Centmin Mod Community
Register Now

Install Nginx Fresh install nginx service start fails

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Earl, Dec 21, 2021.

Tags:
  1. Earl

    Earl New Member

    13
    6
    3
    Sep 17, 2015
    Ratings:
    +8
    Local Time:
    1:07 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS Linux 7.9.2009 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.21.4
    • PHP Version Installed: 7.3.33
    • MariaDB MySQL Version Installed: 10.3.32
    • When was last time updated Centmin Mod code base ? : fresh install just today, just now
    • Persistent Config:
      Code (Text):
      cat /etc/centminmod/custom_config.inc
      PHP_ARGON='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO='y'
      MARIADB_INSTALLTENTHREE='y'
      LETSENCRYPT_DETECT='y'
      KEYLENGTH='ec-256'
      DUALCERTS='y'
      
      





    Code (Text):
    # journalctl -xeu nginx.service

    nginx start fail fresh install - Pastebin.com
    Code (Text):
    # cat /root/centminlogs/nginx-configure-211221-041412.log

    nginx-configure-211221-041412.log - Pastebin.com

    Code (Text):
    cat /usr/local/nginx/conf/conf.d/-snip-.net.ssl.conf

    nginx vhost nv -d $domain -s led - Pastebin.com

    if i downgrade nginx version, this works without problem.

    please help
     
  2. eva2000

    eva2000 Administrator Staff Member

    48,487
    11,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,303
    Local Time:
    5:37 AM
    Nginx 1.21.x
    MariaDB 10.x
    not related but Apache .htaccess doesn't work in Nginx so lines you added for don't work
    Code (Text):
      auth_basic "Private";
      auth_basic_user_file /usr/local/nginx/conf/conf.d/-snip-.net.HtPasswd;
    

    see for Nginx method https://community.centminmod.com/threads/how-to-properly-password-protect-a-directory-or-file.579/


    You can debug custom changes to nginx config you make using nginx debug test config command
    Code (Text):
    nginx -t

    but that journalctl log shows settings and stuff that are no longer supported i.e. spdy
    Code (Text):
    Dec 21 04:41:42 ns5445.ip.ip.ip.ip.net nginx[19465]: nginx: [emerg] invalid parameter "spdy" in /usr/local/nginx/conf/conf.d/mytestsite.net.ssl.conf:16
    Dec 21 04:41:42 ns5445.ip.ip.ip.ip.net nginx[19465]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    Dec 21 04:41:42 ns5445.ip.ip.ip.ip.net systemd[1]: nginx.service: control process exited, code=exited status=1
    

    and missing include files
    Code (Text):
    Dec 21 04:41:38 ns5445.ip.ip.ip.ip.net nginx[19422]: nginx: [emerg] open() "/usr/local/nginx/conf/autoprotect/mytestsite.net/autoprotect-mytestsite.net.conf" failed (2: No such file or directory) in /usr/local/nginx/conf/conf.d/mytestsite.net.conf:34
    Dec 21 04:41:38 ns5445.ip.ip.ip.ip.net nginx[19422]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    Dec 21 04:41:38 ns5445.ip.ip.ip.ip.net systemd[1]: nginx.service: control process exited, code=exited status=1
    


    downgrading Nginx via centmin.sh menu option 4 probably fixed the spdy one as the routine as a check for invalid spdy directive and removes it. But no idea why downgrade would fix missing /usr/local/nginx/conf/autoprotect/mytestsite.net/autoprotect-mytestsite.net.conf include file as you should get the same error regardless of nginx version if that include file is referenced in your nginx vhost config but is missing

    If you have messed with your Nginx vhost include files after initial install and ran centmin.sh menu option 4, then the nginx upgrade/downgrade routine automatically makes a backup of your previous Nginx vhost config files at /usr/local/nginxbackup/ that you can reference to see the differences

    Code (Text):
    ls -lah /usr/local/nginxbackup/
    total 36K
    drwxr-xr-x.   4 root root 4.0K Apr  4  2017 .
    drwxr-xr-x.  28 root root 4.0K Dec  3 04:38 ..
    drwxr-xr-x. 278 root root  16K Jan 22  2018 confbackup
    drwxr-xr-x.   2 root root  12K Jan 23  2018 nginxdirbackup
    

    example command to list last 5 backups
    Code (Text):
    ls -lAhrt  /usr/local/nginxbackup/confbackup/ | tail -5
    drwxr-xr-x.  9 root root  32K Jan 22  2018 conf_220118-104938
    drwxr-xr-x.  9 root root  32K Jan 22  2018 conf_220118-105452
    drwxr-xr-x.  9 root root  32K Jan 22  2018 conf_220118-110103
    drwxr-xr-x.  9 root root  32K Jan 22  2018 conf_220118-110317
    drwxr-xr-x.  9 root root  32K Jan 22  2018 conf_220118-111629
    

    listing of backup config.d directory Nginx vhosts that you can inspect and compare
    Code (Text):
    ls -lAhrt  /usr/local/nginxbackup/confbackup/conf_220118-111629/conf.d/
    
    -rw-r--r-- 1 root root 3.3K Jan 22  2018 domain1.com.ssl.conf
    -rw-r--r-- 1 root root 2.0K Jan 22  2018 domain1.com.conf
    -rw-r--r-- 1 root root 1.1K Jan 22  2018 demodomain.com.conf
    -rw-r--r-- 1 root root 3.2K Jan 22  2018 virtual.conf
    

    example comparing domain1.com.ssl.conf backed up copy with live copy
    Code (Text):
    diff -u /usr/local/nginxbackup/confbackup/conf_220118-111629/conf.d/domain1.com.ssl.conf /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf
    

    output
    Code (Text):
    diff -u /usr/local/nginxbackup/confbackup/conf_220118-111629/conf.d/domain1.com.ssl.conf /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf 
    --- /usr/local/nginxbackup/confbackup/conf_220118-111629/conf.d/domain1.com.ssl.conf    2018-01-22 11:04:52.069971411 +0000
    +++ /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf   2021-12-20 12:21:21.051930884 +0000
    @@ -20,8 +20,8 @@
       ssl_certificate_key  /usr/local/nginx/conf/ssl/domain1.com/domain1.com.key;
       include /usr/local/nginx/conf/ssl_include.conf;
    
    -  http2_max_field_size 16k;
    -  http2_max_header_size 32k;
    +  #http2_max_field_size 16k;
    +  #http2_max_header_size 32k;
       # mozilla recommended
       ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
       ssl_prefer_server_ciphers   on;
    
     
  3. Earl

    Earl New Member

    13
    6
    3
    Sep 17, 2015
    Ratings:
    +8
    Local Time:
    1:07 AM
    what should I do with the SPDY thing?
    Code:
    nginx -t
    nginx: [emerg] invalid parameter "spdy" in /usr/local/nginx/conf/conf.d/-snip-.net.ssl.conf:17
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
     
  4. eva2000

    eva2000 Administrator Staff Member

    48,487
    11,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,303
    Local Time:
    5:37 AM
    Nginx 1.21.x
    MariaDB 10.x
    did you manually create that nginx vhost config file or use centmin.sh menu option 2 or nv command to create it? If you manually copied it over, then that could explain the issue as your old nginx vhost might be quite old.

    If the line relates to the listen directive on port 443, you can change it
    from
    Code (Text):
    listen 443 ssl spdy;
    

    to
    Code (Text):
    listen 443 ssl http2;
    

    and restart nginx server
     
  5. Earl

    Earl New Member

    13
    6
    3
    Sep 17, 2015
    Ratings:
    +8
    Local Time:
    1:07 AM
    I used nv command
    nv -d $domain -s led -u $usr
     
  6. Earl

    Earl New Member

    13
    6
    3
    Sep 17, 2015
    Ratings:
    +8
    Local Time:
    1:07 AM
    this works. I don't know how, but it works

    and, by using nv command, in the fresh install on a dedicated server, it installed this old spdy thing on vhost config file somehow, but if I use a new terminal window after installing centminmod install script, it installs the correct http2 nginx vhost config file.

    I don't know why this happening, but if you try adding the VHOST using nv command right after finishing centminmod install script, it just install some invalid nginx vhost conf.
    Anyway, I manadged to do it by using another window (tmux)
    I faced this issue because I used a shell script to execute installing script, and right after it finished, i called nv command by the same shell script. that's how i got this issue. Hope this information would help someone else.
     
  7. eva2000

    eva2000 Administrator Staff Member

    48,487
    11,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,303
    Local Time:
    5:37 AM
    Nginx 1.21.x
    MariaDB 10.x
    That is strange. Thanks for the heads up will investigate :)