Hi, Not sure if I'm posting in the right place, but this is so very urgent :( Please, help!
You'll need to post on the forums with the following info This error suddenly occur on an already working install or error occured on a fresh install right away ? If it's fresh install, would need troubleshooting steps below too. Server or VPS details ? XEN, KVM, OpenVZ, VMWare or dedicated server ? OS ? CentOS 6.7 or 7.2 ? 32bit or 64bit ? What version of Centmin Mod ? .07 stable or 08 stable or .09 beta01 or another branch version ? Was it fresh install or upgrade ? Method of install ? Via centmin.sh menu option 1, Git install or curl one liner install as outlined at centminmod.com/download.html ? How long ago did you install Centmin Mod ? There's numerous code changes, bug fixes over time, so ensure you have latest Centmin Mod code installed by upgrading your Centmin Mod code as instructed below. Troubleshooting Initial Install To troubleshoot initial installation, you need to check the initial install log at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the initial install log. You can see full details at How to troubleshoot Centmin Mod initial install issues Example list /root/centminlogs files in date ascending order and grep for install.log Code (Text): ls -lahrt /root/centminlogs | grep install.log example output returns install log at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log Code (Text): ls -lahrt /root/centminlogs | grep install.log -rw-r--r-- 1 root root 2.2M Oct 11 01:40 centminmod_1.2.3-eva2000.09.001_111016-112321_install.log in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log. Clear your SSH client window/buffer so only output is the contents of the file Code (Text): cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents. But makes sure it's sanitised version of the contents of the initial install log as outlined at How to troubleshoot Centmin Mod initial install issues
Also want's output for command in sssh below Code (Text): grep -rn 'server_https' /usr/local/nginx/conf for posting code and output you might want to use CODE tags for code How to use forum BBCODE code tags
Hi, eva2000! Thanks for your answer. First of all, I'm on a Centos 7 with PHP 7 and your latest stable version of centminmod. The error occurred on a working install, not quite fresh (about a week old). There are two actions that could have get me there, I think. First of all, I removed the below php modules as they were throwing errors: Code: /etc/centminmod/php.d/mongodb.ini /etc/centminmod/php.d/redis.ini Second, I installed phpmyadmin (with no errors whatsoever). And, maybe, the third possibility is that I edited some unwanted lines in nginx.conf when I configured the Cloudflare IP list. As for your last question, here is the output: Code: [root@web ~]# grep -rn 'server_https' /usr/local/nginx/conf /usr/local/nginx/conf/phpssl.conf:31:# fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php_28502_mysqladmin3324.conf:39:fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php-wpsc.conf:39:# fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php-pool2.conf:39:# fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php-pool3.conf:39:#fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php-pool5.conf:39:fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/phpalt.conf:39:fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/fastcgi_param_https_map.conf:4:map $scheme $server_https { /usr/local/nginx/conf/php.conf:39:#fastcgi_param HTTPS $server_https; /usr/local/nginx/conf/php-pool4.conf:39:# fastcgi_param HTTPS $server_https; As you can see, I commented out all the occurences of $server_https in order to keep my site alive. By the way, the site is a live woocommerce in full season campaign! So, you can imagine the hassle. The problem right now is that I have to make it work on https, which, obviously, I can't. Sorry if I'm being too vague, I'm quite a beginner with nginx and centminmod. Thanks for your help!
When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL) Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com Vhost public web root will be at /home/nginx/domains/newdomain.com/public Vhost log directory will be at /home/nginx/domains/newdomain.com/log Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags) what is output of these commands in ssh Code (Text): curl -I https://domain.com Code (Text): curl -I https://www.domain.com Code (Text): curl -I http://domain.com Code (Text): curl -I http://www.domain.com wrap output in CODE tags
Content of /usr/local/nginx/conf/conf.d/mydomain.com.conf (replaced my real domain name with mydomain.com): Code: # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # redirect from non-www to www # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 #server { # listen 80; # server_name mydomain.com; # return 301 $scheme://www.mydomain.com$request_uri; # } server { server_name mydomain.com www.mydomain.com; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/mydomain.com/log/error.log; root /home/nginx/domains/mydomain.com/public; # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } include /usr/local/nginx/conf/wpsupercache_mydomain.com.conf; location / { # Enables directory listings when index file not found #autoindex on; # for wordpress super cache plugin try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; # Wordpress Permalinks #try_files $uri $uri/ /index.php?q=$uri&$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; #auth_basic "Private"; #auth_basic_user_file /home/nginx/domains/mydomain.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; } location ~* /(xmlrpc\.php) { limit_req zone=xwprpc burst=45 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; } include /usr/local/nginx/conf/wpsecure_mydomain.com.conf; include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; } Content of /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf: Code: # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # For SPDY SSL Setup # read http://centminmod.com/nginx_configure_https_ssl_spdy.html # redirect from www to non-www forced SSL # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 #server { # server_name mydomain.com www.mydomain.com; # return 302 https://mydomain.com$request_uri; #} server { # listen 443 ssl http2; # server_name mydomain.com www.mydomain.com; ## redirect https www to https non-www # if ($host = 'www.mydomain.com' ) { # return 302 https://mydomain.com$request_uri; # } ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key; include /usr/local/nginx/conf/ssl_include.conf; # mozilla recommended ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA; ssl_prefer_server_ciphers on; #add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Content-Type-Options "nosniff"; #add_header X-Frame-Options DENY; #spdy_headers_comp 5; ssl_buffer_size 1400; ssl_session_tickets on; # enable ocsp stapling #resolver 8.8.8.8 8.8.4.4 valid=10m; #resolver_timeout 10s; #ssl_stapling on; #ssl_stapling_verify on; #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/mydomain.com/log/error.log; root /home/nginx/domains/mydomain.com/public; # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } include /usr/local/nginx/conf/wpsupercache_mydomain.com.conf; location / { # Enables directory listings when index file not found #autoindex on; # for wordpress super cache plugin try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; # Wordpress Permalinks #try_files $uri $uri/ /index.php?q=$uri&$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; #auth_basic "Private"; #auth_basic_user_file /home/nginx/domains/mydomain.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; } location ~* /(xmlrpc\.php) { limit_req zone=xwprpc burst=45 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; } include /usr/local/nginx/conf/wpsecure_mydomain.com.conf; include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; } Output of your commands: Code: [root@web ~]# curl -I https://mydomain.com curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s). [root@web ~]# curl -I https://www.mydomain.com curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s). [root@web ~]# curl -I http://mydomain.com HTTP/1.1 200 OK Date: Thu, 07 Dec 2017 19:27:46 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Set-Cookie: __cfduid=da9f54c018621a21adb1596b3b341d8361512674866; expires=Fri, 07-Dec-18 19:27:46 GMT; path=/; domain=.mydomain.com; HttpOnly Last-Modified: Thu, 07 Dec 2017 15:26:34 GMT Vary: Accept-Encoding Server: cloudflare-nginx CF-RAY: 3c99e25ab39e9c0b-AMS [root@web ~]# curl -I http://www.mydomain.com HTTP/1.1 301 Moved Permanently Date: Thu, 07 Dec 2017 19:27:54 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: __cfduid=de353d5871fc8afb844c01cdf3cfa08311512674874; expires=Fri, 07-Dec-18 19:27:54 GMT; path=/; domain=.mydomain.com; HttpOnly Vary: Cookie Set-Cookie: wfvt_2190360356=5a29963accacf; expires=Thu, 07-Dec-2017 19:57:54 GMT; Max-Age=1800; path=/; HttpOnly Set-Cookie: wp_woocommerce_session_5e7d7cafca95247a964bccc7c90d4790=fb51d48f1e747c4ff64ff7e8212cd37e%7C%7C1512847674%7C%7C1512844074%7C%7Cfc7267b875846b139b8150bbb98c452d; expires=Sat, 09-Dec-2017 19:27:54 GMT; Max-Age=172800; path=/ Location: http://mydomain.com/ Server: cloudflare-nginx CF-RAY: 3c99e28ed61f9c4d-AMS
are you using cloudflare flexible ssl or full ssl ? if using full ssl, then you need working centmin mod nginx https/ssl certificate for your vhost. Have you checked if that ssl certificate works when you bypass cloudflare to check ? if you used centmin mod's letsencrypt integration to setup centmin mod nginx https/ssl certificate, it might have failed as you have an outdated syntax in non-https nginx vhost for Code (Text): # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } which has been removed from docs and default templates in 123.09beta01 as this part can block free letsencrypt domain validation which uses web root file based validation at /.well-known directory which that syntax blocks. So if temp disable cloudflare or just cloudflare's ssl temporarily disable + you redo only steps 1-4 outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates AFTER removing that syntax in non-https nginx vhost and doing nginx restart, you should have a valid ssl cert and https nginx vhost on backend and then re-enabling cloudflare or cloudflare's ssl (full ssl), should work for https side. Though this doesn't directly address the "unknown server_https variable" errors but it might be due to non working https
I didn't use letsencrypt integration, I just generated a selfsigned ssl cert. Are steps 1-4 you referred to still applying in this case? I'm using cloudflare flexible ssl, although I'm planing to use the full one.
Well, right now I'm using cloudflare's flexible SSL, but I'm serving the pages on http, as when I tried to serve https after that error occurred, it didn't work.
no that doesn't apply though you want to remove the syntax anyway flexible ssl should have working https based curl header check commands but you're getting errors though could be an issue with oudated curl not support cloudflare flexible ssl's ECDSA based ssl certs what is curl version used ? Code (Text): curl -V
what is curl version used ? Code (Text): curl -V Code: curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.28.4 zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
So, after I commented out that syntax and restarted nginx, curl now gives me: Code (Text): # curl -I https://mydomain.com HTTP/1.1 200 OK Date: Sat, 09 Dec 2017 17:46:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Set-Cookie: __cfduid=d06fa3dc77b56890da0380b2de0595b711512841567; expires=Sun, 09-Dec-18 17:46:07 GMT; path=/; domain=.mydomain.com; HttpOnly Last-Modified: Sat, 09 Dec 2017 09:29:22 GMT Vary: Accept-Encoding Server: cloudflare-nginx CF-RAY: 3ca9c837e8109d56-AMS
that looks good though not sure how that syntax blocked cloudflare https as it should only block letsencrypt domain validation unless you re-ran steps 1-4 of migrating existing non-https to https from linked guide above too? if you did then that explains it, failed letsencrypt ssl cert validation of domain led to cloudflare full ssl failing to work but now it's fixed curl version looks fine
No, I didn't follow those steps, as you instructed. As a matter of fact, if I try to uncomment "fastcgi_param HTTPS $server_https;" in php-wpsc.conf, nginx -t fails.
Should I try migrating to HTTP/2 based HTTPS With Letsencrypt? Would I have to upgrade to 123.09beta01? I have to remind you that this specific vhost is a live woocommerce site, and I can't afford any downtime longer than 5 minutes or so
one thing DO NOT comment out include file /usr/local/nginx/conf/fastcgi_param_https_map.conf within nginx.conf as it's needed to set that variable $server_https as without it you can also get the error you see in nginx -t test output
Well, problems seem to be a little more serious. I couldnāt access my phpmyadmin page, so I tried to reinstall it. But I encountered the following warning: Code (Text): Warning: detected possible duplicate server_name entry main hostname vhost server_name value has to be unique and separate from any other nginx vhost site you addded Check your server_name in /usr/local/nginx/conf/conf.d/virtual.conf read Step 1 of Getting Started Guide for main hostname proper setup https://centminmod.com/getstarted.html My main hostname is web.mydomain.com. When I added my vhost domain, I named it mydomain.com (without www). Could that be the issue here? LE: Dumb question. Of course that couldn't be the issue, but I don't understand where is my duplicate server_name entry
what's output for command to grep recursively in nginx vhost directory and filter for server_name entries below Code (Text): grep -rn 'mydomain.com' /usr/local/nginx/conf/conf.d | grep server_name
I'm not going to replace my domain name anymore, as it'll be easier for both of us to follow: Code (Text): # grep -rn 'mszp.ro' /usr/local/nginx/conf/conf.d | grep server_name /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf.bak:4: server_name web.mszp.ro; /usr/local/nginx/conf/conf.d/mszp.ro.conf:9:# server_name mszp.ro; /usr/local/nginx/conf/conf.d/mszp.ro.conf:14: server_name mszp.ro www.mszp.ro; /usr/local/nginx/conf/conf.d/mszp.ro.ssl.conf:10:# server_name mszp.ro www.mszp.ro; /usr/local/nginx/conf/conf.d/mszp.ro.ssl.conf:16:# server_name mszp.ro www.mszp.ro; /usr/local/nginx/conf/conf.d/virtual.conf:4: server_name web.mszp.ro;