Skip to content
Sudonix

nginx can't start again

Moved Solved Configure
  • DownPWundefined DownPW

    @justoverclock said in nginx can't start again:

    /etc/nginx/sites-enabled/justoverclock.it.conf

    command result ? :

    cat /etc/nginx/sites-enabled/justoverclock.it.conf
    justoverclockundefined

    @downpw said in nginx can't start again:

    @justoverclock said in nginx can’t start again:

    server
{
        server_name justoverclock.it www.justoverclock.it autoconfig.justoverclock.it autodiscover.justoverclock.it;
  root /home/justoverclock/public_html;
  index index.php index.htm index.html;
  access_log /var/log/virtualmin/justoverclock.it_access_log;
  error_log /var/log/virtualmin/justoverclock.it_error_log;
  fastcgi_param GATEWAY_INTERFACE CGI/1.1;
  fastcgi_param SERVER_SOFTWARE nginx;
  fastcgi_param QUERY_STRING $query_string;
  fastcgi_param REQUEST_METHOD $request_method;
  fastcgi_param CONTENT_TYPE $content_type;
  fastcgi_param CONTENT_LENGTH $content_length;
  fastcgi_param SCRIPT_FILENAME /home/justoverclock/public_html$fastcgi_script_name;
  fastcgi_param SCRIPT_NAME $fastcgi_script_name;
  fastcgi_param REQUEST_URI $request_uri;
  fastcgi_param DOCUMENT_URI $document_uri;
  fastcgi_param DOCUMENT_ROOT /home/justoverclock/public_html;
  fastcgi_param SERVER_PROTOCOL $server_protocol;
  fastcgi_param REMOTE_ADDR $remote_addr;
  fastcgi_param REMOTE_PORT $remote_port;
  fastcgi_param SERVER_ADDR $server_addr;
  fastcgi_param SERVER_PORT $server_port;
  fastcgi_param SERVER_NAME $server_name;
  fastcgi_param PATH_INFO $fastcgi_path_info;
  fastcgi_param HTTPS $https;
  location ~ ^/ads.txt {
  root /var/www;
}
  location /
  {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;
        rewrite ^\Q/mail/config-v1.1.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
        rewrite ^\Q/.well-known/autoconfig/mail/config-v1.1.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
        rewrite ^\Q/AutoDiscover/AutoDiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
        rewrite ^\Q/Autodiscover/Autodiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
        rewrite ^\Q/autodiscover/autodiscover.xml\E(.*) $scheme://$host/cgi-bin/autoconfig.cgi$1 break;
        ssl_certificate /home/justoverclock/ssl.combined;
        ssl_certificate_key /home/justoverclock/ssl.key;
  }
  client_max_body_size 5G;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  location /cgi-bin/
  {
    gzip off;
    root /home/justoverclock/cgi-bin;
    fastcgi_pass unix:/var/fcgiwrap/163388321568860.sock/socket;
    fastcgi_param SCRIPT_FILENAME /home/justoverclock$fastcgi_script_name;
  }
  listen 165.232.65.12:443 ssl default_server;
    ssl_certificate /etc/letsencrypt/live/justoverclock.it-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/justoverclock.it-0001/privkey.pem; # managed by Certbot

  if ($scheme = http)
  {
    rewrite ^/(?!.well-known)(.*) https://justoverclock.it/$1 break;
  }
  fastcgi_read_timeout 60;

}
server
{
    if ($host = justoverclock.it) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name justoverclock.it www.justoverclock.it autoconfig.justoverclock.it autodiscover.justoverclock.it;
  listen 165.232.65.12 default_server;
    return 404; # managed by Certbot


}
    0
  • DownPWundefined

    normally, the ssl parameter must be enabled on listening sockets in the server block

    Backup the conf file before and test that

    unfortunately I have to leave

    PW and WS Spirit alive

    0
  • DownPWundefined DownPW

    normally, the ssl parameter must be enabled on listening sockets in the server block

    Backup the conf file before and test that

    unfortunately I have to leave

    justoverclockundefined

    @downpw not work

    phenomlabundefined justoverclockundefined 2 Replies
    0
  • justoverclockundefined justoverclock

    @downpw not work

    phenomlabundefined

    @justoverclock I can get to this in around an hour

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    1
  • justoverclockundefined justoverclock

    @downpw not work

    justoverclockundefined

    @justoverclock done, i’ve removed that line and works again

    @phenomlab fixed it, removed the two lines and all works again

    0
  • justoverclockundefined justoverclock

    @justoverclock done, i’ve removed that line and works again

    @phenomlab fixed it, removed the two lines and all works again

    phenomlabundefined

    @justoverclock good 😁

    What caused the issue ? Was something new added to nginx.conf ?

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    0
  • phenomlabundefined

    @justoverclock you should also change this line

    client_max_body_size 5G;

    That could expose your server to a denial of service if someone decides to upload that large a file.

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    0
  • DownPWundefined

    @justoverclock

    this line ?

        ssl_certificate /home/justoverclock/ssl.combined;
    ssl_certificate_key /home/justoverclock/ssl.key;

    PW and WS Spirit alive

    0
  • DownPWundefined DownPW

    @justoverclock

    this line ?

        ssl_certificate /home/justoverclock/ssl.combined;
    ssl_certificate_key /home/justoverclock/ssl.key;
    justoverclockundefined

    @downpw yep exactly

    0
  • justoverclockundefined justoverclock

    @downpw yep exactly

    phenomlabundefined

    @justoverclock those two lines

    ssl_certificate /etc/letsencrypt/live/justoverclock.it-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/justoverclock.it-0001/privkey.pem; # managed by Certbot

    Are issued by certbot, but aren’t normally positioned in the server block. Very odd.

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    0
  • phenomlabundefined phenomlab has marked this topic as solved on
  • justoverclockundefined justoverclock

    hello guys again, something odd happened today, i’ve noticed that my website was down, it show

    err connection refused

    i’ve tried to restart nginx but i get some error that i’m not understand…

    root@:~# sudo service nginx restart
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
root@:~# sudo service nginx start
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

Jan 22 14:22:43 justoverclock.it systemd[1]: Starting A high performance web server and a reverse proxy server>
Jan 22 14:22:43 justoverclock.it nginx[2386]: nginx: [emerg] "ssl_certificate" directive is not allowed here i>
Jan 22 14:22:43 justoverclock.it nginx[2386]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jan 22 14:22:43 justoverclock.it systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAIL>
Jan 22 14:22:43 justoverclock.it systemd[1]: nginx.service: Failed with result 'exit-code'.
Jan 22 14:22:43 justoverclock.it systemd[1]: Failed to start A high performance web server and a reverse proxy
    elhana fineundefined

    @justoverclock
    I have not yet gone through the comments to see what they answered you,
    But never restart Nginx before checking that all the blocks are working properly (this is how you check: sudo nginx -t)
    When nginx is restarted with an error it causes all sites (error 521) to shut down until the fault is resolved.
    If the test passed successfully you can restart Nginx (how to run: sudo systemctl reload nginx)

    0
  • elhana fineundefined elhana fine

    @justoverclock
    I have not yet gone through the comments to see what they answered you,
    But never restart Nginx before checking that all the blocks are working properly (this is how you check: sudo nginx -t)
    When nginx is restarted with an error it causes all sites (error 521) to shut down until the fault is resolved.
    If the test passed successfully you can restart Nginx (how to run: sudo systemctl reload nginx)

    phenomlabundefined

    @elhana-fine Also worth noting that nginx -t is not disruptive, and will not cause your sites to go offline in the event that the test fails.

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    0
  • phenomlabundefined phenomlab

    @elhana-fine Also worth noting that nginx -t is not disruptive, and will not cause your sites to go offline in the event that the test fails.

    elhana fineundefined

    @phenomlab
    I am writing this from past experience.
    Whenever the test failed, all sites on the server were shut down (and returned error 521/502)
    Maybe I’m wrong, I write my experiences

    0
  • elhana fineundefined elhana fine

    @phenomlab
    I am writing this from past experience.
    Whenever the test failed, all sites on the server were shut down (and returned error 521/502)
    Maybe I’m wrong, I write my experiences

    phenomlabundefined

    @elhana-fine Interesting. That shouldn’t happen with a test. It’s supposed to be a dry run.

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    0
  • phenomlabundefined phenomlab

    @elhana-fine Interesting. That shouldn’t happen with a test. It’s supposed to be a dry run.

    elhana fineundefined

    @phenomlab
    I mean when the test failed and I restarted the nginx with the error (sudo systemctl reload nginx)
    Apparently an error in one block in Nginx affects all blocks.

    0
  • elhana fineundefined elhana fine

    @phenomlab
    I mean when the test failed and I restarted the nginx with the error (sudo systemctl reload nginx)
    Apparently an error in one block in Nginx affects all blocks.

    phenomlabundefined

    @elhana-fine Yes that will happen of course if you still choose to restart the NGINX service after making a change and the test fails. The test on it’s own will state the error and the line number allowing you to fix that first 🙂

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    1
Log in to reply

Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation 💗

Related Topics
  • DownPWundefined

    Nginx core developer quits project in security dispute, starts “freenginx” fork

    Hosting freenginx nginx
    6
    3 Votes
    6 Posts
    684 Views
    phenomlabundefined
    @DownPW said in Nginx core developer quits project in security dispute, starts “freenginx” fork: Maybe virtualmin implement it in the future… I don’t think they will - my guess is that they will stick with the current branch of NGINX. I’ve not personally tested it, but the GIT page seems to be very active. This is equally impressive [image: 1714914575066-8ac0d197-68fa-4bd8-bfa3-87237bf8f1f4-image.png] I think the most impressive on here is the native support of HTTP 3
  • cagatayundefined

    Getting Eror When Started NodeBB

    Solved Configure bug
    7
    1
    2 Votes
    7 Posts
    613 Views
    cagatayundefined
    @phenomlab yes i did. i deleted one of plugin then it started to work normally.
  • Pandaundefined

    Is nginx necessary to use?

    Moved Solved Hosting nginx web
    2
    1 Votes
    2 Posts
    458 Views
    phenomlabundefined
    @Panda said in Cloudflare bot fight mode and Google search: Basic question again, is nginx necessary to use? No, but you’d need something at least to handle the inbound requests, so you could use Apache, NGINX, Caddy… (there are plenty of them, but I tend to prefer NGINX) @Panda said in Cloudflare bot fight mode and Google search: Do these two sites need to be attached to different ports, and the ports put in the DNS record? No. They will both use ports 80 (HTTP) and 443 (HTTPS) by default. @Panda said in Cloudflare bot fight mode and Google search: Its not currently working, but how would the domain name know which of the two sites to resolve to without more info? Currently it only says the IP of the whole server. Yes, that’s correct. Domain routing is handled (for example) at the NGINX level, so whatever you have in DNS will be presented as the hostname, and NGINX will expect a match which once received, will then be forwarded onto the relevant destination. As an example, in your NGINX config, you could have (at a basic level used in reverse proxy mode - obviously, the IP addresses here are redacted and replaced with fakes). We assume you have created an A record in your DNS called “proxy” which resolves to 192.206.28.1, so fully qualified, will be proxy.sudonix.org in this case. The web browser requests this site, which is in turn received by NGINX and matches the below config server { server_name proxy.sudonix.org; listen 192.206.28.1; root /home/sudonix.org/domains/proxy.sudonix.org/ogproxy; index index.php index.htm index.html; access_log /var/log/virtualmin/proxy.sudonix.org_access_log; error_log /var/log/virtualmin/proxy.sudonix.org_error_log; location / { proxy_set_header Access-Control-Allow-Origin *; proxy_set_header Host $host; proxy_pass http://localhost:2000; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Api-Key $http_x_api_key; } location /images { index index.php index.htm index.html; root /home/sudonix.org/domains/proxy.sudonix.org/ogproxy; } fastcgi_split_path_info "^(.+\.php)(/.+)$"; listen 192.206.28.1:443 ssl http2; ssl_certificate /home/sudonix.org/domains/proxy.sudonix.org/ssl.combined; ssl_certificate_key /home/sudonix.org/ssl.key; } The important part here is server_name proxy.sudonix.org; as this is used to “map” the request to the actual domain name, which you can see in the root section as root /home/sudonix.org/domains/proxy.sudonix.org/ogproxy; As the DNS record you specified matches this hostname, NGINX then knows what to do with the request when it receives it.
  • Pandaundefined

    Removing blue 'moved' tag from post

    Solved Configure nodebb
    16
    2
    3 Votes
    16 Posts
    1k Views
    Pandaundefined
    @phenomlab Ah, got it working! I reversed the CSS addition to put z index high, and then I could see another error box saying fork title must be at least 3 characters. So made the new fork title longer and button responded.
  • phenomlabundefined

    Optimum config for NodeBB under NGINX

    Performance nginx performance
    4
    3 Votes
    4 Posts
    937 Views
    phenomlabundefined
    @crazycells hi - no security reason, or anything specific in this case. However, the nginx.conf I posted was from my Dev environment which uses this port as a way of not interfering with production. And yes, I use clustering on this site with three instances.
  • phenomlabundefined

    Cannot read property 'config' of undefined

    Solved Configure
    1
    0 Votes
    1 Posts
    321 Views
    No one has replied
  • RiekMediaundefined

    nginx seo urls

    Solved Configure
    15
    3 Votes
    15 Posts
    2k Views
    phenomlabundefined
    @riekmedia that looks fine to me
  • justoverclockundefined

    Digitalocean Ubuntu configuration

    Solved Linux
    33
    12 Votes
    33 Posts
    3k Views
    justoverclockundefined
    @phenomlab thank you! not me