nginx woes after Custombuild update

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
Hi all,

After doing a full custombuild update today (got a notification before that I hadn't done one for 32 days) all of my sites were down. Sites are up again now, but I'm not sure if I took the right steps and could also use some help with final clean-up.

Server is running CentOS and nginx_apache. Nginx was choking after the update, with the following log error:

[emerg] 9082#0: the "http2" parameter requires ngx_http_v2_module in /etc/nginx/nginx-vhosts.conf:41

After some research it appeared I needed to upgrade from openssl 1.0.1 to openssl 1.0.2, which I did by running the following commands:

cd /usr/src
wget http://www.openssl.org/source/openssl-1.0.2o.tar.gz
tar -xvzf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o

./config --prefix=/usr no-threads shared
make
make test
make install

cd /usr/local/directadmin/custombuild
./build clean
./build update
./build apache
./build php d
./build exim
./build dovecot
./build nginx

Sites still down, so I ran this as well:

cd /usr/local/directadmin/custombuild
./build update
./build update_da
./build set webserver nginx_apache
./build nginx_apache
./build rewrite_confs

cd /usr/local/directadmin/custombuild
mkdir -p custom/nginx_reverse
cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx
perl -pi -e 's#"--group=nginx" \\#"--group=nginx" \\\n\t"--with-http_geoip_module" \\\n\t"--with-http_v2_module" \\#' custom/nginx_reverse/configure.nginx
./build nginx

(The geoip-module being part of my original configuration).

Now the sites are up and running again - but I'm a bit confused. Why would a simple Custombuild update break my server functionality - I always thought that's a relatively "safe" routine? Seems like nobody else had the issue - which usually points to an error on my end. Did I take the right steps to update openssl and get this fixed, or would there have been a better way?

Any input appreciated!

(PS: And a simple, slightly embarassing question: Apart from regular Custombuild updates, should I be running "yum update" once in a while?)
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
Custom openssl version should never be compiled system-wide, as it could break many things. If you don't use http2, CustomBuild would not enable it for you, unless it's specified in custom/nginx_reverse/configure.nginx.
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
Custom openssl version should never be compiled system-wide, as it could break many things. If you don't use http2, CustomBuild would not enable it for you, unless it's specified in custom/nginx_reverse/configure.nginx.
The master himself - thanks for the quick reply on Easter Sunday. :)

So once again: I didn't touch anything except for the "update all" button in the Custombuild 2 interface. When the update was finished, nginx was down due to the "http2" parameter in nginx-vhosts.conf which I never put there. Either it was put there by the update, or it was always there but never caused an error until today's update.

I only compiled openssl 1.0.2 AFTERWARDS because I somehow needed to get my sites back online.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
Thanks. Happy Easter! :)

Please make sure you do not have http2=1 in the output of:
Code:
/usr/local/directadmin/directadmin c | grep http2
I guess you might have OS/license mismatch in DA, if it was added there out of nowhere. What's your OS?
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
It is probably no surprise that I DO have http2=1 in that output.

My OS is CentOS 7.0 64-Bit.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
It means your OS might not be updated :) New versions of DA default to http2=1 on CentOS 7.x, because 7.4 has full support for it in OpenSSL, without any need to compile anything. "yum -y update", "./build apache", "./build nginx" and you're good to go :)
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
Thanks. I'm still kinda confused, because I thought that Custombuild would keep my system up-to-date. If you scroll to the bottom of my initial post, you will see that I asked about "yum update" as well.

Fact is that I did run "yum update" before doing what I described above, but that didn't solve the problem. I guess that's because I didn't do "./build apache" and "./build nginx" afterwards?

Finally, as you can see above, I already compiled OpenSSL manually, and you indicated that was not ideal. Is there something I need to fix?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,347
Location
LT, EU
Yes, "./build apache" and "./build nginx" would have fixed it :) Regarding openssl - try "make uninstall" in openssl folder which you ran "make install" in to uninstall it globally.
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
I'm afraid that didn't work too well.

Code:
make: *** No rule to make target `uninstall'.  Stop.
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
So I guess the OpenSSL I installed cannot be uninstalled? If yes, what are the implications? And what's the recommended procedure from here on? Always run "yum update" before updating via Custombuild? Thanks once more.
 

cDGo

Verified User
Joined
Sep 21, 2012
Messages
56
I had this issue today.
I switched to the new Evolution skin
And after that updated nginx from custombuilder

Got 2 errors:
2019/11/30 16:29:01 [warn] 10606#0: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx-vhosts.conf:44
2019/11/30 16:29:01 [emerg] 10606#0: the "http2" parameter requires ngx_http_v2_module in /usr/local/directadmin/data/users/xyz/nginx.conf:50

The first error:
This was in the /etc/nginx/nginx-vhosts.conf file
Code:
listen       aaa.bbb.ccc.ddd:443 ssl;
listen       127.0.0.1:443 ssl;
listen       [::1]:443 ssl;
server_name  $hostname aaa.bbb.ccc.ddd;
# next line is 44 and I've put a # to comment it
ssl            on;
ssl_certificate        /etc/httpd/conf/ssl.crt/server.crt.combined;
ssl_certificate_key    /etc/httpd/conf/ssl.key/server.key;
The second error:
/usr/local/directadmin/data/users/xyz/nginx.conf:50
Code:
server
{
# next line is 50 and I've removed http2 from that line (also for all other users)
    listen 85.255.208.22:443 ssl http2;
Now nginx starts again.
So for the first error I should probably also set the # for ssl on; in the /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx-vhosts.conf file

But shouldn't I add "--with http2" in /usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx file to solved the issue even better?
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
581
Location
Murfreesboro
Ok like they said here (sort of)
Code:
yum update -y
then do you have both nginx and apache?
if yes
Code:
cd /usr/local/directadmin/custombuild
./build clean
./build update
./build nginx_apache
./build rewrite_confs
if no use whichever one nginx or apache
Code:
cd /usr/local/directadmin/custombuild
./build clean
./build update
./build nginx
./build rewrite_confs
 
Top