nginx woes after Custombuild update

Strator

Verified User
Joined
Jan 19, 2011
Messages
239
Hi all,

After doing a full custombuild update today (got a notification before that I hadn't done one for 32 days) all of my sites were down. Sites are up again now, but I'm not sure if I took the right steps and could also use some help with final clean-up.

Server is running CentOS and nginx_apache. Nginx was choking after the update, with the following log error:

[emerg] 9082#0: the "http2" parameter requires ngx_http_v2_module in /etc/nginx/nginx-vhosts.conf:41

After some research it appeared I needed to upgrade from openssl 1.0.1 to openssl 1.0.2, which I did by running the following commands:

cd /usr/src
wget http://www.openssl.org/source/openssl-1.0.2o.tar.gz
tar -xvzf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o

./config --prefix=/usr no-threads shared
make
make test
make install

cd /usr/local/directadmin/custombuild
./build clean
./build update
./build apache
./build php d
./build exim
./build dovecot
./build nginx

Sites still down, so I ran this as well:

cd /usr/local/directadmin/custombuild
./build update
./build update_da
./build set webserver nginx_apache
./build nginx_apache
./build rewrite_confs

cd /usr/local/directadmin/custombuild
mkdir -p custom/nginx_reverse
cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx
perl -pi -e 's#"--group=nginx" \\#"--group=nginx" \\\n\t"--with-http_geoip_module" \\\n\t"--with-http_v2_module" \\#' custom/nginx_reverse/configure.nginx
./build nginx

(The geoip-module being part of my original configuration).

Now the sites are up and running again - but I'm a bit confused. Why would a simple Custombuild update break my server functionality - I always thought that's a relatively "safe" routine? Seems like nobody else had the issue - which usually points to an error on my end. Did I take the right steps to update openssl and get this fixed, or would there have been a better way?

Any input appreciated!

(PS: And a simple, slightly embarassing question: Apart from regular Custombuild updates, should I be running "yum update" once in a while?)
 
Last edited:
Custom openssl version should never be compiled system-wide, as it could break many things. If you don't use http2, CustomBuild would not enable it for you, unless it's specified in custom/nginx_reverse/configure.nginx.
 
Custom openssl version should never be compiled system-wide, as it could break many things. If you don't use http2, CustomBuild would not enable it for you, unless it's specified in custom/nginx_reverse/configure.nginx.
The master himself - thanks for the quick reply on Easter Sunday. :)

So once again: I didn't touch anything except for the "update all" button in the Custombuild 2 interface. When the update was finished, nginx was down due to the "http2" parameter in nginx-vhosts.conf which I never put there. Either it was put there by the update, or it was always there but never caused an error until today's update.

I only compiled openssl 1.0.2 AFTERWARDS because I somehow needed to get my sites back online.
 
Thanks. Happy Easter! :)

Please make sure you do not have http2=1 in the output of:
Code:
/usr/local/directadmin/directadmin c | grep http2

I guess you might have OS/license mismatch in DA, if it was added there out of nowhere. What's your OS?
 
It is probably no surprise that I DO have http2=1 in that output.

My OS is CentOS 7.0 64-Bit.
 
It means your OS might not be updated :) New versions of DA default to http2=1 on CentOS 7.x, because 7.4 has full support for it in OpenSSL, without any need to compile anything. "yum -y update", "./build apache", "./build nginx" and you're good to go :)
 
Thanks. I'm still kinda confused, because I thought that Custombuild would keep my system up-to-date. If you scroll to the bottom of my initial post, you will see that I asked about "yum update" as well.

Fact is that I did run "yum update" before doing what I described above, but that didn't solve the problem. I guess that's because I didn't do "./build apache" and "./build nginx" afterwards?

Finally, as you can see above, I already compiled OpenSSL manually, and you indicated that was not ideal. Is there something I need to fix?
 
Yes, "./build apache" and "./build nginx" would have fixed it :) Regarding openssl - try "make uninstall" in openssl folder which you ran "make install" in to uninstall it globally.
 
I'm afraid that didn't work too well.

Code:
make: *** No rule to make target `uninstall'.  Stop.
 
So I guess the OpenSSL I installed cannot be uninstalled? If yes, what are the implications? And what's the recommended procedure from here on? Always run "yum update" before updating via Custombuild? Thanks once more.
 
I had this issue today.
I switched to the new Evolution skin
And after that updated nginx from custombuilder

Got 2 errors:
2019/11/30 16:29:01 [warn] 10606#0: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx-vhosts.conf:44
2019/11/30 16:29:01 [emerg] 10606#0: the "http2" parameter requires ngx_http_v2_module in /usr/local/directadmin/data/users/xyz/nginx.conf:50

The first error:
This was in the /etc/nginx/nginx-vhosts.conf file
Code:
listen       aaa.bbb.ccc.ddd:443 ssl;
listen       127.0.0.1:443 ssl;
listen       [::1]:443 ssl;
server_name  $hostname aaa.bbb.ccc.ddd;
# next line is 44 and I've put a # to comment it
ssl            on;
ssl_certificate        /etc/httpd/conf/ssl.crt/server.crt.combined;
ssl_certificate_key    /etc/httpd/conf/ssl.key/server.key;

The second error:
/usr/local/directadmin/data/users/xyz/nginx.conf:50
Code:
server
{
# next line is 50 and I've removed http2 from that line (also for all other users)
    listen 85.255.208.22:443 ssl http2;

Now nginx starts again.
So for the first error I should probably also set the # for ssl on; in the /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx-vhosts.conf file

But shouldn't I add "--with http2" in /usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx file to solved the issue even better?
 
Ok like they said here (sort of)
Code:
yum update -y
then do you have both nginx and apache?
if yes
Code:
cd /usr/local/directadmin/custombuild
./build clean
./build update
./build nginx_apache
./build rewrite_confs

if no use whichever one nginx or apache
Code:
cd /usr/local/directadmin/custombuild
./build clean
./build update
./build nginx
./build rewrite_confs
 
Hi Brent,
After ./build rewrite_confs the issue is back again.
How can I prevent this error happening again?
 
The command ./build rewrite_confs will rewrite all users nginx.conf and httpd.conf (which you earlier modified). The users configs for nginx/apache should never be edited directly. Hence you faced the issue again.
 
Hi Alex,

Each time the server updates nginx this occurs, with downtime.
How should I prevent this from happening ever again?
 
Back
Top