Nginx won't work after upgrade to v0.26b


#1

nginx won’t work after upgrade to v0.26b

Mail-in-a-Box Version:  v0.26b

Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Installing nsd (DNS server)...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Set log level to debug
Exception: Updates between multiple major versions and downgrades are unsupported.
Update failed
Maintenance mode is kept active
Reset log level

$ service nginx status
 * nginx is not running

#2

Move the /home/YOURUSERNAME/mailinabox directory to a new location:

mv /home/YOURUSERNAME/mailinabox /home/YOURUSERNAME/mailinabox.backup

then re-run the installer.


#3

Thanks for the advice, but it didn’t work for me…


#4

Damn, sorry then, I honestly have no clue, can you PM me the nginx error log?


#5

Hi sinanto,
Can you post the output of your Nginx error log after doing Nginx restart?

sudo service nginx restart
sudo tail -n20 /var/log/nginx/error.log

I’ve tested a restore on all my backups from my live server on a VMware Instance at home last night and I had similar issue Nginx was not starting up, altho not an upgrade like you, the issue was the SSL Certificate mismatch.
The upgrade does not restore the symlinked ssl_certificate.pem correctly but restores the private key: ssl_private_key.pem.

ls -l /home/user-data/ssl/
total 28
-rw-r--r-- 1 root dovecot 3441 Jan 20 17:30 box.example.net-20180420-9c5.pem
-rw-r--r-- 1 root root     989 Jan 20 17:24 box.example.net--selfsigned-20180120.pem
-rw-r--r-- 1 root root     424 Jan 20 17:25 dh2048.pem
drwxr-xr-x 3 root root    4096 Jan 20 17:29 lets_encrypt
-rw------- 1 root root    3494 Jan 20 22:27 example.net-20180420-734.pem
lrwxrwxrwx 1 root root      56 Jan 20 17:30 ssl_certificate.pem -> /home/user-data/ssl/box.example.net--20180420-9c5.pem
-rw------- 1 root dovecot 1675 Jan 20 17:24 ssl_private_key.pem
-rw------- 1 root root    3494 Jan 22 03:02 otherdomains.co.uk-20180422-9af0.pem

And Nginx does not start because of certificate mismatch. Before the restore Box had a self-signed certificate, ssl_certificate.pem -> was still pointing to the self-signed while the private key was updated from my backup. Fixing symlink solved the issue. But checking the logs is the best place to start.

Kind Regards,
Martin


#6

Yes, it seems that it was a certificate problem. But it is something else now.

2018/02/04 06:39:28 [emerg] 19478#0: "location" directive is not allowed here in /etc/nginx/conf.d/local.conf:62

I had to renew my certificate. To activate it, I need nginx to work. But it does not…

I don’t understand… Is this stack maintained or are we on our own all together???


#7

I assume you run MIAB v.26b on Ubuntu 14.04.5 LTS, you run Nginx version: nginx/1.4.6 (Ubuntu), and you have not made any modifications manually to Nginx local.conf

This is a section of my local.conf

 44 # The secure HTTPS server.
 45 server {
 46         listen 443 ssl;
 47         listen [::]:443 ssl;
 48 
 49         server_name box.example.com;
 50 
 51         # Improve privacy: Hide version an OS information on
 52         # error pages and in the "Server" HTTP-Header.
 53         server_tokens off;
 54 
 55         ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
 56         ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;
 57 
 58         # Expose this directory as static files.
 59         root /home/user-data/www/default;
 60         index index.html index.htm;
 61 
 62         location = /robots.txt {
 63                 log_not_found off;
 64                 access_log off;
 65         }
 66 
 67         location = /favicon.ico {
 68                 log_not_found off;
 69                 access_log off;
 70         }
 71 
 72         location = /mailinabox.mobileconfig {
 73                 alias /var/lib/mailinabox/mobileconfig.xml;
 74         }
 75         location = /.well-known/autoconfig/mail/config-v1.1.xml {
 76                 alias /var/lib/mailinabox/mozilla-autoconfig.xml;
 77         }
 78 
 79         # Roundcube Webmail configuration.
 80         rewrite ^/mail$ /mail/ redirect;
 81         rewrite ^/mail/$ /mail/index.php;
 82         location /mail/ {
 83                 index index.php;
 84                 alias /usr/local/lib/roundcubemail/;
 85         }
 86         location ~ /mail/config/.* {
 87                 # A ~-style location is needed to give this precedence over the next block.
 88                 return 403;
 89         }
 90         location ~ /mail/.*\.php {
 91                 # note: ~ has precendence over a regular location block
 92                 include fastcgi_params;
 93                 fastcgi_split_path_info ^/mail(/.*)()$;
 94                 fastcgi_index index.php;
 95                 fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
 96                 fastcgi_pass php-fpm;
 97 
 98                 # Outgoing mail also goes through this endpoint, so increase the maximum
 99                 # file upload limit to match the corresponding Postfix limit.
100                 client_max_body_size 128M;
101         }

Can you compare with yours and see if you see any differences or typos before/in/after line#62?

Regards,


#8

Evrything is exactly the same…


#9

First, can you paste a list of files under these two directories?

sudo ls -l /etc/nginx/conf.d/

sudo ls -l /etc/nginx/sites-enabled/

and the content of

sudo cat /etc/nginx/nginx.conf

Second, If you’d like to paste the content of few nginx configs as well this could provide the full picture for us:

sudo cat /etc/nginx/conf.d/local.conf

sudo cat /etc/nginx/conf.d/ssl.conf

Remember to remove/change the names of your site. You may want to keep these private?

  1. server_name example.com

  2. ssl_certificate site names:

    ssl_certificate /home/user-data/ssl/example.com.pem;
    ssl_certificate_key /home/user-data/ssl/example.com_key.pem;

  3. root /home/user-data/www/example.com;

  4. all comments with your domain name: ## example.com

Regards,


#10

Might also be worthwhile to see the results of nginx’s configuration test:

nginx -t