Portaal Portaal Pingviini veeb foorumi pealeht
  Viki  |  IRC  |  Otsing  |  Küsimused ja vastused  |  Profiil  |  Privaatsõnumite vaatamiseks logi sisse  | Logi sisse või Registreeru
<empty>
Vaata järgmist teemat
Vaata eelmist teemat

Postita uus teemaVasta teemale
Autor Sõnum
-IFFI-
Vana Pingviin
Vana Pingviin


Vanus: 48
Liitunud: 25.06.2005
Postitused: 1411
Asukoht: Lappeenranta-Turku
Distributsioon: Linux MX
finland.gif
postituspostitatud: 13.02.2021, 20:07  postituse pealkiri:  Nginx server seiskub teatud ajatagant ise-vigane letsencrypt  

Olen suutnud taast miski jubeda suppi oma oskamatusest kokku keerata mida susi ka enam ei söö. Serveris Debian10, NGINX, PHP 7.4 ja 4 erinevat domeeni.

Miski eelmine nädal hakkas teatud ajatagant ennast nginx server välja lülitama. Googeldades olen jõudnud jälile, et seda ilmselt põhjustab Let's Encrypti sertide uuendamine. Keerasin selle küll kinni aga miski jama on ikka kusagil.

Uurisin domeenide konf faile siis minuarust tunduvad need liiga segased olevat!!! Toda SSL asjandust on vist liiga palju minu arust...

Siin on üks konfi näide ja teised kolm on samasuguse sisuga (muidugi domeeni nimed on erinevad) tegemist ei ole alamdomeenidega vaid kõik domeenid on iseseisvad.

Kood:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name domeen.net;

    ssl_certificate /etc/letsencrypt/live/domeen.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domeen.net/privkey.pem;

    access_log /home/iffi/domeen.net/logs/access.log;
    error_log /home/iffi/domeen.net/logs/error.log;

    root /home/iffi/domeen.net/public/;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.domeen.net;

    ssl_certificate /etc/letsencrypt/live/domeen.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domeen.net/privkey.pem;

    return 301 https://domeen.net$request_uri;
}

server {
    listen 80;
    listen [::]:80 ipv6only=on;

    server_name domeen.net www.domeen.net;

    return 301 https://domeen.net$request_uri;
}


Mõningad terminali väljundid mis mulle miskit ei ütle:

Kood:

Cert not due for renewal, but simulating renewal for dry run
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/domeen.net:49
nginx: configuration file /etc/nginx/nginx.conf test failed

Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/domeen.net:49\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
Attempting to renew cert (domeen.net) from /etc/letsencrypt/renewal/domeen.net.conf produced an unexpected error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/domeen.net:49\nnginx: configuration file /etc/nginx/nginx.conf test failed\n'). Skipping.



Miski list
Kood:
$ grep -r listen /etc/nginx/*
/etc/nginx/conf.d/phpmyadmin.conf:    listen [::]:443 ssl ipv6only=on; # managed by Certbot
/etc/nginx/conf.d/phpmyadmin.conf:    listen 443 ssl; # managed by Certbot
/etc/nginx/conf.d/phpmyadmin.conf:  listen 80;
/etc/nginx/conf.d/phpmyadmin.conf:  listen [::]:80;
/etc/nginx/nginx.conf:        listen 80;
/etc/nginx/nginx.conf:       listen [::]:80 ipv6only=on;
/etc/nginx/sites-available/domeen1.net:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen1.net:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen1.net:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen1.net:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen1.net:    listen 80;
/etc/nginx/sites-available/domeen1.net:    listen [::]:80 ipv6only=on;
/etc/nginx/sites-available/domeen.site:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen.site:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen.site:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen.site:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen.site:    listen 80;
/etc/nginx/sites-available/domeen.site:    listen [::]:80 ipv6only=on;
/etc/nginx/sites-available/domeen2.net:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen2.net:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen2.net:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen2.net:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen2.net:    listen 80;
/etc/nginx/sites-available/domeen2.net:    listen [::]:80 ipv6only=on;
/etc/nginx/sites-available/domeen.info:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen.info:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen.info:    listen 443 ssl http2;
/etc/nginx/sites-available/domeen.info:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/domeen.info:    listen 80;
/etc/nginx/sites-available/domeen.info:    listen [::]:80 ipv6only=on;


siin peaks see automaatne letsencrypt auto renew olema mille keelasin
/etc/systemd/system/timers.target.wants/certbot.timer

Kood:

[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

#[Install]
#WantedBy=timers.target


Oskab keegi miskit tarka jagada kuidas või mida uurida, et saaks tolle sasipuntra lahti arutatud ja selle nginx serveri iseenesest seiskumise kõrvaldatud. Hetkel ei oskagi miskit tarka enam juurde kirjutada.

Omapeaga ja googlega ma seda probleemi ei suuda enam lahendada.

/var/log/nginx/error.log
Kood:
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: bind() to [::]:80 failed (98: Address already in use)
2021/02/13 19:02:08 [emerg] 778007#778007: still could not bind()
2021/02/13 19:05:12 [info] 540#540: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:72


DaStoned
Pingviini aktivist
Pingviini aktivist


Vanus: 43
Liitunud: 11.01.2007
Postitused: 392
Asukoht: Tallinn
Distributsioon: Debian
estonia.gif
postituspostitatud: 16.02.2021, 13:49  postituse pealkiri:  (teema puudub)  

Ma küll pole nginx ekspert, aga error.log vihjaks nagu sellele, et probleem on nginx konfis (mitte üldse letsencryptis). Tundub, et sa tahad mitu nginx-i samale pordile kuulama panna?

Kindlasti tasub järele vaadata, kes see masuurikas seal 80 ja 443 portide otsas õieti kuulab:
Kood:
$ sudo netstat -tuanp | grep LISTEN

_________________
When the shit hits the fan, keep your mouth shut!

imre
Vana Pingviin
Vana Pingviin



Liitunud: 16.08.2005
Postitused: 2648
Asukoht: Saku kant
Distributsioon: Ubuntu
estonia.gif
postituspostitatud: 16.02.2021, 15:46  postituse pealkiri:  (teema puudub)  

Kood:
nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/domeen.net:49
nginx: configuration file /etc/nginx/nginx.conf test failed

See on sul vihjeks, ehk domeen.net kontrolli üle.
Võid ju kuskile pastebin oma konfi panna, saab pilgu peale visata.

_________________
Enne teema püstitamist kasutage OTSINGUT
Küsi targalt: Infot siit!
Kui aru ei saa, siis küsi.

Näita (aja järgi):      
Postita uus teemaVasta teemale


Vaata järgmist teemat
Vaata eelmist teemat
Powered by phpBB2 Plus based on phpBB © 2001/7 phpBB Group