[SOLVED] NGINX does'n start after update to 22.1.9

[RamSense]

Tried the patch also, but it does not work.
When i Stop Nginx and try to restart it, it fails.

# opnsense-patch -c plugins a357676
Fetched a357676 via https://github.com/opnsense/plugins
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From a357676b926ba9db66bd72c246e9e78bbfaebfaa Mon Sep 17 00:00:00 2001
|From: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
|Date: Sat, 25 Jun 2022 11:42:14 +0300
|Subject: [PATCH] njs0.7.1 compat. (#3016)
|
|---
| www/nginx/src/opnsense/scripts/nginx/ngx_functions.js         | 2 ++
| .../src/opnsense/service/templates/OPNsense/Nginx/http.conf   | 4 ++--
| 2 files changed, 4 insertions(+), 2 deletions(-)
|
|diff --git a/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js b/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
|index 5f17d76ee9..3acd7d9dbc 100755
|--- a/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
|+++ b/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
--------------------------
Patching file opnsense/scripts/nginx/ngx_functions.js using Plan A...
Hunk #1 succeeded at 47.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
|index 13e5659a99..735bab34d2 100644
|--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
|+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
--------------------------
Patching file opnsense/service/templates/OPNsense/Nginx/http.conf using Plan A...
Hunk #1 succeeded at 21.
done
All patches have been applied successfully.  Have a nice day.

patch did run

@XeroX, did you try to stop and restart Nginx after the patch?

NB reverted back to "opnsense-revert -r 22.1.8 os-nginx -> still my nginx is broken and wont start anymore. trying to update it to the latest version again

[XeroX]

@XeroX, did you try to stop and restart Nginx after the patch?

Nginx was in stopped state while patching and started afterwards.

What does general logs say?

[RamSense]

reverting back and upgrading and patching all keeps my nginx broken....

i have unknown directive "js_include" in /usr/local/etc/nginx/nginx.conf:176

[XeroX]

Looks like completely messed up.

Upgrade to latest and apply patch afterwards. Applying patch twice will undo the patch.

[RamSense]

ok,
did
1. opnsense-revert -r 22.1.8 os-nginx (again now)
2. upgraded nginx to v 1.28 from the opnsense gui
3. run the patch from terminal: opnsense-patch -c plugins a357676

opnsense-patch -c plugins a357676
Found local copy of a357676, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From a357676b926ba9db66bd72c246e9e78bbfaebfaa Mon Sep 17 00:00:00 2001
|From: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
|Date: Sat, 25 Jun 2022 11:42:14 +0300
|Subject: [PATCH] njs0.7.1 compat. (#3016)
|
|---
| www/nginx/src/opnsense/scripts/nginx/ngx_functions.js         | 2 ++
| .../src/opnsense/service/templates/OPNsense/Nginx/http.conf   | 4 ++--
| 2 files changed, 4 insertions(+), 2 deletions(-)
|
|diff --git a/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js b/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
|index 5f17d76ee9..3acd7d9dbc 100755
|--- a/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
|+++ b/www/nginx/src/opnsense/scripts/nginx/ngx_functions.js
--------------------------
Patching file opnsense/scripts/nginx/ngx_functions.js using Plan A...
Hunk #1 succeeded at 47.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
|index 13e5659a99..735bab34d2 100644
|--- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
|+++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
--------------------------
Patching file opnsense/service/templates/OPNsense/Nginx/http.conf using Plan A...
Hunk #1 succeeded at 21.
done
All patches have been applied successfully.  Have a nice day.

did reboot my opnsense box after the patch (did not try to start nginx)

and that fixed it! all is working, did not try to stop and start nginx again now... to glad it is working :-)

XeroX: have you tried stop and start nginx from the opnsense gui?

[XeroX]

XeroX: have you tried stop and start nginx from the opnsense gui?

Yes, works fine for me.

[RamSense]

Ok, thanks for testing. I will check it out later also.

[ThyOnlySandman]

Same - unknown directive "js_include" in /usr/local/etc/nginx/nginx.conf:118

Tried suggestion twice now.  Still not starting.

1. opnsense-revert -r 22.1.8 os-nginx (again now)
2. upgraded nginx to v 1.28 from the opnsense gui
3. run the patch from terminal: opnsense-patch -c plugins a357676
4.  reboot

Also tried starting with nginx 1.27 - also won't start.   

[RamSense]

Was nginx stopped before those steps?
That was the difference from my earlier testing. And can confirm it is working now, just like XeroX.
hope it will work at your end also.

[Fright]

the updated templates need to be applied, so you need to click Apply on SERVICES: NGINX: CONFIGURATION page imho

[RamSense]

@Fright:
One thing i noticed is that when i stop and start nginx, or apply changes in niginx and go to a website behind nginx i get this error:
MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

When i go to the same webpage again, the error is gone and works.

In ACME Client Certificates - i have [OCSP Must Staple] checked
in NGINX i have [http server] - [OCSP Stapling] checked and [OCSP Verify] checked

Is this a normal error for first time website url visit after a restart or refresh of settings or some error on my end or some bug in nginx?

[ThyOnlySandman]

Yes NGINX was stopped after first boot from upgrade.  And when trying revert + install + patch.
I did try to apply on NGINX service config - can't remember if it was with reverted or new/patched.
I always get manual full vmware VM backup prior to updating.  I just restored back to 22.1.8_1 for now.  Revisit in a bit.

[Fright]

@RamSense
its a nginx bug feature - "ocsp lazy loading". need to hit every server after nginx restart or use ssl_stapling_file and maintain responses yourself
https://trac.nginx.org/nginx/ticket/1998

[RamSense]

@RamSense
its a nginx bug feature - "ocsp lazy loading". need to hit every server after nginx restart or use ssl_stapling_file and maintain responses yourself
https://trac.nginx.org/nginx/ticket/1998

Thnx!

[PIv0]

Upgrade to latest and apply patch afterwards. Applying patch twice will undo the patch.

I confirm everything works!

Thanks for the patch info!

1. opnsense-revert -r 22.1.8 os-nginx (again now)
2. upgraded nginx to v 1.28 from the opnsense gui
3. run the patch from terminal: opnsense-patch -c plugins a357676