after update Nginx wont start error (OPNsense 23.1.10-amd64)

[RamSense]

After updating to OPNsense 23.1.10-amd64 and a forced reboot, nginx wont start.
First it was because of Naxsi rules (1500, 1000 etc) after disabling them, it still wont start:

nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
nginx: [emerg] unknown directive "vhost_traffic_status_zone" in /usr/local/etc/nginx/opnsense_http_vhost_plugins/vts.conf:1

But.I do not know what is meant by this. Before OPNsense 23.1.10-amd64 it was working and no changes in config other dan now disabling some Naxsi rules....

Others having issues with nginx after updating also?

[franco]

Probably nginx update broke this, not the plugin. Not sure what to do. Missing build option in port or did they remove the feature between 1.22 and 1.24?

https://github.com/opnsense/ports/commit/005bb3d28162


Cheers,
Franco

[franco]

VTS option is/was enabled and the shared object is there:

# pkg info -l nginx   | grep vhost_
   /usr/local/libexec/nginx/ngx_http_vhost_traffic_status_module.so

So they removed the config option?

[franco]

BTW, for now:

# opnsense-revert -r 23.1.9 nginx


Cheers,
Franco

[franco]

This perhaps? https://github.com/opnsense/plugins/commit/d26aaa7352f9

# opnsense-patch -c plugins d26aaa7352f9


Cheers,
Franco

[RamSense]

Thanks Franco for the fast replies.
The revert back worked as a charm, so that I can confirm.

back to the update and tried the patch. Another error now (besides the Naxsi ones)

nginx: [emerg] invalid number of arguments in "load_module" directive in /usr/local/etc/nginx/nginx.conf:9

[franco]

Sorry, typo! https://github.com/opnsense/plugins/commit/682780e6

# opnsense-patch -c plugins 682780e6


Cheers,
Franco

[RamSense]

Thnx, tried it right away, same error?

nginx: [emerg] invalid number of arguments in "load_module" directive in /usr/local/etc/nginx/nginx.conf:9

[franco]

It needs a proper reload (config is probably still not rendered according to last commit).

[RamSense]

Tried reloading config and than a forced reboot for the ultimate reload, but still same error after applying last patch:

   nginx: [emerg] invalid number of arguments in "load_module" directive in /usr/local/etc/nginx/nginx.conf:9

[RamSense]

ok found the problem, besides your fix

it has to do with the Naxsi rules. When I disable: rules 1000-1099, 1400-1500; 1500-1600

nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1000 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:74

nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:50

and some and hit reload and start nginx works, so there has been some change with Naxsi in Nginx what does not start or the Naxsi rules are no longer compatible to this nginx?

[franco]

Ok but the other patch is required for the error to go away, yes?


Cheers,
Franco

[RamSense]

Yes that is correct.

I did another opnsense-revert -r 23.1.9 nginx, installed the normal update, removed the naxsi as stated above, and restarted nginx did work.

Is it that the patches I did are still there? because I know I needed that one for the first error to being fixed:

nginx: [emerg] invalid number of arguments in "load_module" directive in /usr/local/etc/nginx/nginx.conf:9

[franco]

the change is in "os-nginx" not "nginx" so as long as you don't revert "os-nginx" you are fine. I'm going to hotfix in a bit.


Cheers,
Franco

[RamSense]

ok and thnx for the fast following up