Error when Enable TLS

[sanvu88]

Describe the bug

Nginx Configuration Parse Error when Enable TLS after Add Site

To Reproduce

Steps to reproduce the behavior:

1. Manage Sites -> Add Site
2. Fill the information then click Next -> Next
3. Manage Sites -> Site List -> Modify site just added
4. Click Enable TLS
5. Click Encrypt website with Let's Encrypt -> Next

Screenshots

Info:

• Server OS: Debian 12
• Server Arch: x64
• Nginx UI Version: 2.0.0-beta.6 (77)
• Your Browser: Chrome

Additional context

• If you enable TLS while adding a new site, you will not encounter this error. The error only occurs when TLS is enabled after the site has been added.

[0xJacky]

Which version of Nginx are you using?

I test on v1.24.0, it works fine.

[sanvu88]

Which version of Nginx are you using?

I test on v1.24.0, it works fine.

i use version nginx/1.25.3

[0xJacky]

ok, i will test for this verison

[0xJacky]

I also test with the latest build of Nginx UI and nginx 1.25.3 but cannot reproduce this issue

[0xJacky]

This config can pass nginx -t

[sanvu88]

Before configuring TLS, is your website enabled or disabled?

[0xJacky]

It is enabled. By the way, I used apt install nginx from offical mainline repo.

[sanvu88]

It is enabled. By the way, I used apt install nginx from offical mainline repo.

yeah, I use Nginx build from source. I will check again with apt

[0xJacky]

Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server.

[sanvu88]

Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server.

I also think it's a good idea to sign SSL and make sure it's successful before creating an https server to avoid unnecessary errors.

[sanvu88]

humh, I tried testing with apt install nginx from official mainline repo. And still got the error. it's hard to understand

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/example.org:17

Output of nginx -V:

nginx version: nginx/1.25.3
built by gcc 12.2.0 (Debian 12.2.0-14)
built with OpenSSL 3.0.9 30 May 2023 (running with OpenSSL 3.0.11 19 Sep 2023) 
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.3/debian/debuild-base/nginx-1.25.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

virtual host:

server {
    listen 80;
    # listen [::]:80;
    server_name example.org;
    root /home/example.org;

    index index.html;

    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

server {
    listen 443 ssl;
    # listen [::]:443;
    http2 on;

    server_name example.org;
    root /home/example.org;

    index index.html;

    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

HTTP Context

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

[0xJacky]

Well, I found out the reason, this issue only occurs when this site is the only one enabled site. So, I have to change the processing order which is mention in #230 (comment).

[gaetan1903]

I have the same issue and i have only one site enabled

[sanvu88]

I have the same issue and i have only one site enabled

jacky fixed it here: 17d6216