New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx fails to restart after enabling SSL Support and website goes down #900

Closed
rajbdilip opened this Issue Nov 4, 2016 · 18 comments

Comments

Projects
None yet
6 participants
@rajbdilip

rajbdilip commented Nov 4, 2016

Operating System (OS/VERSION):

Debian x64 8.6

VestaCP Version:

core package Version:0.9.8 (amd64) Release:16

Installed Software (what you got with the installer):

  • Nginx Web Server
  • Apache Web Server (as backend)
  • Bind DNS Server
  • Exim mail server
  • Dovecot POP3/IMAP Server
  • MySQL Database Server
  • Vsftpd FTP Server
  • Iptables Firewall + Fail2Ban
  • Roundcube mail client

Steps to Reproduce:

After Enabling SSL Support and entering required keys, and then hitting Save, the settings get saved but the site goes down and nginx fails to restart.

Nginx error log gives the following:

2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: still could not bind()
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: still could not bind()

BUT if I reboot the server, Nginx starts up and I can access the site with both 'http' and with 'https' (certificate is successfully installed) but I get 500 Internal Server on the page and 502 Bad Gateway in browser console. This error goes away if I disable the SSL support from VestaCP panel and reboot the server.

@dpeca

This comment has been minimized.

Show comment
Hide comment
@dpeca

dpeca Nov 4, 2016

Collaborator

I never had that problem on Debian8 :/
Where you 'enabled SSL', on web edit page?
And how it's possible to install all three services - you said php-fpm, apache, nginx

Collaborator

dpeca commented Nov 4, 2016

I never had that problem on Debian8 :/
Where you 'enabled SSL', on web edit page?
And how it's possible to install all three services - you said php-fpm, apache, nginx

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Nov 4, 2016

@dpeca I did standard VestaCP installation. As far as I remember it's Nginx with PHP-FPM. Apache is used to serve static content I guess.

rajbdilip commented Nov 4, 2016

@dpeca I did standard VestaCP installation. As far as I remember it's Nginx with PHP-FPM. Apache is used to serve static content I guess.

@dpeca

This comment has been minimized.

Show comment
Hide comment
@dpeca

dpeca Nov 4, 2016

Collaborator

In ''nginx + php-fpm'' combination, there is no Apache at all, believe me.

Is this only error you find in logs?

Collaborator

dpeca commented Nov 4, 2016

In ''nginx + php-fpm'' combination, there is no Apache at all, believe me.

Is this only error you find in logs?

@dpeca

This comment has been minimized.

Show comment
Hide comment
@dpeca

dpeca Nov 4, 2016

Collaborator

Maybe you see ''php-fpm'' in proccess list, but it's a php-fpm for Vesta admin panel only, not for public and not for sites :) In that case your combination is default ''nginx+apache''.

Collaborator

dpeca commented Nov 4, 2016

Maybe you see ''php-fpm'' in proccess list, but it's a php-fpm for Vesta admin panel only, not for public and not for sites :) In that case your combination is default ''nginx+apache''.

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Nov 5, 2016

@dpeca My bad. I rechecked. I actually used this script http://vestacp.com/pub/vst-install.sh to install VestaCP. So, this included:

  • Nginx Web Server
  • Apache Web Server (as backend)
  • Bind DNS Server
  • Exim mail server
  • Dovecot POP3/IMAP Server
  • MySQL Database Server
  • Vsftpd FTP Server
  • Iptables Firewall + Fail2Ban
  • Roundcube mail client

rajbdilip commented Nov 5, 2016

@dpeca My bad. I rechecked. I actually used this script http://vestacp.com/pub/vst-install.sh to install VestaCP. So, this included:

  • Nginx Web Server
  • Apache Web Server (as backend)
  • Bind DNS Server
  • Exim mail server
  • Dovecot POP3/IMAP Server
  • MySQL Database Server
  • Vsftpd FTP Server
  • Iptables Firewall + Fail2Ban
  • Roundcube mail client
@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Nov 5, 2016

And yes, I enabled SSL on Web Edit page. Actually, I used https://github.com/interbrite/letsencrypt-vesta to automate the process.

rajbdilip commented Nov 5, 2016

And yes, I enabled SSL on Web Edit page. Actually, I used https://github.com/interbrite/letsencrypt-vesta to automate the process.

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Nov 5, 2016

@dpeca I have updated the issue. Please have a look at it.

Can this be because of of corrupt configuration or anything? I haven't manually modified any vesta configurations but I did use https://github.com/interbrite/letsencrypt-vesta script once to install LetsEncrypt certificate. Is there a way to reinstall VestaCP without affecting website files/SQL databases and VestaCP settings (DNS, Mail and everything)?

rajbdilip commented Nov 5, 2016

@dpeca I have updated the issue. Please have a look at it.

Can this be because of of corrupt configuration or anything? I haven't manually modified any vesta configurations but I did use https://github.com/interbrite/letsencrypt-vesta script once to install LetsEncrypt certificate. Is there a way to reinstall VestaCP without affecting website files/SQL databases and VestaCP settings (DNS, Mail and everything)?

@dpeca

This comment has been minimized.

Show comment
Hide comment
@dpeca

dpeca Nov 5, 2016

Collaborator

I feel something other is using your 443 port, so nginx can't bind it.
When it happen try to run:
netstat -tuapen | grep 443
... so we can see what is on 443 port.

However, I'm sure this is not VestaCP issue, and I'll close this ticket.
Send me a private message via forum (username is the same: dpeca) when you figure out what is using your 443 port.
It can be letsencrypt-standalone daemon, or Apache.

Collaborator

dpeca commented Nov 5, 2016

I feel something other is using your 443 port, so nginx can't bind it.
When it happen try to run:
netstat -tuapen | grep 443
... so we can see what is on 443 port.

However, I'm sure this is not VestaCP issue, and I'll close this ticket.
Send me a private message via forum (username is the same: dpeca) when you figure out what is using your 443 port.
It can be letsencrypt-standalone daemon, or Apache.

@dpeca dpeca closed this Nov 5, 2016

@anton-reutov

This comment has been minimized.

Show comment
Hide comment
@anton-reutov

anton-reutov Nov 5, 2016

Collaborator

Try to kill all nginx processes and start nginx again

killall nginx
service nginx start

Collaborator

anton-reutov commented Nov 5, 2016

Try to kill all nginx processes and start nginx again

killall nginx
service nginx start

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Nov 5, 2016

@anton-reutov I did that. (Before I was rebooting, it had the same effect.) Doing that would put the site up, get both http and https working but the page shows 500 Internal Server Error (502 Bad Gateway on browser console).

image

@dpeca netstat -tuapen | grep 443 at this point gives:

tcp        0      0 104.131.90.2:443        0.0.0.0:*               LISTEN      0          22290       4453/nginx.conf

@dpeca It looks nginx itself is listening to the port. What could be causing 502? I had done clean Nginx + Apache install and haven't messed up with any nginx or apache configuration.

rajbdilip commented Nov 5, 2016

@anton-reutov I did that. (Before I was rebooting, it had the same effect.) Doing that would put the site up, get both http and https working but the page shows 500 Internal Server Error (502 Bad Gateway on browser console).

image

@dpeca netstat -tuapen | grep 443 at this point gives:

tcp        0      0 104.131.90.2:443        0.0.0.0:*               LISTEN      0          22290       4453/nginx.conf

@dpeca It looks nginx itself is listening to the port. What could be causing 502? I had done clean Nginx + Apache install and haven't messed up with any nginx or apache configuration.

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip commented Nov 8, 2016

@dpeca @anton-reutov Insight on this?

@philippe-tellier

This comment has been minimized.

Show comment
Hide comment
@philippe-tellier

philippe-tellier Nov 30, 2016

@rajbdilip I happen to have the exact same issue... Di you resolve it on your server?

philippe-tellier commented Nov 30, 2016

@rajbdilip I happen to have the exact same issue... Di you resolve it on your server?

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Dec 6, 2016

@philippe-tellier No. I haven't been able to work on the issue since then.

rajbdilip commented Dec 6, 2016

@philippe-tellier No. I haven't been able to work on the issue since then.

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip commented Dec 12, 2016

@philippe-tellier Did you resolve?

@philippe-tellier

This comment has been minimized.

Show comment
Hide comment
@philippe-tellier

philippe-tellier Dec 20, 2016

@rajbdilip I just fixed it.

I commented out the 3 IPs that were using port 443 in my "/etc/apache2/ports.conf" file, restarted apache and nginx, and everything is working fine right now.

I don't really know why there were entries in "ports.conf", but it seems that it was useless for my setup.

I hope it helps!

philippe-tellier commented Dec 20, 2016

@rajbdilip I just fixed it.

I commented out the 3 IPs that were using port 443 in my "/etc/apache2/ports.conf" file, restarted apache and nginx, and everything is working fine right now.

I don't really know why there were entries in "ports.conf", but it seems that it was useless for my setup.

I hope it helps!

@rajbdilip

This comment has been minimized.

Show comment
Hide comment
@rajbdilip

rajbdilip Dec 20, 2016

@philippe-tellier
Hi. Great that you worked out a convenient solution. I had to do a fresh install. But hopefully this will help someone in the future. Thank you. :)

rajbdilip commented Dec 20, 2016

@philippe-tellier
Hi. Great that you worked out a convenient solution. I had to do a fresh install. But hopefully this will help someone in the future. Thank you. :)

@bologer

This comment has been minimized.

Show comment
Hide comment
@bologer

bologer Mar 5, 2017

@philippe-tellier, dude, thank you very much. It worked for me 👍

bologer commented Mar 5, 2017

@philippe-tellier, dude, thank you very much. It worked for me 👍

@artyficialnet

This comment has been minimized.

Show comment
Hide comment
@artyficialnet

artyficialnet Feb 14, 2018

Yeah, after the whole night of research, to comment those lines fixed the problem! Thank you!

artyficialnet commented Feb 14, 2018

Yeah, after the whole night of research, to comment those lines fixed the problem! Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment