CODEWITHSUNDEEP
nginx
tscheingeld
tscheingeld

Reputation: 849

Cannot start nginx

I'm trying to start nginx but it's giving me errors that I don't understand. I give the exact error in the information below. I've looked at the errors and I can't make heads or tails of them. I've googled some of the information in the errors, but I can't find anything that helps.

Whatever the problem is, it has something to do with one of the virtual hosts, onyx.myhost.com. If I remove the link to the conf file for onyx.myhost.com then the server starts up just fine.

I should also mention that the same configuration worked fine on an older version of Linux. I'll include the information about that system below.

I know this is pretty sparse information with which to ask for help, but I really don't know where to go with this. First I'll list some of my system information, then the errors. I changed my actual host name to "myhost".

Please let me know if there is any other info I should post.

output from trying to start the server

snapper@newton onyx.myhost.com # sudo service nginx start
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

Linux version:

snapper@newton onyx.myhost.com # cat /etc/issue
Ubuntu 16.04.1 LTS \n \l

Linux version on the server in which the same configuration worked:

snapper@myhost-jan ~ # cat /etc/issue
Ubuntu 14.04.5 LTS \n \l

nginx version: I word wrapped the output.

snapper@newton onyx.myhost.com # nginx -V
nginx version: nginx/1.10.0 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gunzip_module --with-http_gzip_static_module
--with-http_image_filter_module --with-http_v2_module --with-http_sub_module
--with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail
--with-mail_ssl_module --with-threads

nginx version on the server in which the same configuration worked:

snapper@myhost-jan ~ # sudo nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module
--with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module

output from systemctl

snapper@newton onyx.myhost.com # sudo systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2016-12-20 18:52:31 UTC; 3min 35s ago
  Process: 4436 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Dec 20 18:52:31 newton systemd[1]: Starting A high performance web server and a reverse proxy server...
Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs
Dec 20 18:52:31 newton nginx[4436]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 20 18:52:31 newton systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 20 18:52:31 newton systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Unit entered failed state.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Failed with result 'exit-code'.
lines 1-12/12 (END)

====================================================================

output from journalctl -xe

snapper@newton onyx.myhost.com # sudo journalctl -xe
Dec 20 18:55:30 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:32 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:33 newton sshd[4462]: Received disconnect from 116.31.116.18 port 18380:11:  [preauth]
Dec 20 18:55:33 newton sshd[4462]: Disconnected from 116.31.116.18 port 18380 [preauth]
Dec 20 18:55:33 newton sshd[4462]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:56:03 newton sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:56:05 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:07 newton sudo[4471]:     snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/systemctl status nginx.service
Dec 20 18:56:07 newton sudo[4471]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
Dec 20 18:56:07 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Received disconnect from 116.31.116.18 port 12569:11:  [preauth]
Dec 20 18:56:10 newton sshd[4469]: Disconnected from 116.31.116.18 port 12569 [preauth]
Dec 20 18:56:10 newton sshd[4469]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:56:42 newton sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:56:42 newton sshd[4503]: Connection closed by 45.56.93.125 port 36628 [preauth]
Dec 20 18:56:45 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:47 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Received disconnect from 116.31.116.18 port 16666:11:  [preauth]
Dec 20 18:56:49 newton sshd[4501]: Disconnected from 116.31.116.18 port 16666 [preauth]
Dec 20 18:56:49 newton sshd[4501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:57:09 newton sshd[4505]: Connection closed by 83.169.58.4 port 60763 [preauth]
Dec 20 18:57:23 newton sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:57:24 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:26 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Received disconnect from 116.31.116.18 port 43195:11:  [preauth]
Dec 20 18:57:29 newton sshd[4508]: Disconnected from 116.31.116.18 port 43195 [preauth]
Dec 20 18:57:29 newton sshd[4508]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:57:51 newton sshd[4511]: Connection closed by 54.68.91.5 port 40026 [preauth]
Dec 20 18:57:59 newton sshd[4513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:58:01 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:04 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Received disconnect from 116.31.116.18 port 60900:11:  [preauth]
Dec 20 18:58:06 newton sshd[4513]: Disconnected from 116.31.116.18 port 60900 [preauth]
Dec 20 18:58:06 newton sshd[4513]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:58:39 newton sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:58:40 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:43 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Received disconnect from 116.31.116.18 port 31704:11:  [preauth]
Dec 20 18:58:45 newton sshd[4516]: Disconnected from 116.31.116.18 port 31704 [preauth]
Dec 20 18:58:45 newton sshd[4516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:59:15 newton sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:59:17 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:19 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Received disconnect from 116.31.116.18 port 30979:11:  [preauth]
Dec 20 18:59:21 newton sshd[4520]: Disconnected from 116.31.116.18 port 30979 [preauth]
Dec 20 18:59:21 newton sshd[4520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18  user=root
Dec 20 18:59:21 newton sudo[4471]: pam_unix(sudo:session): session closed for user root
Dec 20 18:59:37 newton sudo[4522]:     snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/journalctl -xe
Dec 20 18:59:37 newton sudo[4522]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
lines 959-1013/1013 (END)

onyx.myhost.com configuration file

# nginx configuration for onyx.myhost.com

server {
    # listen on port 80
    # listen   80;

    # SSL
    listen               443 ssl;
    server_name          onyx.myhost.com;
    ssl_certificate      /etc/letsencrypt/live/onyx.myhost.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/onyx.myhost.com/privkey.pem;

    # set log paths
    access_log    /srv/www/onyx.myhost.com/logs/access.log;
    error_log     /srv/www/onyx.myhost.com/logs/error.log;

    # rewrite
    # rewrite (/[0-9a-z\-]+)$ $1.pl last;
    rewrite (.*/[0-9a-z\-]+)$ $1.pl last;

    # restrict access by password
    # sudo sh -c "echo -n 'snapper:' >> /etc/nginx/htpasswd"
    # sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd"
    # auth_basic "closed website";
    # auth_basic_user_file /etc/nginx/htpasswd;

    # set document root
    root          /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages;

    # rewrite xdo files
    # rewrite ^(/.*\.xdo)$ /xdo.pl last;

    # set index files
    # location / {
    #   index index.xdo index.pl index.html;
    # }

    # set admin restriction
    # location /admin/ {
    #   allow 1.2.3.4;   # Allow a single remote host
    #   deny all;        # Deny everyone else
    # }

    # handle .pl files
    # location ~ \.pl$ {
    #   gzip off;
    #   include /etc/nginx/fastcgi_params;
    #   fastcgi_pass unix:/var/run/fcgiwrap.socket;
    #   fastcgi_index index.pl;
    #   fastcgi_param SCRIPT_FILENAME /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages$fastcgi_script_name;
    # }

    # not sure what this does, but it's for SSL
    location ~ /.well-known {
        allow all;
    }

    # Diffie-Hellman
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
}

server {
    listen 80;
    server_name onyx.myhost.com;
    return 301 https://onyx.myhost.com$request_uri;
}

Upvotes: 3

Views: 3629

Answers (3)

tscheingeld
tscheingeld

Reputation: 849

OK, this is embarrassing, but I'm going to post the solution anyway in hopes of helping others. I hadn't installed letsencrypt. My configuration files were based on certificates that had never been created.

Thanks for the help, everyone, I couldn't have fixed this without you. :-)

Upvotes: 0

599644
599644

Reputation: 561

Here is your error: Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs

Looks like /etc/ssl/certs doesn't exist or the permissions are not set right.

Can you please do an ls -l /etc/ssl/certs?

Upvotes: 2

kuba_ceg
kuba_ceg

Reputation: 930

Are You sure thet You have such file /etc/ssl/certs/dhparam.pem in this directory, and nginx can read it?

Upvotes: 1

Related Questions