Nginx fails to restart after enabling SSL Support and website goes down

rajbdilip commented 7 years ago

Operating System (OS/VERSION):

Debian x64 8.6

VestaCP Version:

core package Version:0.9.8 (amd64) Release:16

Installed Software (what you got with the installer):

Nginx Web Server
Apache Web Server (as backend)
Bind DNS Server
Exim mail server
Dovecot POP3/IMAP Server
MySQL Database Server
Vsftpd FTP Server
Iptables Firewall + Fail2Ban
Roundcube mail client

Steps to Reproduce:

After Enabling SSL Support and entering required keys, and then hitting Save, the settings get saved but the site goes down and nginx fails to restart.

Nginx error log gives the following:

2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: still could not bind()
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: still could not bind()

BUT if I reboot the server, Nginx starts up and I can access the site with both 'http' and with 'https' (certificate is successfully installed) but I get 500 Internal Server on the page and 502 Bad Gateway in browser console. This error goes away if I disable the SSL support from VestaCP panel and reboot the server.

dpeca commented 7 years ago

I never had that problem on Debian8 :/ Where you 'enabled SSL', on web edit page? And how it's possible to install all three services - you said php-fpm, apache, nginx

rajbdilip commented 7 years ago

@dpeca I did standard VestaCP installation. As far as I remember it's Nginx with PHP-FPM. Apache is used to serve static content I guess.

dpeca commented 7 years ago

In ''nginx + php-fpm'' combination, there is no Apache at all, believe me.

Is this only error you find in logs?

dpeca commented 7 years ago

Maybe you see ''php-fpm'' in proccess list, but it's a php-fpm for Vesta admin panel only, not for public and not for sites :) In that case your combination is default ''nginx+apache''.

rajbdilip commented 7 years ago

@dpeca My bad. I rechecked. I actually used this script http://vestacp.com/pub/vst-install.sh to install VestaCP. So, this included:

Nginx Web Server
Apache Web Server (as backend)
Bind DNS Server
Exim mail server
Dovecot POP3/IMAP Server
MySQL Database Server
Vsftpd FTP Server
Iptables Firewall + Fail2Ban
Roundcube mail client

rajbdilip commented 7 years ago

And yes, I enabled SSL on Web Edit page. Actually, I used https://github.com/interbrite/letsencrypt-vesta to automate the process.

rajbdilip commented 7 years ago

@dpeca I have updated the issue. Please have a look at it.

Can this be because of of corrupt configuration or anything? I haven't manually modified any vesta configurations but I did use https://github.com/interbrite/letsencrypt-vesta script once to install LetsEncrypt certificate. Is there a way to reinstall VestaCP without affecting website files/SQL databases and VestaCP settings (DNS, Mail and everything)?

dpeca commented 7 years ago

I feel something other is using your 443 port, so nginx can't bind it. When it happen try to run: netstat -tuapen | grep 443 ... so we can see what is on 443 port.

However, I'm sure this is not VestaCP issue, and I'll close this ticket. Send me a private message via forum (username is the same: dpeca) when you figure out what is using your 443 port. It can be letsencrypt-standalone daemon, or Apache.

anton-reutov commented 7 years ago

Try to kill all nginx processes and start nginx again

killall nginx service nginx start

rajbdilip commented 7 years ago

@anton-reutov I did that. (Before I was rebooting, it had the same effect.) Doing that would put the site up, get both http and https working but the page shows 500 Internal Server Error (502 Bad Gateway on browser console).

@dpeca netstat -tuapen | grep 443 at this point gives:

tcp        0      0 104.131.90.2:443        0.0.0.0:*               LISTEN      0          22290       4453/nginx.conf

@dpeca It looks nginx itself is listening to the port. What could be causing 502? I had done clean Nginx + Apache install and haven't messed up with any nginx or apache configuration.

rajbdilip commented 7 years ago

@dpeca @anton-reutov Insight on this?

philippe-tellier commented 7 years ago

@rajbdilip I happen to have the exact same issue... Di you resolve it on your server?

rajbdilip commented 7 years ago

@philippe-tellier No. I haven't been able to work on the issue since then.

rajbdilip commented 7 years ago

@philippe-tellier Did you resolve?

philippe-tellier commented 7 years ago

@rajbdilip I just fixed it.

I commented out the 3 IPs that were using port 443 in my "/etc/apache2/ports.conf" file, restarted apache and nginx, and everything is working fine right now.

I don't really know why there were entries in "ports.conf", but it seems that it was useless for my setup.

I hope it helps!

rajbdilip commented 7 years ago

@philippe-tellier Hi. Great that you worked out a convenient solution. I had to do a fresh install. But hopefully this will help someone in the future. Thank you. :)

bologer commented 7 years ago

@philippe-tellier, dude, thank you very much. It worked for me :+1:

artyficialnet commented 6 years ago

Yeah, after the whole night of research, to comment those lines fixed the problem! Thank you!

outroll / vesta