nginx -t failed after fresh install + invalid SSL

[isAAAc]

root@stream:~/azuracast_installer# cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"- 1/10 prepare_system

last backlog's install:

***************************************************************************
Whup! Whup! AzuraCast Installation is complete.
[...]
Because of Updates, some service restarts and maybe also Kernel ones. I prefer to reboot now.
***************************************************************************

then i reboot. reboot is ok, but nginx is failling:

root@stream:~# systemctl status nginx.service
× nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-02-21 18:28:08 UTC; 15s ago
       Docs: man:nginx(8)
    Process: 1191 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
        CPU: 14ms

Feb 21 18:28:08 stream systemd[1]: Starting A high performance web server and a reverse proxy server...
Feb 21 18:28:08 stream nginx[1191]: nginx: [emerg] duplicate upstream "php-fpm-internal" in /etc/nginx/sites-enabled/azuracast.conf:1
Feb 21 18:28:08 stream nginx[1191]: nginx: configuration file /etc/nginx/nginx.conf test failed
Feb 21 18:28:08 stream systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Feb 21 18:28:08 stream systemd[1]: nginx.service: Failed with result 'exit-code'.
Feb 21 18:28:08 stream systemd[1]: Failed to start A high performance web server and a reverse proxy server.

root@stream:~# nginx -t
nginx: [emerg] duplicate upstream "php-fpm-internal" in /etc/nginx/sites-enabled/azuracast.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

root@stream:~# supervisorctl status
beanstalkd                       RUNNING   pid 752, uptime 0:05:23
centrifugo                       RUNNING   pid 756, uptime 0:05:23
cron                             RUNNING   pid 753, uptime 0:05:23
mariadb                          RUNNING   pid 749, uptime 0:05:23
nginx                            FATAL     Exited too quickly (process log may have details)
php-fpm                          RUNNING   pid 750, uptime 0:05:23
php-nowplaying                   RUNNING   pid 754, uptime 0:05:23
php-worker                       RUNNING   pid 1308, uptime 0:00:15
sftpgo                           RUNNING   pid 757, uptime 0:05:23

-> commenting lines 1 to 4

root@stream:~# nginx -t
nginx: [emerg] duplicate upstream "php-fpm-www" in /etc/nginx/sites-enabled/azuracast.conf:5
nginx: configuration file /etc/nginx/nginx.conf test failed

-> commenting lines 5 to 8

root@stream:~# nginx -t
nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /etc/nginx/sites-enabled/azuracast.conf:49
nginx: configuration file /etc/nginx/nginx.conf test failed

-> commenting line 49

root@stream:~# nginx -t
nginx: [warn] conflicting server name "localhost" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

and then restarting nginx via supervisor:

root@stream:~# supervisorctl start nginx
nginx: started

but i can't connect via ffox because SSL is self-signed:

stream.krashboyz.org uses an invalid security certificate.

The certificate is not trusted because it is self-signed.

Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

nor via chromium because HSTS is on:

NET::ERR_CERT_AUTHORITY_INVALID
[...]
You cannot visit stream.krashboyz.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

[isAAAc]

for the SSL : a good solution could be to add acme challenge to configure the good SSL certification during the install: the domain for azuracast is requested at the beginning of the install process:

Enter your Domain/Subdomain for AzuraCast (e.g., mydomain.com or subdomain.domain.com): stream.krashboyz.org
We received your Hostname: stream.krashboyz.org

tips: i can register in simple HTTP mode with midori web browser to reister in and set the letsencrypt on.

[scysys]

Please do

systemctl disable nginx

Then reboot and see if Supervisor can start Nginx now.

If not, please change the content in this file /etc/supervisor/conf.d/nginx.conf with this one here: https://github.com/scysys/AzuraCast-Ubuntu/blob/main/supervisor/conf.d/nginx.conf

Are you sure you used the latest installer version and not the main branch :)? If it was the main branch. Better do a reinstall with the latest installer version.

---

but i can't connect via ffox because SSL is self-signed:

That's how the AzuraCast developers did it in the past. I just used the same way for now. After the installer is finished, you must actually access the panel with HTTP://

You cannot visit stream.krashboyz.org right now because the website uses HSTS

HSTS is really a problem with the way how the installer and Azura's default installation are working. I'd prefer that you access your installation after the installer is finished via your IP like this: http://ip-address/. Make sure you do the ACME part inside AzuraCast first. After you generate your certificate, you can change your IP to your subdomain.

---

Ill updated a few minutes ago the installer version. Just reinstall your os and do this to install

mkdir /root/azuracast_installer && cd /root/azuracast_installer && git clone https://github.com/scysys/AzuraCast-Ubuntu.git . && git checkout 90efce5de1e4a09c103f5c653ceac0f7a6e404db && chmod +x install.sh && ./install.sh -i

[isAAAc]

sorry for my silence @scysys , a bit busy here, and not enough time for everything i would...

after my workaround, azuracast is working in "production" with streams 24/7 on it, so i would be sure i have a working snapshot of the vm before i do anything else (this install commes after a complete disaster and everything was lost on a regular azuracat docker)

i keep this (closed) issue in my todo and gives you a feedback asap.

thx a lot for your work !

[scysys]

a bit busy here, and not enough time for everything i would...

I know what you mean :(

I also changed the way in which the installer is working to prevent the error you initially had.