Forums Archived

This forum has been archived. No new posts can be made and no new users can sign up. It remains here for reference only.

Find the new forums here

Post-install/Initial install fails to configure HTTPS cause nginx config error

  • 190 Views
  • Last Post 29 November 2021
  • Topic Is Solved
Spartan-196 posted this 29 November 2021

OS Name/Version: Ubuntu Server 20.04.03

Product Name/Version:
AMP Professional
AMP Instance Manager v2.3.0.4 built 19/11/2021 15:59
Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV

Problem Description:

I was trying to reconfigure an existing AMP instance manger to HTTPS as outlined in the wiki with getamp.sh using postSetupHTTPS paramater

However it was very consistently failing to reconfigure nginx after setting the cert info and rebind.

Steps to reproduce:

  1. Run getamp.sh postSetupHTTPS
  2. Select Y on license prompt
  3. Enter Domain name
  4. Enter Email
  5. Select Y on rebind ADS question
  6. watch output
  7. Get failure message

Actions taken to resolve so far:

I've followed the logs given in the command output but most of it appears to point to the script trying to configure HTTPS but not changing the ports in the configs from 80 to 443.
I have also modified the nginx config manually to set port 443 and https and reran the getamp.sh to do cert enrollment part but it alters existing config files with port 80 again.

As last resort sanity check I spun up a new vm with a fresh OS of Ubuntu Server 20.03.3 and it errors in the same way with no pre-existing instances configured. Intial script log out is deferent citing dpkg errors but when digging into those its actually nginx failed config check with same port 80 selected when trying to do https. Keeping the original setup would be preferred, I also don't mind migrating instances though if need.

Logs and output

getamp.sh postSetupHTTPS Command output

Installing nginx and certbot...
Adding firewall rules...
Adding firewall rule for port 443 (AMP Reverse Proxy) via ufw...
Skipping adding existing rule
Adding firewall rule for port 80 (AMP Reverse Proxy) via ufw...
Skipping adding existing rule
[Info] AMP Instance Manager v2.3.0.4 built 19/11/2021 15:59
[Info] Release spec: Release - built by CUBECODERS/buildbot on CCL-DEV
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: the configuration file /etc/
nginx/nginx.conf syntax is ok\nnginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)\nnginx: config
uration file /etc/nginx/nginx.conf test failed\n')
[Error] Certbot failed with code 1
Failed to configure nginx. Please check /root/getamp.log . Aborting...

getamp.log is not very helpful, appears to be not be verbose, or not written to if it encounters an error.

Sun 28 Nov 2021 11:54:30 PM EST
Reading package lists...
Building dependency tree...
Reading state information...
nginx is already the newest version (1.18.0-0ubuntu1.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx

/var/log/letsencrypt/letsencrypt.log isn't super useful, says config syntax is good but can't support HTTPS on port 80 Its too long to post due to char limit, So here is a paste bin: https://pastebin.com/pf3eiA7g

Order By: Standard | Newest | Votes
Spartan-196 posted this 29 November 2021

I can verify that either solution offered can resolve this, test one on each system. Though my other systems and service im running have not run into this kind of issue, this is first time I've had provided installers setup IPv6 settings when IPv6 was unavaliable or the system to leverage in any capacity.

Running a sanity check to see if ipv6 is available before adding it to the config files maybe worth considering for getamp.sh script. On my systems ip address | grep inet6 returns an empty response

Mike posted this 29 November 2021

That's why. The configuration AMP generates for nginx listens on [::] 80. Don't disable IPv6 at the kernel level, this can cause unexpected behaviour in all sorts of ways. Just don't allow it to be assigned an address in your network configuration.

You can also edit the nginx config that AMP generates and remove the listen [::]:80 line which will allow the existing configuration to work, but applications other than AMP may function unpredictably with IPv6 fully disabled.

Spartan-196 posted this 29 November 2021

No. IPv6 is disabled with grub options at this time.

Mike posted this 29 November 2021

Is IPv6 configured on your system?

Spartan-196 posted this 29 November 2021

I suppose its also worth noting that this error in the configs causes nginx to not load up at all until corrected or at least rolled back.

Close