Input Bash script to compile Nginx from source with additional modules on Plesk Onyx

[learning_curve]

We ran the corrected script and very nearly... made it this time.
It's a different error than before though. See code extracts below:

# cd /root/tmp
# chmod u+x nginx_with_modules_CentOS7.sh
# ./nginx_with_modules_CentOS7.sh

At which point, the script then runs smoothly with only one small error prior to: make -f objs/Makefile

Configuration summary
  + using threads
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library
  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/etc/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
  nginx http scgi temporary files: "/var/lib/nginx/scgi"

./nginx_with_modules_CentOS7.sh: line 86: --with-openssl=/usr/local/src/openssl: No such file or directory

The error being the last line shown above

The make process runs fine but the end result is:

make[1]: Leaving directory `/usr/local/src/nginx'
mv: cannot stat ‘/etc/nginx/modules.conf.d/phusion-passenger.conf’: No such file or directory
mv: cannot stat ‘/etc/nginx/conf.d/phusion-passenger.conf’: No such file or directory

This we discussed previously (as we don't have Phusion Passenger installed or use it anyway).
We can either ignore these two warnings or modify the original script again as follows:

.............
make install
# mv /etc/nginx/modules.conf.d/phusion-passenger.conf /etc/nginx/modules.conf.d/phusion-passenger.conf_bak
# mv /etc/nginx/conf.d/phusion-passenger.conf /etc/nginx/conf.d/phusion-passenger.conf_bak
systemctl unmask sw-nginx
..............

Next is a warning which has been covered before (in other threads) and can be ignored:

nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:40

But finally, it's this next error which stops any further process:

nginx: [emerg] SSL_CTX_set1_curves_list("X25519:secp521r1:secp384r1:prime256v1") failed (SSL:)

and is summarised with:

nginx: configuration file /etc/nginx/nginx.conf test failed
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for det

Running systemctl status nginx.service gives this:

# systemctl status nginx.service -l
● nginx.service - Startup script for nginx service
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2018-04-17 01:13:29 BST; 2min 50s ago
  Process: 15637 ExecStop=/bin/kill -s QUIT $MAINPID (code=exited, status=0/SUCCESS)
  Process: 15643 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
  Process: 15641 ExecStartPre=/usr/bin/test $NGINX_ENABLED = yes (code=exited, status=0/SUCCESS)
 Main PID: 1540 (code=exited, status=0/SUCCESS)

Apr 17 01:13:29 *server-name* systemd[1]: Starting Startup script for nginx service...
Apr 17 01:13:29 *server-name* nginx[15643]: nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:40
Apr 17 01:13:29 *server-name* nginx[15643]: nginx: [emerg] SSL_CTX_set1_curves_list("X25519:secp521r1:secp384r1:prime256v1") failed (SSL:)
Apr 17 01:13:29 *server-name* nginx[15643]: nginx: configuration file /etc/nginx/nginx.conf test failed
Apr 17 01:13:29 *server-name* systemd[1]: nginx.service: control process exited, code=exited status=1
Apr 17 01:13:29 *server-name* systemd[1]: Failed to start Startup script for nginx service.
Apr 17 01:13:29 *server-name* systemd[1]: Unit nginx.service entered failed state.
Apr 17 01:13:29 *server-name* systemd[1]: nginx.service failed.

Running journalctl -xe didn't give anything relative to the error, so we've excluded it from here.

As before, we've then restored back to the server snapshot taken just before running the script and all is well again.

Our current /etc/nginx/conf.d/ssl.conf contains this line:

#SSL ECDH Curve
ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;

and this runs perfectly on the current setup. For example, this is the line taken from Qualys SSL Labs report:

Supported Named Groups     x25519, secp521r1, secp384r1, secp256r1 (server preferred order)

We quickly ran a search on nginx: [emerg] SSL_CTX_set1_curves_list("X25519:secp521r1:secp384r1: prime256v1") failed (SSL: ) Hmmm where to start? because the variables including Plesk related / not related on the results, means it would be guesswork at this stage, if we go further without waiting to read your input first.
So @IgorG we need your help again please!

 

[IgorG]

@learning_curve If you don't want to use pagespeed you can just do not enable it in your nginx config. Therefore it would be better to use original script for compilation without any errors. Also, this script just compiles the new version of nginx with a bunch of modules, nothing more. All possible problems with starting and using are related to your nginx configuration and it is not in the responsibility of this script. Configuring of this custom nginx is offtopic in this thread. BTW, have you tried to use configs from @virtubox ?

 

[learning_curve]

@learning_curve If you don't want to use pagespeed you can just do not enable it in your nginx config. Therefore it would be better to use original script for compilation without any errors.

Okay, but the modifications we made to the script as per our previous posts don't appear to be the issue here anyway

Also, this script just compiles the new version of nginx with a bunch of modules, nothing more

Yes, exactly, that's what we love about it![QUOTE="IgorG, post: 847009, member: 90711"] [USER=181186]All possible problems with starting and using are related to your nginx configuration and it is not in the responsibility of this script. Configuring of this custom nginx is offtopic in this thread[/QUOTE]Yes agreed, but it was worth us checking for something 'basic' that we may have missed and you were aware of (in connection with re-starting nginx etc after running this script) before we resolve it [QUOTE="IgorG, post: 847009, member: 90711"] [USER=181186]BTW, have you tried to use configs from [USER=176198]@virtubox ?[/USER][/QUOTE]In the past yes, we have taken some of the relevant info posted by @virtubox but we'll need to check [I]latest v latest[/I] again now to be sure ;)[/user][/user]

 

[learning_curve]

To complete this @IgorG we solved all the post #41 issues At the same time, we possibly gave ourselves a reason to wait for the official TLSv1.3 release (and all its associated dependencies / components e.g. openssl etc).

We ran the script again, but with ALL the previous comment out mods (#) still in place, plus the additional ones we mentioned, added in... it ran perfectly. All the small errors didn't re-occur. The nginx not starting error, was/is to do with the X25519 curve appearing within /etc/nginx/conf.d/ssl.conf when running the new setup that's provided by the script. There are several differences when the new setup is tested externally, but all are to do with no verifiable datum point i.e. TLSv1.3 draft 19 >>>> draft 23

No matter in what format (or order) it's included within the ssl_ecdh_curve line, the X25519 curve is the issue on our server. Once removed (but leaving all the other curves in place) everything is fine Out of interest, what's the specific content of your test CentOS ssl_ecdh_curve? If it doesn't / didn't include X25519, it may possibly be why you haven't seen this yourself? We've had curve incompatibility before when working on the sw-cp-server, which was resolved, but in this case, any fix applied here and now may not be relevant, once we are all working on official TLSv1.3. setups - maybe next month

To conclude; the script is excellent and even when properly customised, runs perfectly. We've restored everything back to our previous setup now and our plan to proceed, is as follows: Upgrade to 17.8.11 once it's at general release status. Await the TLSv1.3 general release status. Then trial and error your updated version of this script and implement that. Then trial and error the updated version sw_cp_server and implement that too. Then retire on an island somewhere...

 

[Gaziantep Oto kiralama]

Teşekkürler @IgorG

 

[learning_curve]

Further to our last post, we wanted run the script again @IgorG but with a slight change for now.

We'll run the updated version of the script, after we upgrade to Plesk 17.8.11 (which we'll do when TLSv1.3 is at general release status) see last post ^^ Therefore TLSv1.3 is unnecessary at present, as the multiple draft status makes it without any purpose currently. We wanted to omit it, as well as the couple of items that we had already # commented out. We're not #ScriptMasters like you @IgorG but we thought it should be relatively straightforward. It wasn't really. However with hindsight, it's may be related to the same thing as last time: the inclusion of the correct openssl release within the setup once the script has finished.

Pre-Script, we are here:

# nginx -v
nginx version: nginx/1.13.6
[root@cloud1 ~]# nginx -V
nginx version: nginx/1.13.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.1-dev  xx XXX xxxx
TLS SNI support enabled....

If we alter the openssl related line in the script to this:

git checkout OpenSSL_1_1_0h 
and comment out this line too:
# --with-openssl-opt=enable-tls1_3

This is shown during the script run:

Cloning into 'openssl'...
remote: Counting objects: 298239, done.
remote: Compressing objects: 100% (46/46), done.
remote: Total 298239 (delta 15), reused 27 (delta 13), pack-reused 298179
Receiving objects: 100% (298239/298239), 143.12 MiB | 15.79 MiB/s, done.
Resolving deltas: 100% (209192/209192), done.
Note: checking out 'OpenSSL_1_1_0h'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at d4e4bd2... Prepare for 1.1.0h release

If we change that same line to this instead:

git checkout OpenSSL_1_1_0-stable 
and again, comment out this line too:
# --with-openssl-opt=enable-tls1_3

This is shown during the script run:

Branch OpenSSL_1_1_0-stable set up to track remote branch OpenSSL_1_1_0-stable from origin.
Switched to a new branch 'OpenSSL_1_1_0-stable'

In both cases, the result is

# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled....

And that is (and obviously was) the issue with the X25519 curve i.e. that curve is only supported from openssl 1.1.0 onwards, which is why it works perfectly in our pre-script setup but not post-script. We updated the nginx release too but that's unconnected with this issue.

So... to simplify things we upgraded our CentOS openssl release to opensssl 1.1.0h which is the current stable release and inclusive of everything related to TLSv1.2 etc. That was easy and straightforward:

# openssl version
OpenSSL 1.1.0h  27 Mar 2018

No issues, no problems all works fine.

After a server re-boot just in case, we then ran the script again (wrongly assuming.... ) that with no openssl links now being provided within the script, the (latest) server openssl version would be used for compilation:

# git clone https://github.com/openssl/openssl.git
# cd openssl
# git checkout tls1.3-draft-19

plus with these two lines commented out later on in the script:

 # --with-openssl=/usr/local/src/openssl
 # --with-openssl-opt=enable-tls1_3

Script ran perfectly, no errors, no delays, but the end result was the same:

# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled

It's clearly our misunderstanding / input error, but we can't see where that is... Can you see it @IgorG ?

 

[IgorG]

Can you see it @IgorG ?

You could try:

....
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout tls1.3-draft-19
./config --prefix=/usr
make
make install
....
....
# --add-module=/usr/local/src/incubator-pagespeed-ngx-1.13.35.2-stable \
# --with-openssl=/usr/local/src/openssl \
# --with-openssl-opt=enable-tls1_3
.....

Or modify it as you wish.
After that I see:

# openssl version
OpenSSL 1.1.1-dev xx XXX xxxx

# nginx -V
nginx version: nginx/1.13.12
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled

 

[learning_curve]

Thanks Yes we slightly modified the first section that you posted and then ran it:

git clone https://github.com/openssl/openssl.git
cd openssl
git checkout OpenSSL_1_1_0h
./config --prefix=/usr
make
make install
.........

which was just fine (the script takes a little longer due to the successful openssl processes)

....
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Reloading nginx configuration (via systemctl):             [  OK  ]

[****@****]# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.0h  27 Mar 2018
TLS SNI support enabled....

So your great suggestion @IgorG has now been tested on our own server setup, appears to work perfectly for us (we ran some other tests, all of which were fine, but than returned to our pre-script setup by restoring a server snapshot) We can / will re-run the script very shortly, once we've got answers to some final questions.

Those questions are in our next post, but it's worth mentioning that as part of the openssl make install process, new / additional data is is created, added and sometimes overwrites the existing data that's stored for example within: /usr/share/docs/* | /usr/share/man/* plus additional directories c/w content are created for example: /usr/ssl | /usr/ssl/certs | /usr/ssl/private | /usr/ssl/misc This is to be expected and fine, but it is relevant to our next post

 

[IgorG]

@learning_curve Yes, according to

./config --prefix=/usr

newly compiled openssl version will overwrite default version from OS vendor. To be honest, consequences may be unpredictable, but I do not expect any serious negative side effects. You can try to use

./config

instead. In this case, this openssl version will be installed to /usr/local/ and you could try to define this location with

--with-openssl=/usr/local/

Perhaps, vendor's openssl-devel package should be removed before this experiment...
In general, there is a lot of space for experimentation

 

[learning_curve]

Ha! You're posting faster than we can @IgorG .... We'll finish this post first, then come back to your last post.

When we used the script in the previous format, the issue was the wrong openssl release being used as part of the final make command. To try and test this further and before our last post, we ran the script with this setup:

.....
# git clone https://github.com/openssl/openssl.git
# cd openssl
# git checkout OpenSSL_1_1_0h
.....
 --with-openssl=/usr/src/openssl-OpenSSL_1_1_0h
.....

All the data still exists in /usr/src/openssl-OpenSSL_1_1_0h after our previous successful mod to change the CentOS openssl to openssl 1.1.0h so we thought our additional script change would be fine, but when the script runs, this error is logged:

.....
./nginx_with_modules_CentOS7.sh: line 85: 
--with-openssl=/usr/src/openssl-OpenSSL_1_1_0h: No such file or directory
make -f objs/Makefile
.....

And the result was the output as seen before c/w the default (CentOS) openssl

# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled....

Yet immediately after the script and just to double check:

****@****]# cd /usr/src/openssl-OpenSSL_1_1_0h
[****@**** openssl-OpenSSL_1_1_0h]#

Our questions are:
1) If we can see the /usr/src/openssl-OpenSSL_1_1_0h directory and all it's content, why can't the script? Typo by us?
2) If we figure this quandary out, the script should run successfully using this data and NOT the the default (CentOS) openssl data shouldn't it?
This would then save duplication / overwrites etc and that was our thought here....

 

[learning_curve]

Back to your last post now @IgorG , if we understand correctly, the next script change could be:

....
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout OpenSSL_1_1_0h
./config
make
make install
.....

.....
# --add-module=/usr/local/src/incubator-pagespeed-ngx-1.13.35.2-stable \
  --with-openssl=/usr/local/
# --with-openssl-opt=enable-tls1_3
.....

Which in theory, would also then save duplication / overwrites etc wouldn't it?

To recap, currently, we're here with CentOS:

[****@****]# openssl version
OpenSSL 1.1.0h  27 Mar 2018

but we're here with Plesk:

[****@****]# nginx -V
nginx version: nginx/1.13.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.1-dev  xx XXX xxxx
TLS SNI support enabled
.....

This is after our own mods to CentOs (using THIS data) and after following the previous Plesk tutorial from @UFHH01 all of which works very well, but we're keen to now enhance this further using this script whilst we (all) wait.... for TLSv1.3

 

[IgorG]

Which in theory, would also then save duplication / overwrites etc wouldn't it?

No, another version of openssl (not related to version from OS vendor in /usr/) will be installed to /usr/local/. For example, you can see version of this openssl with

# /usr/local/bin/openssl version

The version from OS vendor is

# /usr/bin/openssl version

 

[learning_curve]

Okay. Understand that now thanks @IgorG

Currently # /usr/bin/openssl contains one big binary file (this is our previous CentOS OpenSSL 1.1.0h upgrade) whilst # /usr/local/bin/openssl is completely empty there's nothing to see. All the openssl data created after running the previously mentioned tutorial is still located here: # /usr/share/openssl which will be redundant / can be deleted (we think) once we've run the script again (?) and upgraded Plesk. Meanwhile CentOS c/w OpenSSL 1.1.0h is running fine!

What's also a little bit odd is... that # /usr/share/docs/* | # /usr/share/man/* that we mentioned earlier are both quite sparse on specific data related to openssl (when compared to AFTER successfully running the script, when there was lots and lots of data)

All the corresponding data for OpenSSL 1.1.0h created during the make part of the upgrade install is still present within all the sub-directories of # /usr/src/openssl-OpenSSL_1_1_0h/ Which can be deleted anyway now (we think) as the binary has all the required operational data contained within it doesn't it?

However before we delete anything at all mentioned above, please see our final question below

And to finish this part off, was this correct?

Back to your last post now @IgorG , if we understand correctly, the next script change could be:

....
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout OpenSSL_1_1_0h
./config
make
make install
.....

.....
# --add-module=/usr/local/src/incubator-pagespeed-ngx-1.13.35.2-stable \
--with-openssl=/usr/local/
# --with-openssl-opt=enable-tls1_3
.....

and what where the answers to our POST#50 Thanks!

 

[learning_curve]

Well @IgorG whilst waiting, we went away and had another re-think based on your statement:

....In general, there is a lot of space for experimentation

We also looked back at the ORIGINAL non-script process and item 5. in-particular in the thread's opening post.
We made this separate, small OpenSSL script:

#!/bin/bash
cd /usr/share
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout OpenSSL_1_1_0h
./config shared --prefix=/usr/share/openssl --openssldir=/usr/share/openssl -Wl,-rpath,'$(LIBRPATH)'

We then deleted the existing /usr/share/openssl which had been created in the ORIGINAL and ran this^^ script.
All the OpenSSL data from the ORIGINAL that is deleted, is replaced with the latest (different) version selection.

We then ran your script again, but modified as follows:

.....
git submodule update --init --recursive
# cd /usr/local/src/nginx/

# git clone https://github.com/openssl/openssl.git
# cd openssl
# git checkout tls1.3-draft-19

cd /usr/local/src/nginx/
.....

and

.....
 --with-threads  \
 --with-openssl=/usr/share/openssl \
 --add-module=/usr/local/src/ngx_cache_purge  \
.....
--add-module=/usr/local/src/ngx_brotli
 # --add-module=/usr/local/src/incubator-pagespeed-ngx-1.13.35.2-stable \
 # --with-openssl-opt=enable-tls1_3

make -j $(nproc)
.....

All which worked very well, survived all the subsequent tests we made and our server is now live with this:

# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.0h  27 Mar 2018
TLS SNI support enabled
.....

Our upgraded CentOS 7.4 OpenSSL is untouched (SSH shown here but plus addons - Plesk GUI verification too):

# openssl version
OpenSSL 1.1.0h  27 Mar 2018

Nice, tidy and all working well with no errors!

We think... that if we had made the required OpenSSL using just ./config in /usr/local/src/openssl and then used --with-openssl=/usr/local/ later in the script, as suggested, we would have ended up with two additional (and different) OpenSSL installations instead of just one. This is because the ORIGINAL would still have been in place (unless we deleted it first) as well as the new addition. So this choice appeared to be a more simple, possible solution to us with our history and setup. If somebody runs your script without having run the ORIGINAL then their choice could/should be different than ours.

We're keen to leave it all alone now, until TLSv1.3 become officially released and there's a purpose to the next upgrade project i.e. OpenSSL / Plesk 17.8.11 (with customization similar to our curent 17.5.3 spec) and.... Plesk sw-cp-server
Thanks again for your help with this @IgorG

 

[virtubox]

New release with Nginx 1.15.0 available.

Changelog :

• add new nginx mainline release 1.15.0
• add choice between stable and mainline release
• improve menu

 

[Rar9]

I just tried your script coming from a manual compile 1.14.0:

According to log it ran through fine. .

Plesk-nginx was compiled successfully !

.. BUT nginx -t gives me an error.

nginx -t
nginx: [emerg] unknown directive "passenger_root" in /etc/nginx/conf.d/phusion-passenger.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

But this seams right....

nginx -V
nginx version: nginx/1.15.0
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-file-aio --with-threads --add-module=/usr/local/src/ngx_cache_purge --add-module=/usr/local/src/memc-nginx-module --add-module=/usr/local/src/ngx_devel_kit --add-module=/usr/local/src/headers-more-nginx-module --add-module=/usr/local/src/echo-nginx-module --add-module=/usr/local/src/ngx_http_substitutions_filter_module --add-module=/usr/local/src/redis2-nginx-module --add-module=/usr/local/src/srcache-nginx-module --add-module=/usr/local/src/set-misc-nginx-module --add-module=/usr/local/src/ngx_http_redis --add-module=/usr/local/src/ngx_brotli --add-module=/usr/local/src/ngx_http_auth_pam_module --with-openssl=/usr/local/src/openssl --with-openssl-opt=enable-tls1_3


Look forward for a fast feedback

 

[Rar9]

OK i now fully removed nginx and reinstalled it via plesk and re-ran plesk nginx install.
Then I executed the script again...

but nginx -t now gives me:

nginx: [emerg] dlopen() "/etc/nginx/nginx/modules/ngx_http_passenger_module.so" failed (/etc/nginx/nginx/modules/ngx_http_passenger_module.so: cannot open shared object file: No such file or directory) in /etc/nginx/modules.conf.d/phusion-passenger.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

Only when I uninstall Passenger Nginx -t will provide

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

 

[IgorG]

@Rar9 yes, it is known issue with phusion-passenger config - Input - Bash script to compile Nginx from source with additional modules on Plesk Onyx
If you do not use it, just delete this config.

 

[virtubox]

New release with Nginx 1.15.2 available.

Changelog :

• nginx updated to 1.15.2
• Nginx Mainline release automated download (without having to update the script)
• Openssl version bump to 1.1.1-pre8
• TLS 1.3 support updated (draft 28)
• Compilation performed with gcc7 or gcc8.1 (gcc8.1 only available with Mainline release)
• RTMP module for streaming added (Optional)
• Modules download optimized (folders in /usr/local/src are not removed anymore)

Github Page : Plesk Nginx
Github Repository : VirtuBox/plesk-nginx

 

[trialotto]

New release with Nginx 1.15.2 available.

Changelog :

@virtubox,

It might be a good idea to post some additional information and, more important, a link to your github pages.

I am pretty sure that would help a bit, since your original post and contribution is drowning in a whole lot of posts in this topic thread.

And many thanks, since this is an excellent contribution, from the start on.

Regards..........