• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Template_Exception: nginx: [emerg] duplicate listen options

J

JuanCar

Regular Pleskian
Server operating system version
Almalinux 9.4
Plesk version and microupdate number
18.0.72 #2
Hi
After last update I have received this message:

Code: 
Apache config (17579702710.83917500) generation failed: Template_Exception: nginx: [emerg] duplicate listen options for xxx.xxx.xxx.xxx:443 in /etc/nginx/plesk.conf.d/server.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
nginx: [emerg] duplicate listen options for  xxx.xxx.xxx.xxx:443 in /etc/nginx/plesk.conf.d/server.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed

I have looked at the file /etc/nginx/plesk.conf.d/server.conf and found this in line 15
listen xxx.xxx.xxx.xxx:443 quic reuseport;
add_header Alt-Svc 'h3=":443"; ma=86400';
listen xxx.xxx.xxx.xxx:443 ssl;
there are two listen with different options, yes, but Nginx service is running ok.
I can't understand
Thanks for any help or info.

 
Yes I have enabled http3
I can turn it off but I don't know how to check.
The error message was sent when the system was updated.
And if I do
systemctl status nginx
The answer says that config is ok.
And nginx -t says config is ok.
A big mistery for me.
 
I ran into a similar issue. In my case, it pointed out that I didn't have TLS1.3 enabled:
Bash: 
plesk bin server_pref -s | grep ssl
ssl-protocols: TLSv1.2
ssl-ciphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl-cipher-server-order: true
Click to expand...
Since ssl-protocols didn't have TLSv1.3, I used:
Bash: 
plesk bin server_pref -u -ssl-protocols 'TLSv1.2 TLSv1.3'
Afterwards, I reconfigured the webserver and I had HTTP/3 enabled:
Bash: 
plesk sbin httpdmng --reconfigure-all
 
A complete config (ips and ports masked)
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

map $host $ip_default_host {
xxx.xxx.xxx.xxx default-xxx-xxx-xxx-xxx;
yyy.yyy.yyy.yyy default-yyy-yyy-yyy-yyy;
default $host;
}

include "/etc/nginx/plesk.conf.d/ip_default/*.conf";

server {
listen xxx.xxx.xxx.xxx:443 quic reuseport;
add_header Alt-Svc 'h3=":443"; ma=86400';
listen xxx.xxx.xxx.xxx:443 ssl;
http2 on;

ssl_certificate /usr/local/psa/var/certificates/cert8TKX2Rc;
ssl_certificate_key /usr/local/psa/var/certificates/cert8TKX2Rc;

location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:pppp;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}

location / {
proxy_pass https://127.0.0.1:nnnn;
proxy_hide_header upgrade;
proxy_ssl_server_name on;
proxy_ssl_name $ip_default_host;
proxy_ssl_session_reuse off;
proxy_set_header Host $ip_default_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

server {
listen yyy.yyy.yyy.yyy:443 quic reuseport;
add_header Alt-Svc 'h3=":443"; ma=86400';
listen yyy.yyy.yyy.yyy:443 ssl;
http2 on;

ssl_certificate /usr/local/psa/var/certificates/cert8TKX2Rc;
ssl_certificate_key /usr/local/psa/var/certificates/cert8TKX2Rc;

location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:pppp;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}

location / {
proxy_pass https://127.0.0.1:nnnn;
proxy_hide_header upgrade;
proxy_ssl_server_name on;
proxy_ssl_name $ip_default_host;
proxy_ssl_session_reuse off;
proxy_set_header Host $ip_default_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

server {
listen xxx.xxx.xxx.xxx:443 quic ;
listen xxx.xxx.xxx.xxx:443 ssl;
listen yyy.yyy.yyy.yyy:443 quic ;
listen yyy.yyy.yyy.yyy:443 ssl;
add_header Alt-Svc 'h3=":443"; ma=86400';
http2 on;

ssl_certificate "/usr/local/psa/var/certificates/scfadwfsQ";
ssl_certificate_key "/usr/local/psa/var/certificates/scfadwfsQ";
client_max_body_size 2048m;

proxy_read_timeout 600;
proxy_send_timeout 600;

proxy_max_temp_file_size 0;
proxy_buffers 16 16k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 32k;

server_name "panel.espaciolatino.com";

location / {
proxy_pass http://127.0.0.1:pppp;
proxy_redirect http://$host:pppp $scheme://$host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Http-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log off;

gzip on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
}

location ~ /(ws|websocket)(/|$) {
proxy_pass http://127.0.0.1:pppp;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Http-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log off;
}

underscores_in_headers on;
}

server {
listen xxx.xxx.xxx.xxx:80;

location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:pppp;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}

location / {
proxy_pass http://127.0.0.1:nnnn;
proxy_set_header Host $ip_default_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

server {
listen yyy.yyy.yyy.yyy:80;

location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:pppp;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}

location / {
proxy_pass http://127.0.0.1:nnnn;
proxy_set_header Host $ip_default_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
 
plesk bin server_pref -s | grep ssl
ssl-protocols: TLSv1.2 TLSv1.3
ssl-ciphers: FFCAD+AESLCM+AES128:FFCAD+AESLCM+AES256:EECDH+CHACHA30:EECDH+SHA256+AES128:FFCDH+SHA384+AES256:FFCDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA30:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!5DAS:!MD5:!PSK:!KRB5:!bFGDH:!kDH:!EDH
ssl-cipher-server-order: true
 
Interesting. Taking another look at my /etc/nginx/plesk.conf.d/server.conf, it's exactly the same as yours.

If you reconfigure, do you still get the error message?
Bash: 
plesk sbin httpdmng --reconfigure-all
 
Thanks.
The server is working fine right now; the logs haven't shown that error again.
...And I'm sticking with the first rule of IT: if it ain't broke, don't fix it. ;)
 
You must log in or register to reply here.

Similar threads

P
Resolved Unable to Start Nginx
Replies
1
Views
1K
PalmtreeRoundabout
P
V
Issue Problem with IPv6 binding in Nginx web server configuration templates
Replies
7
Views
3K
learning_curve
learning_curve
s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
2K
s-light
s-light
B
Input How to use Multiple IP's for 1 Domain [IMPORTANT FEATURE THAT'S MISSING NATIVELY]
Replies
1
Views
8K
scsa20
scsa20
R
Issue Cannot restart NGINX
Replies
1
Views
1K
Raul A.
R
Back
Top