Help

2023-09-17 Thread Revvy via nginx 

I use nginx for my DNS over HTTPS and DNS over TLS. Here is my nginx.conf:

user www-data;

worker_processes auto;
pid /run/nginx.pid;
load_module /etc/nginx/modules/ngx_http_js_module.so;
load_module /etc/nginx/modules/ngx_stream_js_module.so;

events {
    worker_connections 768;
}


# DNS Stream Services
stream {
  # Import the NJS module
  js_import /etc/nginx/njs.d/dns/dns.js;

  # The $dns_qname variable can be populated by preread calls, and can 
be used for DNS routing

  js_set $dns_qname dns.get_qname;

  # DNS upstream pool.
  upstream dns {
    zone dns 64k;
    server 127.0.0.1:53;
  }

  # DNS(TCP) and DNS over TLS (DoT) Server
  # Terminate DoT and DNS TCP, and proxy onto standard DNS
  server {
    listen 853 ssl;
    ssl_certificate_key /etc/letsencrypt/live/revvy.de/privkey.pem;
    ssl_certificate /etc/letsencrypt/live/revvy.de/fullchain.pem;
    js_preread dns.preread_dns_request;
    proxy_pass dns;
  }

  # DNS over HTTPS (gateway) Service
  # Upstream can be either DNS(TCP) or DoT. If upstream is DNS, 
proxy_ssl should be off.

  server {
    listen 127.0.0.1:8053;
    js_filter dns.filter_doh_request;
    proxy_pass dns;
  }
}

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    variables_hash_max_size 2048;
    server_names_hash_bucket_size 256;
    include /etc/nginx/snippets/mime.types;
    default_type application/octet-stream;

    log_format main '[$time_local] $host $status $bytes_sent $uri';

    fastcgi_read_timeout 300;
    proxy_read_timeout 1d;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    #access_log /etc/nginx/logs/access.log main;
    #access_log /etc/nginx/logs/access.log;
    access_log /dev/null;
    error_log /dev/null;
    #error_log /etc/nginx/logs/error.log;
    server_tokens off;
    resolver 1.1.1.1;
    include /etc/nginx/conf.d/*;

}

When I restart the systemd service, I am greeted with:
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Starting nginx.service - 
nginx - high performance web server...
Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] dlopen() 
"/etc/nginx/modules/ngx_http_js_module.so" failed 
(/etc/nginx/modules/ngx_http_js_module.so: undefined symbol: 
EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Control 
process exited, code=exited, status=1/FAILURE
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Failed with 
result 'exit-code'.
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Failed to start nginx.service 
- nginx - high performance web server.



I am running on Debian 12 bookworm.
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: Help

2023-09-18 Thread Revvy via nginx 
After compiling nginx 1.24.0 from the source tarball, using identical 
configure arguments, it just works.


$ /sbin/nginx -V
nginx version: nginx/1.24.0
built by gcc 12.2.0 (Debian 12.2.0-14)
built with OpenSSL 3.0.9 30 May 2023
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx 
--modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf 
--error-log-path=/var/log/nginx/error.log 
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid 
--lock-path=/var/run/nginx.lock 
--http-client-body-temp-path=/var/cache/nginx/client_temp 
--http-proxy-temp-path=/var/cache/nginx/proxy_temp 
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp 
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp 
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx 
--group=nginx --with-compat --with-file-aio --with-threads 
--with-http_addition_module --with-http_auth_request_module 
--with-http_dav_module --with-http_flv_module --with-http_gunzip_module 
--with-http_gzip_static_module --with-http_mp4_module 
--with-http_random_index_module --with-http_realip_module 
--with-http_secure_link_module --with-http_slice_module 
--with-http_ssl_module --with-http_stub_status_module 
--with-http_sub_module --with-http_v2_module --with-mail 
--with-mail_ssl_module --with-stream --with-stream_realip_module 
--with-stream_ssl_module --with-stream_ssl_preread_module 
--with-cc-opt='-g -O2 
-ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. 
-fstack-protector-strong -Wformat -Werror=format-security 
-Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now 
-Wl,--as-needed -pie'


Checked my dpkg.log, I might've misremembered upgrading nginx, only 
nginx-module-njs


Before I was using nginx-module-njs:amd64 1.24.0+0.8.0-1~bullseye
Now nginx-module-njs:amd64 1.24.0+0.8.1-1~bookworm
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx