Jump to content
  • nginx 404 - 6.10 Upgrade


    m00f
    • Urgent

    After upgrading to 6.10 , 

    GUI stopped working , same in safe mode..

     

    i'm kinda stuck atm, cant work ;/

     

    is it even possible to revert updates ? 

    image.png.1df44f3e09dafa2aacdd8f8a76502d3f.png

    b0x-diagnostics-20220518-1356.zip




    User Feedback

    Recommended Comments



    nicknick923

    Posted

    I noticed this as well - keep tabs on 

     as I feel both of these issues may have the same fix

    bonienl

    Posted

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    m00f

    Posted

    i don't see how the GUI is related to VNC? sounds like a diff issue to me.

    nicknick923

    Posted

    1 minute ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    I'm able to ssh without changing settings, but I'm not fond of changing settings at the moment.
     

    1 minute ago, m00f said:

    i don't see how the GUI is related to VNC? sounds like a diff issue to me.

    The reason I mentioned the possible similarity was I think there may be some low level url handling change that is affecting both parts - I can always be wrong however

    m00f

    Posted

    2 minutes ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

     

    same result

    bonienl

    Posted

    4 minutes ago, m00f said:

     

    same result

     

    Strange, because “plain http” access works fine in 6.10.0

     

    slashmach1

    Posted

    I have found that this may be due to the new additions involving Letsencrypt.  My system would not connect by IP.  Added a hostfile entry that points to it and BOOM i was able to connect.  

    • Like 1
    HellraiserOSU

    Posted

    1 minute ago, slashmach1 said:

    I have found that this may be due to the new additions involving Letsencrypt.  My system would not connect by IP.  Added a hostfile entry that points to it and BOOM i was able to connect.  

    Can you show the example of your entry please?

    HellraiserOSU

    Posted

    22 minutes ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    this worked for me

    I did this and then went to http://myservername  and i was able to bring up the GUI

    slashmach1

    Posted

    in windows the hostfile is at C:\windows\system32\drivers\etc\hosts

    hostname anonymized below:

    192.168.10.254 myhostnamehere

    just submitted bug report to describe my findings

    • Thanks 1
    m00f

    Posted

    19 minutes ago, bonienl said:

     

    Strange, because “plain http” access works fine in 6.10.0

     

     

    looks like it did work... 

    i was redirected to https thats why it failed.

     

    now i noticed a new issue thu , the LAN connection is set to 100mb lol xD

    m00f

    Posted

    Changed Status to Solved

    Changed Priority to Urgent

    slashmach1

    Posted

    it may be a little more complicated then that.  poking it some more and it looks like it is going off of the full hostname if you had ever previously registered the myserver plugin for ssl or to a custom hostname.  I had to use hostname.domainname.net to get the hostfile to work correctly.

    • Thanks 1
    BRiT

    Posted

    Completely unrelated to unRaid, I had this issue on Monday with a work server. It had IIS site set to only respond on HTTPS. The only way to get to it was using https://machinename.domain.com/ , it's FQDN. Attempting to browse to it using only https://machinename or even https://ipaddress resulted in 404s.

     

    TLDR: When using HTTPS, one must always use the fully qualified domain name that is used on the certificate.

    slashmach1

    Posted (edited)

    thats the trick though, myserver plugin was not installed in my case and had unregistered the hostname for letsencrypt ssl a long time ago.  IP login even with broken SSL had worked up until i updated to 6.10 stable from 6.9.2

    Edited by slashmach1
    clarification
    m00f

    Posted

    53 minutes ago, BRiT said:

    Completely unrelated to unRaid, I had this issue on Monday with a work server. It had IIS site set to only respond on HTTPS. The only way to get to it was using https://machinename.domain.com/ , it's FQDN. Attempting to browse to it using only https://machinename or even https://ipaddress resulted in 404s.

     

    TLDR: When using HTTPS, one must always use the fully qualified domain name that is used on the certificate.

     

    i installed My Server plugin few months ago and uninstalled it, so probably the hostname generated by the plugin  was updated in the ssl cert , which was <randomstring>.unraid.net ,  i wonder why it only flipped when i upgrade.. 

     

    RikStigter

    Posted (edited)

    1 hour ago, m00f said:

     

    looks like it did work... 

    i was redirected to https thats why it failed.

     

    now i noticed a new issue thu , the LAN connection is set to 100mb lol xD

    I'm afraid that none of the suggestions here have helped me, so perhaps 'Solved' is a bit premature.

    After adding my machine to the 'hosts' file and using plain http I get relayed to the URL xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.unraid.net:2443 that AFAIK is something that was introduced with the 'My Server' plugin. That doesn't work in my setup.

    My guess is also that something is wrong because of the LetsEncrypt changes introduced, but I'm afraid that a lot more digging is necessary.

    Edited by RikStigter
    • Like 1
    limetech

    Posted

    I would not use windows 'hosts' file since that is ignored by many browsers and if you forget about that entry and your IP address changes in the future it can be very puzzling what's happening.

     

    A question to those seeing this issue:  How did you access the server webGUI before?

    That is, what URL was used?

    eg, http://tower.local/

    eg, http://<ip-address>/

    eg, https://<hash>.unraid.net/

    something else?

     

    How about booting in GUI mode - do you see webGUI there?

     

    We created a command to unlock keys from the car.  If you can ssh/telnet into server, or use local webGUI Terminal, type the command:

    use_ssl no  # this will set enable http protocol on your LAN

    or

    use_ssl yes  # this will enable https with self-signed cert on your LAN

    • Thanks 1
    BoxOfSnoo

    Posted

    I always used a self-signed cert before, using https://myservername.local and it started failing after the upgrade.  I was able to turn off SSL using the config edit explained above and then I could connect over http... and it forwarded to https://<hash>.unraid.net

     

    After `use_ssl yes` it seems to work as it used to.

    limetech

    Posted

    1 minute ago, BoxOfSnoo said:

    After `use_ssl yes` it seems to work as it used to.

     

    What version Unraid OS were you using before and what was he value of "Use SSL/TLS" setting before?

    thx

    BoxOfSnoo

    Posted

    The previous stable, 6.9.2

     

    I don't recall using the command line tool, but it reported that it changed from "auto" to "yes"

    • Like 1
    ljm42

    Posted

    @BoxOfSnoo would you please upload your diagnostics (from Tools -> Diagnostics) ? I'm following a lead on why your use_ssl was set to auto.

     

     

    Everyone else... Are you able to access your webgui currently? If not - use telnet, SSH or a local keyboard/monitor to login to the server and type `use_ssl no`. Then you will be able to access the server via http://ipaddress (or http://ipaddress:port if you have set a custom http port) (NOTE: use http not https! If your browser has a cached redirect to https then use Private/Incognito mode to prevent that)

     

    If you have absolutely no way to access the command line on the server, then you'll need to shut the server down, move the flash drive to another computer, and edit the config/ident.cfg file to set USE_SSL=“no”. Then put the flash drive back in the server and boot. You should really avoid this if at all possible though, as it will result in an unclean shutdown.

     

    Once you can access the webgui, upload your diagnostics.zip file (from Tools -> Diagnostics) and tell me what url you want to use to access the server and I'll tell you how to set that up. It would also be helpful to see the output of the `use_ssl no` command you ran previously.  Also, as there are multiple people in this thread, please respond in a way that doesn't require me to go back and find your previous comments to follow the discussion :) 

     

     

    FYI - There were a few mentions of the My Servers plugin so I'll just say... The My Servers plugin does not have anything to do with SSL, other than to tell you to enable it if you want to use the optional Remote Access feature. Installing / uninstalling the My Servers plugin will have no effect on the url or certificate used to access your server. That is all provided by Unraid itself.

    Unraid 6.10 has vastly improved SSL support but it seems there are corner cases that we did not account for during the upgrade.  After seeing your diagnostics we should be able to improve this for other folks. Thanks!

    • Thanks 1
    ljm42

    Posted

    2 hours ago, BoxOfSnoo said:

    I always used a self-signed cert before, using https://myservername.local and it started failing after the upgrade.  I was able to turn off SSL using the config edit explained above and then I could connect over http... and it forwarded to https://<hash>.unraid.net

     

    After `use_ssl yes` it seems to work as it used to.

     

    1 hour ago, BoxOfSnoo said:

    The previous stable, 6.9.2

     

    I don't recall using the command line tool, but it reported that it changed from "auto" to "yes"

     

    Thanks for the diagnostics

     

    You have an existing unraid.net LE certificate on your system, so the upgrade kept your USE_SSL=auto setting from 6.9.2 and set you up to use https://hash.unraid.net as the url. In 6.10, USE_SSL=auto is the most secure option, where other urls like https://servername.local throw a 404 rather than redirecting.

     

    TBH I'm not sure how you were using https://servername.local as the url in 6.9.2, with this configuration that shouldn't have been an option. Odd.

     

    Because of that, I'm not sure how we could have improved the upgrade process for you. Based on what I'm seeing here it looks like we interpreted the settings correctly. I'll keep an eye out for other people with this issue to see if I can understand it better.
     

    If your goal is to use https://servername.local with a self-signed certificate then you should be all set now with USE_SSL=yes. The one change I would suggest is to go to Settings -> Management Access and press Delete to remove the unraid.net certificate that you are not using. Then there is no chance it will confuse things in the future.



    BTW, if anyone is looking for documentation on how to setup SSL in 6.10, see: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 

    • Thanks 1
    ljm42

    Posted

    5 hours ago, ljm42 said:

    TBH I'm not sure how you were using https://servername.local as the url in 6.9.2, with this configuration that shouldn't have been an option. Odd.

     

    Because of that, I'm not sure how we could have improved the upgrade process for you. Based on what I'm seeing here it looks like we interpreted the settings correctly. I'll keep an eye out for other people with this issue to see if I can understand it better.

     

    OK we figured it out. There was a bug in 6.9.2 that allowed you to use https://servername.local even though it was not valid for the hash.unraid.net certificate the server was configured to use. And since self-signed certificates also throw errors the browser probably didn't make it clear exactly which error you were accepting. So it would have been tough for you to know that the system was misconfigured in 6.9.2.

     

    We are going to tweak the upgrade process so that anyone upgrading from 6.9.2 with USE_SSL=auto will change to USE_SSL=yes in 6.10.0. That will eliminate this problem, and put users in control of whether they want the more secure/restrictive USE_SSL=auto setting.

    • Like 2
    • Thanks 2



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.

×
×
  • Create New...