• nginx 404 - 6.10 Upgrade


    m00f
    • Urgent

    After upgrading to 6.10 , 

    GUI stopped working , same in safe mode..

     

    i'm kinda stuck atm, cant work ;/

     

    is it even possible to revert updates ? 

    image.png.1df44f3e09dafa2aacdd8f8a76502d3f.png

    b0x-diagnostics-20220518-1356.zip




    User Feedback

    Recommended Comments



    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    Link to comment
    1 minute ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    I'm able to ssh without changing settings, but I'm not fond of changing settings at the moment.
     

    1 minute ago, m00f said:

    i don't see how the GUI is related to VNC? sounds like a diff issue to me.

    The reason I mentioned the possible similarity was I think there may be some low level url handling change that is affecting both parts - I can always be wrong however

    Link to comment
    2 minutes ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

     

    same result

    Link to comment
    4 minutes ago, m00f said:

     

    same result

     

    Strange, because “plain http” access works fine in 6.10.0

     

    Link to comment

    I have found that this may be due to the new additions involving Letsencrypt.  My system would not connect by IP.  Added a hostfile entry that points to it and BOOM i was able to connect.  

    • Like 1
    Link to comment
    1 minute ago, slashmach1 said:

    I have found that this may be due to the new additions involving Letsencrypt.  My system would not connect by IP.  Added a hostfile entry that points to it and BOOM i was able to connect.  

    Can you show the example of your entry please?

    Link to comment
    22 minutes ago, bonienl said:

    Can you SSH into your server?
     

    Edit the file /boot/config/ident.cfg and change:

    USE_SSL=“no”

     

    Reload nginx:

    /etc/rc.d/rc.nginx reload

     

    Login to the Gui using http://tower (your server name)

     

    this worked for me

    I did this and then went to http://myservername  and i was able to bring up the GUI

    Link to comment

    in windows the hostfile is at C:\windows\system32\drivers\etc\hosts

    hostname anonymized below:

    192.168.10.254 myhostnamehere

    just submitted bug report to describe my findings

    • Thanks 1
    Link to comment
    19 minutes ago, bonienl said:

     

    Strange, because “plain http” access works fine in 6.10.0

     

     

    looks like it did work... 

    i was redirected to https thats why it failed.

     

    now i noticed a new issue thu , the LAN connection is set to 100mb lol xD

    Link to comment

    it may be a little more complicated then that.  poking it some more and it looks like it is going off of the full hostname if you had ever previously registered the myserver plugin for ssl or to a custom hostname.  I had to use hostname.domainname.net to get the hostfile to work correctly.

    • Thanks 1
    Link to comment

    Completely unrelated to unRaid, I had this issue on Monday with a work server. It had IIS site set to only respond on HTTPS. The only way to get to it was using https://machinename.domain.com/ , it's FQDN. Attempting to browse to it using only https://machinename or even https://ipaddress resulted in 404s.

     

    TLDR: When using HTTPS, one must always use the fully qualified domain name that is used on the certificate.

    Link to comment

    thats the trick though, myserver plugin was not installed in my case and had unregistered the hostname for letsencrypt ssl a long time ago.  IP login even with broken SSL had worked up until i updated to 6.10 stable from 6.9.2

    Edited by slashmach1
    clarification
    Link to comment
    53 minutes ago, BRiT said:

    Completely unrelated to unRaid, I had this issue on Monday with a work server. It had IIS site set to only respond on HTTPS. The only way to get to it was using https://machinename.domain.com/ , it's FQDN. Attempting to browse to it using only https://machinename or even https://ipaddress resulted in 404s.

     

    TLDR: When using HTTPS, one must always use the fully qualified domain name that is used on the certificate.

     

    i installed My Server plugin few months ago and uninstalled it, so probably the hostname generated by the plugin  was updated in the ssl cert , which was <randomstring>.unraid.net ,  i wonder why it only flipped when i upgrade.. 

     

    Link to comment
    1 hour ago, m00f said:

     

    looks like it did work... 

    i was redirected to https thats why it failed.

     

    now i noticed a new issue thu , the LAN connection is set to 100mb lol xD

    I'm afraid that none of the suggestions here have helped me, so perhaps 'Solved' is a bit premature.

    After adding my machine to the 'hosts' file and using plain http I get relayed to the URL xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.unraid.net:2443 that AFAIK is something that was introduced with the 'My Server' plugin. That doesn't work in my setup.

    My guess is also that something is wrong because of the LetsEncrypt changes introduced, but I'm afraid that a lot more digging is necessary.

    Edited by RikStigter
    • Like 1
    Link to comment

    I would not use windows 'hosts' file since that is ignored by many browsers and if you forget about that entry and your IP address changes in the future it can be very puzzling what's happening.

     

    A question to those seeing this issue:  How did you access the server webGUI before?

    That is, what URL was used?

    eg, http://tower.local/

    eg, http://<ip-address>/

    eg, https://<hash>.unraid.net/

    something else?

     

    How about booting in GUI mode - do you see webGUI there?

     

    We created a command to unlock keys from the car.  If you can ssh/telnet into server, or use local webGUI Terminal, type the command:

    use_ssl no  # this will set enable http protocol on your LAN

    or

    use_ssl yes  # this will enable https with self-signed cert on your LAN

    • Thanks 1
    Link to comment

    I always used a self-signed cert before, using https://myservername.local and it started failing after the upgrade.  I was able to turn off SSL using the config edit explained above and then I could connect over http... and it forwarded to https://<hash>.unraid.net

     

    After `use_ssl yes` it seems to work as it used to.

    Link to comment
    1 minute ago, BoxOfSnoo said:

    After `use_ssl yes` it seems to work as it used to.

     

    What version Unraid OS were you using before and what was he value of "Use SSL/TLS" setting before?

    thx

    Link to comment

    The previous stable, 6.9.2

     

    I don't recall using the command line tool, but it reported that it changed from "auto" to "yes"

    • Like 1
    Link to comment

    @BoxOfSnoo would you please upload your diagnostics (from Tools -> Diagnostics) ? I'm following a lead on why your use_ssl was set to auto.

     

     

    Everyone else... Are you able to access your webgui currently? If not - use telnet, SSH or a local keyboard/monitor to login to the server and type `use_ssl no`. Then you will be able to access the server via http://ipaddress (or http://ipaddress:port if you have set a custom http port) (NOTE: use http not https! If your browser has a cached redirect to https then use Private/Incognito mode to prevent that)

     

    If you have absolutely no way to access the command line on the server, then you'll need to shut the server down, move the flash drive to another computer, and edit the config/ident.cfg file to set USE_SSL=“no”. Then put the flash drive back in the server and boot. You should really avoid this if at all possible though, as it will result in an unclean shutdown.

     

    Once you can access the webgui, upload your diagnostics.zip file (from Tools -> Diagnostics) and tell me what url you want to use to access the server and I'll tell you how to set that up. It would also be helpful to see the output of the `use_ssl no` command you ran previously.  Also, as there are multiple people in this thread, please respond in a way that doesn't require me to go back and find your previous comments to follow the discussion :) 

     

     

    FYI - There were a few mentions of the My Servers plugin so I'll just say... The My Servers plugin does not have anything to do with SSL, other than to tell you to enable it if you want to use the optional Remote Access feature. Installing / uninstalling the My Servers plugin will have no effect on the url or certificate used to access your server. That is all provided by Unraid itself.

    Unraid 6.10 has vastly improved SSL support but it seems there are corner cases that we did not account for during the upgrade.  After seeing your diagnostics we should be able to improve this for other folks. Thanks!

    • Thanks 1
    Link to comment
    2 hours ago, BoxOfSnoo said:

    I always used a self-signed cert before, using https://myservername.local and it started failing after the upgrade.  I was able to turn off SSL using the config edit explained above and then I could connect over http... and it forwarded to https://<hash>.unraid.net

     

    After `use_ssl yes` it seems to work as it used to.

     

    1 hour ago, BoxOfSnoo said:

    The previous stable, 6.9.2

     

    I don't recall using the command line tool, but it reported that it changed from "auto" to "yes"

     

    Thanks for the diagnostics

     

    You have an existing unraid.net LE certificate on your system, so the upgrade kept your USE_SSL=auto setting from 6.9.2 and set you up to use https://hash.unraid.net as the url. In 6.10, USE_SSL=auto is the most secure option, where other urls like https://servername.local throw a 404 rather than redirecting.

     

    TBH I'm not sure how you were using https://servername.local as the url in 6.9.2, with this configuration that shouldn't have been an option. Odd.

     

    Because of that, I'm not sure how we could have improved the upgrade process for you. Based on what I'm seeing here it looks like we interpreted the settings correctly. I'll keep an eye out for other people with this issue to see if I can understand it better.
     

    If your goal is to use https://servername.local with a self-signed certificate then you should be all set now with USE_SSL=yes. The one change I would suggest is to go to Settings -> Management Access and press Delete to remove the unraid.net certificate that you are not using. Then there is no chance it will confuse things in the future.



    BTW, if anyone is looking for documentation on how to setup SSL in 6.10, see: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 

    • Thanks 1
    Link to comment
    5 hours ago, ljm42 said:

    TBH I'm not sure how you were using https://servername.local as the url in 6.9.2, with this configuration that shouldn't have been an option. Odd.

     

    Because of that, I'm not sure how we could have improved the upgrade process for you. Based on what I'm seeing here it looks like we interpreted the settings correctly. I'll keep an eye out for other people with this issue to see if I can understand it better.

     

    OK we figured it out. There was a bug in 6.9.2 that allowed you to use https://servername.local even though it was not valid for the hash.unraid.net certificate the server was configured to use. And since self-signed certificates also throw errors the browser probably didn't make it clear exactly which error you were accepting. So it would have been tough for you to know that the system was misconfigured in 6.9.2.

     

    We are going to tweak the upgrade process so that anyone upgrading from 6.9.2 with USE_SSL=auto will change to USE_SSL=yes in 6.10.0. That will eliminate this problem, and put users in control of whether they want the more secure/restrictive USE_SSL=auto setting.

    • Like 2
    • Thanks 2
    Link to comment



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.