January 20, 20251 yr So I have managed to break my Unraid web dashboard. Currently, nginx cannot start due to what looks like conflicting SSL config. I had previously moved unraid to :5001 and wanted to move it back to :443, and applied in the web configuration. Upon reboot I have no web dashboard access and get an HTTP 502 response. Fortunately, I still have SSH access so I am not totally hooped. Trying to start nginx manually fails: /etc/rc.d/rc.nginx start rc.nginx: Starting Nginx server daemon... No extensions in certificate rc.nginx: Nginx server daemon... Failed. And error logs show: tail /var/log/nginx/error.log 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to [fd7a:115c:a1e0::1e01:e52]:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to 100.103.14.82:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to [fd7a:115c:a1e0::1e01:e52]:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to 100.103.14.82:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to [fd7a:115c:a1e0::1e01:e52]:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to 100.103.14.82:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to [fd7a:115c:a1e0::1e01:e52]:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to 100.103.14.82:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: bind() to [fd7a:115c:a1e0::1e01:e52]:443 failed (98: Address already in use) 2025/01/19 21:14:06 [emerg] 2299839#2299839: still could not bind() I can see tailscale is on :443: lsof -i :443 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME unraid-ap 14762 root 24u IPv4 7373720 0t0 TCP 10.0.0.111:35474->104.26.2.117:https (ESTABLISHED) tailscale 2290810 root 9u IPv4 12893822 0t0 TCP 10.0.0.111:35578->ec2-54-161-152-147.compute-1.amazonaws.com:https (ESTABLISHED) tailscale 2290810 root 26u IPv6 12897463 0t0 TCP [fd7a:115c:a1e0::1e01:e52]:https (LISTEN) tailscale 2290810 root 27u IPv4 12893958 0t0 TCP 100.103.14.82:https (LISTEN) tailscale 2290810 root 31u IPv4 12899715 0t0 TCP 10.0.0.111:54602->derp10b.tailscale.com:https (ESTABLISHED) node 2298862 root 21u IPv4 12949158 0t0 TCP 10.0.0.111:58966->lb-140-82-112-21-iad.github.com:https (ESTABLISHED) I am hoping to get some direction on how to resolve this and get web access back. I suspect a lot of confusion/multiple applications editing nginx has led to this. I am wondering if I would be best to revert to a default, or something else? Diagnostics and configs attached. Setup - Unraid 7.0 - Tailscale enabled - Dashboard previously moved to port 5001, now trying to restore to default - SSH access still working Current Issue Getting HTTP 502 errors when accessing Unraid dashboard. Config Details Current servers.conf has conflicting SSL configurations: ```nginx ssl_certificate /boot/config/ssl/certs/gByte_unraid_bundle.pem; ssl_certificate_key /boot/config/ssl/certs/gByte_unraid.key; ssl_trusted_certificate /boot/config/ssl/certs/gByte_unraid.crt; # Conflicting with ssl_certificate /etc/ssl/certs/unraid.pem; ssl_certificate_key /etc/ssl/private/unraid.key; Any insight or direction would be appreciated! gbyte-diagnostics-20250119-2050.zip nginx.conf servers.conf Edited January 20, 20251 yr by gvns adding detail
January 20, 20251 yr Author As this relates to Tailscale, I am wondering if I should/can move this to the Tailscale Support subforum?
February 2, 20251 yr Author Aha! Yes @JorgeB - this put me on the right track. I was successfully able to start unraid in safe mode and get GUI access. From there, I uninstalled the Tailscale plugin and then reinstalled. After that, I was able to start unraid in normal mode with the GUI working as expected. Thanks for your help - I am kicking myself for not thinking of safe mode to begin with. Edited February 2, 20251 yr by gvns
February 2, 20251 yr I'm guessing that you enabled "tailscale serve" or "tailscale funnel" via the CLI with the WebGUI running on port 443 too... this creates a port conflict since you've told both services to listen on the same port on the Tailscale IP.
February 3, 20251 yr Author 11 hours ago, EDACerton said: I'm guessing that you enabled "tailscale serve" or "tailscale funnel" via the CLI with the WebGUI running on port 443 too... this creates a port conflict since you've told both services to listen on the same port on the Tailscale IP. That is absolutely a possibility. I would have likely tried to use trailscale serve at some point and yes indeed created that conflict. btw, thanks for your contributions to the unraid plugin @EDACerton!
February 16, 20251 yr Author A couple weeks later, I rebooted the unraid box (as part of maintenance) and ran into this issue again. Luckily, what @EDACerton had mentioned around tailscale serve being the likely culprit helped clue me in quickly. I was able to resolve my issue using the command tailscale serve reset which reset the config and removed the conflict. Thanks again for dropping that insight - with the knowledge it was an obvious issue.
February 16, 20251 yr Author My notes from this issue that I saved, formatted using Notion AI - sharing here should someone else hit this issue or similar: Port Conflict Resolution: Tailscale Serve & Unraid Web Interface A common issue when using Tailscale Serve with Unraid is port conflicts between Tailscale and web servers (Nginx/Caddy) on ports 80/443, preventing access to the Unraid web interface. Common Symptoms: Unraid web interface becomes inaccessible Port 443 shows as occupied by Tailscale (verified via lsof) Tailscale serve configuration persists with error: "background configuration already exists" Standard configuration removal commands fail Port conflicts between Tailscale serve and web servers on ports 80/443 Resolution Steps: First, stop all web servers using ports 80/443: Stop the SWAG (nginx) container if running Stop any Caddy containers if present Clear Tailscale serve configuration: tailscale serve reset Confirm successful configuration removal: tailscale serve list Verify port availability: lsof -i :443 lsof -i :80 Restart web servers using non-conflicting ports: /etc/rc.d/rc.nginx start Preventive Measures: Use alternative ports for web servers (recommended: 81 for HTTP, 4431 for HTTPS) Maintain a port assignment document to track usage Consider nginx/caddy reverse proxy as an alternative to Tailscale serve Note: After running 'tailscale serve reset', you may see the message "only localhost or 127.0.0.1 proxies are currently supported". This is expected behavior and confirms that no serve configuration is active. Edited February 16, 20251 yr by gvns
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.