starred/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-25 08:45:58 +03:00
Code Issues 618 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #230] Error when Enable TLS #4554

New issue
Closed
opened 2026-03-01 15:34:12 +03:00 by kerem · 14 comments
kerem commented 2026-03-01 15:34:12 +03:00
Owner
Copy link

Originally created by @sanvu88 on GitHub (Dec 8, 2023).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/230

Describe the bug

Nginx Configuration Parse Error when Enable TLS after Add Site

To Reproduce

Steps to reproduce the behavior:

  1. Manage Sites -> Add Site
  2. Fill the information then click Next -> Next
  3. Manage Sites -> Site List -> Modify site just added
  4. Click Enable TLS
  5. Click Encrypt website with Let's Encrypt -> Next

Screenshots

image

Info:

  • Server OS: Debian 12
  • Server Arch: x64
  • Nginx UI Version: 2.0.0-beta.6 (77)
  • Your Browser: Chrome

Additional context

  • If you enable TLS while adding a new site, you will not encounter this error. The error only occurs when TLS is enabled after the site has been added.
Originally created by @sanvu88 on GitHub (Dec 8, 2023). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/230 **Describe the bug** Nginx Configuration Parse Error when Enable TLS after `Add Site` **To Reproduce** Steps to reproduce the behavior: 1. Manage Sites -> Add Site 2. Fill the information then click Next -> Next 3. Manage Sites -> Site List -> Modify site just added 4. Click Enable TLS 5. Click `Encrypt website with Let's Encrypt` -> Next **Screenshots** ![image](https://github.com/0xJacky/nginx-ui/assets/12091815/bab7df58-8a58-4658-9eb7-1bd42d979d72) **Info:** - Server OS: Debian 12 - Server Arch: x64 - Nginx UI Version: 2.0.0-beta.6 (77) - Your Browser: Chrome **Additional context** - If you enable TLS while adding a new site, you will not encounter this error. The error only occurs when TLS is enabled after the site has been added.
kerem 2026-03-01 15:34:12 +03:00
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 10, 2023):

Which version of Nginx are you using?

I test on v1.24.0, it works fine.

<!-- gh-comment-id:1848844556 --> @0xJacky commented on GitHub (Dec 10, 2023): Which version of Nginx are you using? I test on v1.24.0, it works fine.
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 10, 2023):

Which version of Nginx are you using?

I test on v1.24.0, it works fine.

i use version nginx/1.25.3

<!-- gh-comment-id:1848852122 --> @sanvu88 commented on GitHub (Dec 10, 2023): > Which version of Nginx are you using? > > I test on v1.24.0, it works fine. i use version nginx/1.25.3
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 10, 2023):

ok, i will test for this verison

<!-- gh-comment-id:1848856682 --> @0xJacky commented on GitHub (Dec 10, 2023): ok, i will test for this verison
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 11, 2023):

I also test with the latest build of Nginx UI and nginx 1.25.3 but cannot reproduce this issue

<!-- gh-comment-id:1849328322 --> @0xJacky commented on GitHub (Dec 11, 2023): I also test with the latest build of Nginx UI and nginx 1.25.3 but cannot reproduce this issue
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 11, 2023):

image

This config can pass nginx -t

<!-- gh-comment-id:1849355093 --> @0xJacky commented on GitHub (Dec 11, 2023): <img width="919" alt="image" src="https://github.com/0xJacky/nginx-ui/assets/13096985/6fbefdb8-73a0-4de6-91a3-13d440d96269"> This config can pass nginx -t
kerem commented 2026-03-01 15:34:13 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 11, 2023):

Before configuring TLS, is your website enabled or disabled?

image

<!-- gh-comment-id:1849376314 --> @sanvu88 commented on GitHub (Dec 11, 2023): Before configuring TLS, is your website enabled or disabled? ![image](https://github.com/0xJacky/nginx-ui/assets/12091815/35fa662c-7e2e-4897-9c6c-f79848f3954c)
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 11, 2023):

It is enabled. By the way, I used apt install nginx from offical mainline repo.

<!-- gh-comment-id:1849393957 --> @0xJacky commented on GitHub (Dec 11, 2023): It is enabled. By the way, I used apt install nginx from offical mainline repo.
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 11, 2023):

It is enabled. By the way, I used apt install nginx from offical mainline repo.

yeah, I use Nginx build from source. I will check again with apt

<!-- gh-comment-id:1849395059 --> @sanvu88 commented on GitHub (Dec 11, 2023): > It is enabled. By the way, I used apt install nginx from offical mainline repo. yeah, I use Nginx build from source. I will check again with apt
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 11, 2023):

Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server.

<!-- gh-comment-id:1849402067 --> @0xJacky commented on GitHub (Dec 11, 2023): Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server.
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 11, 2023):

Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server.

I also think it's a good idea to sign SSL and make sure it's successful before creating an https server to avoid unnecessary errors.

<!-- gh-comment-id:1849406147 --> @sanvu88 commented on GitHub (Dec 11, 2023): > Maybe I should prepare the certificate at first by using http server, then create the https server from the configuration of http server. I also think it's a good idea to sign SSL and make sure it's successful before creating an https server to avoid unnecessary errors.
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 11, 2023):

humh, I tried testing with apt install nginx from official mainline repo. And still got the error. it's hard to understand

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/example.org:17

Output of nginx -V:

nginx version: nginx/1.25.3
built by gcc 12.2.0 (Debian 12.2.0-14)
built with OpenSSL 3.0.9 30 May 2023 (running with OpenSSL 3.0.11 19 Sep 2023) 
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.3/debian/debuild-base/nginx-1.25.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

virtual host:

server {
    listen 80;
    # listen [::]:80;
    server_name example.org;
    root /home/example.org;

    index index.html;

    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

server {
    listen 443 ssl;
    # listen [::]:443;
    http2 on;

    server_name example.org;
    root /home/example.org;

    index index.html;

    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

HTTP Context

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
<!-- gh-comment-id:1849763686 --> @sanvu88 commented on GitHub (Dec 11, 2023): humh, I tried testing with apt install nginx from official mainline repo. And still got the error. it's hard to understand ```nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/example.org:17``` Output of `nginx -V`: ``` nginx version: nginx/1.25.3 built by gcc 12.2.0 (Debian 12.2.0-14) built with OpenSSL 3.0.9 30 May 2023 (running with OpenSSL 3.0.11 19 Sep 2023) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.3/debian/debuild-base/nginx-1.25.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' ``` **virtual host:** ``` server { listen 80; # listen [::]:80; server_name example.org; root /home/example.org; index index.html; location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } } server { listen 443 ssl; # listen [::]:443; http2 on; server_name example.org; root /home/example.org; index index.html; location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } } ``` **HTTP Context** ``` http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } ```
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Dec 11, 2023):

Well, I found out the reason, this issue only occurs when this site is the only one enabled site. So, I have to change the processing order which is mention in https://github.com/0xJacky/nginx-ui/issues/230#issuecomment-1849402067.

<!-- gh-comment-id:1849817762 --> @0xJacky commented on GitHub (Dec 11, 2023): Well, I found out the reason, this issue only occurs when this site is the only one enabled site. So, I have to change the processing order which is mention in https://github.com/0xJacky/nginx-ui/issues/230#issuecomment-1849402067.
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@gaetan1903 commented on GitHub (Dec 13, 2023):

I have the same issue and i have only one site enabled

<!-- gh-comment-id:1853425761 --> @gaetan1903 commented on GitHub (Dec 13, 2023): I have the same issue and i have only one site enabled
kerem commented 2026-03-01 15:34:14 +03:00
Author
Owner
Copy link

@sanvu88 commented on GitHub (Dec 13, 2023):

I have the same issue and i have only one site enabled

jacky fixed it here: github.com/0xJacky/nginx-ui@17d6216e36

<!-- gh-comment-id:1853540788 --> @sanvu88 commented on GitHub (Dec 13, 2023): > I have the same issue and i have only one site enabled jacky fixed it here: https://github.com/0xJacky/nginx-ui/commit/17d6216e364953abde5bae002a47c4311f3f3465
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
weblate
main
renovate/uuid-14.x
renovate/typescript-6.x
renovate/all-minor-patch
cursor/interface-conversion-error-36ec
cursor/docker-api-stat-path-27ca
cursor/nginx-ui-disk-i-o-3d99
cursor/cloudflare-dns-comments-299c
cursor/access-log-dark-mode-font-dfdc
copilot/fix-ai-chat-title-error
cursor/propfind-method-logging-33b5
cursor/docker-client-version-update-d1b4
copilot/fix-nginx-ui-api-errors
cursor/update-x-forwarded-proto-header-handling-1223
cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c
cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100
cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0
v1
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0-patch.1
v2.2.0
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4-patch.1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0-patch.1
v2.1.0
v2.1.0-rc.3
v2.1.0-rc.2
v2.1.0-rc.1
v2.1.0-beta.1
v2.0.2
v2.0.1
v2.0.0
v2.0.0-rc.8-patch.1
v2.0.0-rc.8
v2.0.0-rc.7-patch.6
v2.0.0-rc.7-patch.7
v2.0.0-rc.7-patch.8
v2.0.0-rc.7-patch.5
v2.0.0-rc.7-patch.4
v2.0.0-rc.7-patch.3
v2.0.0-rc.7-patch.2
v2.0.0-rc.7-patch.1
v2.0.0-rc.7
v2.0.0-rc.6-patch.5
v2.0.0-rc.6-patch.4
v2.0.0-rc.6-patch.3
v2.0.0-rc.6-patch.2
v2.0.0-rc.6-patch.1
v2.0.0-rc.6
v2.0.0-rc.5
v2.0.0-rc.4-patch.3
v2.0.0-rc.4-patch.2
v2.0.0-rc.4-patch.1
v2.0.0-rc.4
v2.0.0-rc.3-patch.1
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1-patch.2
v2.0.0-rc.1-patch.1
v2.0.0-rc.1
v2.0.0-beta.42
v2.0.0-beta.41
v2.0.0-beta.40
v2.0.0-beta.39-risefront.6
v2.0.0-beta.39-risefront.5
v2.0.0-beta.39-risefront.4
v2.0.0-beta.39-risefront.3
v2.0.0-beta.39-risefront.2
v2.0.0-beta.39-risefront
v2.0.0-beta.39
v2.0.0-beta.38
v2.0.0-beta.37-patch.5
v2.0.0-beta.37-patch.3
v2.0.0-beta.37-patch.4
v2.0.0-beta.37-patch.2
v2.0.0-beta.37-patch.1
v2.0.0-beta.37
v2.0.0-beta.36
v2.0.0-beta.35
v2.0.0-beta.34
v2.0.0-beta.33
v2.0.0-beta.32-patch.1
v2.0.0-beta.32
v2.0.0-beta.31
v2.0.0-beta.30
v2.0.0-beta.29
v2.0.0-beta.28
v2.0.0-beta.27
v2.0.0-beta.26
v2.0.0-beta.25-patch.2
v2.0.0-beta.25-patch.1
v2.0.0-beta.25
v2.0.0-beta.24
v2.0.0-beta.23-patch.2
v2.0.0-beta.23-patch.1
v2.0.0-beta.23
v2.0.0-beta.22
v2.0.0-beta.21
v2.0.0-beta.20
v2.0.0-beta.19
v2.0.0-beta.18-patch.2
v2.0.0-beta.18-patch.1
v2.0.0-beta.18
v2.0.0-beta.17
v2.0.0-beta.16
v2.0.0-beta.15
v2.0.0-beta.14
v2.0.0-beta.13-patch
v2.0.0-beta.13
v2.0.0-beta.12
v2.0.0-beta.11
v2.0.0-beta.10-patch
v2.0.0-beta.10
v2.0.0-beta.9
v2.0.0-beta.8-patch
v2.0.0-beta.8
v2.0.0-beta.7
v2.0.0-beta.6-patch.2
v2.0.0-beta.6-patch
v2.0.0-beta.6
v2.0.0-beta.5-patch
v2.0.0-beta.5
v2.0.0-beta.4-patch
v2.0.0-beta.4
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta.1
v1.9.9-4
v1.9.9-3
v1.9.9-2
v1.9.9
v1.9.9-1
v1.8.4-patch
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0-patch
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.3
v1.6.2
v1.6.1
v1.6.0-fix
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.5.0-beta9
v1.5.0-beta8
v1.5.0-beta7
v1.5.0-beta6
v1.5.0-beta5
v1.5.0-beta4-fix
v1.5.0-beta4
v1.5.0-beta3
v1.5.0-beta2
v1.5.0-beta1
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.3-rc1
v1.3.2
v1.3.1-fix
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc.3
v1.2.0-rc.2
v1.2.0-rc.1
v1.2.0-alpha.4
v1.2.0-alpha.3
v1.2.0-alpha.2
v1.1.0
Labels
Clear labels   
Q/A

   
bug

   
casdoor

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
lego

   
platform:openwrt

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
Q/A
bug
casdoor
dependencies
docker
documentation
duplicate
enhancement
help wanted
invalid
lego
platform:openwrt
platform:windows
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#4554
No description provided.