Secure-Adblocking-DNS icon indicating copy to clipboard operation
Secure-Adblocking-DNS copied to clipboard
verified publisher icon clayauld

NGINX Install Script

Open YSpoof opened this issue 4 years ago • 11 comments

It auto aborts the operation due to a missing '-y' on 'apt install nginx' line 9 ??? Since it cancels out the installation due to running next commands ( At least for me ).

YSpoof avatar Oct 06 '21 13:10 YSpoof

Also, NGINX try to start on port 80 but I have Apache running, so I've needed to manually edit the NGINX config and remove that, maybe some option during the setup to ask if the user wants that ;)

YSpoof avatar Oct 06 '21 13:10 YSpoof

BTW, Android still can't connect :( I dunno why.

YSpoof avatar Oct 06 '21 14:10 YSpoof

2021/10/06 10:59:00 [error] 830507#830507: *27 upstream timed out (110: Connection timed out) while proxying connection, client: HIDDEN_IP, server: 0.0.0.0:853, upstream: "127.0.0.1:53", bytes from/to client:56/0, bytes from/to upstream:0/0

YSpoof avatar Oct 06 '21 14:10 YSpoof

Thanks for the feedback. I'll run tests and fix the script. I posted the changes without adequate testing, and was hoping it would "just work". Looks like I need to fix it!

And, yes, I'd like to add some options in the install script, including asking for the correct domain name for the VPS or server, nginx port, etc. I put the script together kinda quickly, so it was a first attempt.

Feel free to make changes to the script and fix it if you have time. I can merge PRs quickly if you have the time to create one.

clayauld avatar Oct 07 '21 20:10 clayauld

No prob, just keep up the good work, y'all know that we can't test on every system/scenario on the planet, I was testing on a Debian 11 server.

YSpoof avatar Oct 07 '21 20:10 YSpoof

Remove line 14 from NGinx Install.sh

"systemctl restart nginx"

Since the user will need to setup the certificate and the script will throw an error:

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

YSpoof avatar Oct 08 '21 12:10 YSpoof

I updated the install script with your suggestions.

clayauld avatar Oct 08 '21 20:10 clayauld

Cool, I c, now what would be awesome is the script pulling 2 nginx.conf, 1 for people who is already running another service on port 80 ( the warning u put is good, but people need to manuallly remove the http block from nginx.conf ) with http block removed from the nginx.conf, and other for people not running any service on port 80 ( the one u already have ).

YSpoof avatar Oct 13 '21 13:10 YSpoof

@clayauld need to chmod +x /usr/local/bin/transparent-proxy inside the install.sh :

root@cenarioserver /home/zero 29s ❯ systemctl status transparent-proxy.service ● transparent-proxy.service - A script to enable transparent Nginx proxy Loaded: loaded (/lib/systemd/system/transparent-proxy.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2021-10-13 21:43:23 -03; 36s ago Process: 627444 ExecStart=/usr/local/bin/transparent-proxy (code=exited, status=203/EXEC) Main PID: 627444 (code=exited, status=203/EXEC) CPU: 1ms

out 13 21:43:23 cenarioserver systemd[1]: Started A script to enable transparent Nginx proxy. out 13 21:43:23 cenarioserver systemd[627444]: transparent-proxy.service: Failed to locate executable /usr/local/bin/transparent-proxy: Permission denied out 13 21:43:23 cenarioserver systemd[627444]: transparent-proxy.service: Failed at step EXEC spawning /usr/local/bin/transparent-proxy: Permission denied out 13 21:43:23 cenarioserver systemd[1]: transparent-proxy.service: Main process exited, code=exited, status=203/EXEC out 13 21:43:23 cenarioserver systemd[1]: transparent-proxy.service: Failed with result 'exit-code'.

C this line :

out 13 21:43:23 cenarioserver systemd[627444]: transparent-proxy.service: Failed at step EXEC spawning /usr/local/bin/transparent-proxy: Permission denied

and after chmodding it, it works but if there are some way to fix this :

out 13 21:47:16 cenarioserver systemd[1]: transparent-proxy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT out 13 21:47:16 cenarioserver systemd[1]: transparent-proxy.service: Failed with result 'exit-code'.

BTW appending exit 0 to transparent-proxy doesn't solve that status=2.

YSpoof avatar Oct 14 '21 00:10 YSpoof

I updated the install script with the suggested line. When I run the command sudo systemctl status transparent-proxy I get the following log:

● transparent-proxy.service - A script to enable transparent Nginx proxy
     Loaded: loaded (/lib/systemd/system/transparent-proxy.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Wed 2021-10-13 17:56:00 AKDT; 2min 16s ago
   Main PID: 985 (code=exited, status=0/SUCCESS)

Oct 13 17:56:00 dns1.pi.hole systemd[1]: Started A script to enable transparent Nginx proxy.
Oct 13 17:56:00 dns1.pi.hole transparent-proxy[986]: net.ipv4.conf.default.route_localnet = 1
Oct 13 17:56:00 dns1.pi.hole transparent-proxy[987]: net.ipv4.conf.all.route_localnet = 1
Oct 13 17:56:00 dns1.pi.hole systemd[1]: transparent-proxy.service: Succeeded.

This is the expected behavior as the service only needs to run the script once on boot. There should be no ongoing, active service in the background.

After you make sure the executable has the 'exec' flag set, reboot your system and see if the service gives you the same error.

clayauld avatar Oct 14 '21 02:10 clayauld

Cool, I c, now what would be awesome is the script pulling 2 nginx.conf, 1 for people who is already running another service on port 80 ( the warning u put is good, but people need to manuallly remove the http block from nginx.conf ) with http block removed from the nginx.conf, and other for people not running any service on port 80 ( the one u already have ).

I'll see about adding this as an option. It may take a bit for me to get it done and uploaded.

clayauld avatar Oct 14 '21 02:10 clayauld