Revvy via nginx
September 17, 2023 09:40AM
I use nginx for my DNS over HTTPS and DNS over TLS. Here is my nginx.conf:

user www-data;

worker_processes auto;
pid /run/nginx.pid;
load_module /etc/nginx/modules/ngx_http_js_module.so;
load_module /etc/nginx/modules/ngx_stream_js_module.so;

events {
    worker_connections 768;
}


# DNS Stream Services
stream {
  # Import the NJS module
  js_import /etc/nginx/njs.d/dns/dns.js;

  # The $dns_qname variable can be populated by preread calls, and can
be used for DNS routing
  js_set $dns_qname dns.get_qname;

  # DNS upstream pool.
  upstream dns {
    zone dns 64k;
    server 127.0.0.1:53;
  }

  # DNS(TCP) and DNS over TLS (DoT) Server
  # Terminate DoT and DNS TCP, and proxy onto standard DNS
  server {
    listen 853 ssl;
    ssl_certificate_key /etc/letsencrypt/live/revvy.de/privkey.pem;
    ssl_certificate /etc/letsencrypt/live/revvy.de/fullchain.pem;
    js_preread dns.preread_dns_request;
    proxy_pass dns;
  }

  # DNS over HTTPS (gateway) Service
  # Upstream can be either DNS(TCP) or DoT. If upstream is DNS,
proxy_ssl should be off.
  server {
    listen 127.0.0.1:8053;
    js_filter dns.filter_doh_request;
    proxy_pass dns;
  }
}

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    variables_hash_max_size 2048;
    server_names_hash_bucket_size 256;
    include /etc/nginx/snippets/mime.types;
    default_type application/octet-stream;

    log_format main '[$time_local] $host $status $bytes_sent $uri';

    fastcgi_read_timeout 300;
    proxy_read_timeout 1d;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    #access_log /etc/nginx/logs/access.log main;
    #access_log /etc/nginx/logs/access.log;
    access_log /dev/null;
    error_log /dev/null;
    #error_log /etc/nginx/logs/error.log;
    server_tokens off;
    resolver 1.1.1.1;
    include /etc/nginx/conf.d/*;

}

When I restart the systemd service, I am greeted with:
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Starting nginx.service -
nginx - high performance web server...
Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] dlopen()
"/etc/nginx/modules/ngx_http_js_module.so" failed
(/etc/nginx/modules/ngx_http_js_module.so: undefined symbol:
EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Control
process exited, code=exited, status=1/FAILURE
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Failed with
result 'exit-code'.
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Failed to start nginx.service
- nginx - high performance web server.


I am running on Debian 12 bookworm.
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Help

Revvy via nginx September 17, 2023 09:40AM

Re: Help

Dmitry Volyntsev September 17, 2023 12:30PM

Re: Help

Dmitry Volyntsev September 17, 2023 04:18PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 316
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready