nginx: [emerg] unknown directive "http2"

Twansparant · October 23, 2024, 3:08pm

Hi there,

I’m in the process in updating an older trellis project and I’m almost there, but somehow I can’t get past this unknown directive “http2” nginx error:

RUNNING HANDLER [common : reload nginx] ****************************************
fatal: [xxx.xx.xxx.xx]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.016680", "end": "2024-10-23 17:01:06.837937", "msg": "non-zero return code", "rc": 1, "start": "2024-10-23 17:01:06.821257", "stderr": "nginx: [emerg] unknown directive \"http2\" in /etc/nginx/sites-enabled/example.nl.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed", "stderr_lines": ["nginx: [emerg] unknown directive \"http2\" in /etc/nginx/sites-enabled/example.nl.conf:7", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

I updated trellis with the latest roles and I can see the nginx http2 & http3 directive are added in the wordpress-site.conf.j2 template here:

github.com

roots/trellis/blob/a5040add97ac2befc1325eb13c80ee8c96d15dc5/roles/wordpress-setup/templates/wordpress-site.conf.j2#L9


      
          # {{ ansible_managed }}
          
          {% block server_before %}{% endblock %}
          
          server {
            {% block server_id -%}
            listen {{ ssl_enabled | ternary('[::]:443 ssl', '[::]:80') }};
            listen {{ ssl_enabled | ternary('443 ssl', '80') }};
            http2 {{ nginx_http2_enabled | default(false) | ternary('on', 'off') }};
            http3 {{ nginx_http3_enabled | default(false) | ternary('on', 'off') }};
            server_name {{ site_hosts_canonical | union(multisite_subdomains_wildcards) | join(' ') }};
            {% endblock %}
          
            {% block logs -%}
            access_log   {{ www_root }}/{{ item.key }}/logs/access.log main;
            error_log    {{ www_root }}/{{ item.key }}/logs/error.log;
            {% endblock %}
          
            {% block server_basic -%}

I also had to delete old apt-keys, like described here.

When I ssh into my production server, nginx -v outputs:

nginx version: nginx/1.19.7

I’m still on bento/ubuntu-20.04 since I don’t want to update my droplets.
What exactly determines the installed nginx version? Can’t seem to find it in the nginx role defaults?

Are the http2 & http3 directives only availble in the latest nginx version in bento/ubuntu-22.04?
As far as I understand the directives were added in nginx version 1.19.1, so it should be okay?

Thanks!

strarsis · October 23, 2024, 6:38pm

github.com/roots/trellis

`nginx`: `http2` configuration deprecation notice

opened 09:08PM - 19 Jul 24 UTC

closed 08:41PM - 23 Jul 24 UTC

strarsis

enhancement

### Summary After updating the Ubuntu LTS packages I noticed a `nginx` notice… during reload: `http2" directive is deprecated, use the "http2" directive instead` The [current `nginx` site configuration](https://github.com/roots/trellis/blob/v1.22.1/roles/wordpress-setup/templates/wordpress-site.conf.j2#L7-L8) use the old, deprecated directive for enabling `http2`: ```` server { listen [::]:443 ssl http2; listen 443 ssl http2; ```` Instead of using [`http2` in the `listen` directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen:~:text=and%20HTTPS%20requests.-,The%20http2%20parameter,-(1.9.5)%20configures%20the), the [`http2` directive](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2) (`http2 on`) should be used instead: ```` server { listen [::]:443 ssl; listen 443 ssl; http2 on; ```` ### Additional context [Blog post about the deprecation](https://www.f5.com/company/blog/nginx/nginx-plus-r30-released#:~:text=Deprecation%20of%20listen%20%E2%80%A6%20http2%20directive)

Trellis uses a dedicated PPA for nginx.

Twansparant · October 24, 2024, 7:49am

Ah ok so the directives were added in nginx 1.25.1, that makes sense.
But how can I upgrade my nginx version then?

Locally I didn’t get the nginx error so I checked the version and it’s:

nginx version: nginx/1.27.2

So how can I (manually) upgrade my nginx version on existing droplets?

strarsis · October 24, 2024, 12:20pm

The nginx repository is used, and it should contain a recent enough version (1.26.2-1~focal) of the nginx package:
http://nginx.org/packages/ubuntu/dists/focal/nginx/binary-amd64/Packages

Package: nginx
Version: 1.26.2-1~focal
Architecture: amd64
Maintainer: NGINX Packaging <nginx-packaging@f5.com>
Installed-Size: 3482
Depends: libc6 (>= 2.28), libcrypt1 (>= 1:4.1.0), libpcre2-8-0 (>= 10.22), libssl1.1 (>= 1.1.1), zlib1g (>= 1:1.1.4), lsb-base (>= 3.0-6)
Recommends: logrotate
Conflicts: nginx-common, nginx-core
Replaces: nginx-common, nginx-core
Provides: httpd, nginx, nginx-r1.26.2
Filename: pool/nginx/n/nginx/nginx_1.26.2-1~focal_amd64.deb
Size: 1011888
MD5sum: da9e88c3cf273ee66028a471ce83912b
SHA1: 427e66e089c1081e683343f854af2ffdbb10bbff
SHA256: b0e350427d7fdee162ef5130cc1073529ab8a18e5d4647d79844d7624546abe7
Section: httpd
Priority: optional
Homepage: https://nginx.org
Description: high performance web server
 nginx [engine x] is an HTTP and reverse proxy server, as well as
 a mail proxy server.

An apt update && apt upgrade should find that most recent version.

What does dpkg -s nginx tell on the Trellis system, from where is the nginx package installed?

Twansparant · October 24, 2024, 6:19pm

Yeah I just had to manually upgrade it on the remote server:

Version now outputs:

nginx version: nginx/1.27.2

And directives are ok now!

strarsis · October 24, 2024, 6:39pm

Currently the nginx package is not locked to a specific version:
https://github.com/roots/trellis/blob/a5040add97ac2befc1325eb13c80ee8c96d15dc5/roles/nginx/tasks/main.yml#L12-L16