Kaltura-nginx fails on installation

Hi,

My first issue is still relevant and I posted it in a old thread: DWH analytics problem(ERROR 1499 (HY000))

After posting that I continued the installation of Kaltura. Next upp was Nginx and it seemed to work, I got to enter the configuration in the menu but after that it failed with the error below:

root@OFvideo:~# apt install kaltura-nginx
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
gyp libjs-inherits libjs-node-uuid libssl-dev libssl-doc libuv1 libuv1-dev linux-headers-4.4.0-104 linux-headers-4.4.0-104-generic
linux-image-4.4.0-104-generic linux-image-extra-4.4.0-104-generic node-abbrev node-ansi node-ansi-color-table node-archy node-async node-block-stream
node-combined-stream node-cookie-jar node-delayed-stream node-forever-agent node-form-data node-fstream node-fstream-ignore node-github-url-from-git
node-glob node-graceful-fs node-gyp node-inherits node-ini node-json-stringify-safe node-lockfile node-lru-cache node-mime node-minimatch node-mkdirp
node-mute-stream node-node-uuid node-nopt node-normalize-package-data node-npmlog node-once node-osenv node-qs node-read node-read-package-json
node-request node-retry node-rimraf node-semver node-sha node-sigmund node-slide node-tar node-tunnel-agent node-underscore node-which zlib1g-dev
Use ‘apt autoremove’ to remove them.
The following NEW packages will be installed:
kaltura-nginx
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 830 kB of archives.
After this operation, 2,296 kB of additional disk space will be used.
Get:1 http://installrepo.kaltura.org/repo/apt/xenial propus/main amd64 kaltura-nginx amd64 1.17.10-1 [830 kB]
Fetched 830 kB in 0s (895 kB/s)
Preconfiguring packages …
Selecting previously unselected package kaltura-nginx.
(Reading database … 214139 files and directories currently installed.)
Preparing to unpack …/kaltura-nginx_1.17.10-1_amd64.deb …
Unpacking kaltura-nginx (1.17.10-1) …
Processing triggers for ureadahead (0.100.0-19.1) …
Processing triggers for systemd (229-4ubuntu21.29) …
Setting up kaltura-nginx (1.17.10-1) …
Job for kaltura-nginx.service failed because the control process exited with error code. See “systemctl status kaltura-nginx.service” and “journalctl -xe” for details.
invoke-rc.d: initscript kaltura-nginx, action “restart” failed.
● kaltura-nginx.service - LSB: starts the nginx web server
Loaded: loaded (/etc/init.d/kaltura-nginx; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-10-28 13:14:58 CET; 12ms ago
Docs: man:systemd-sysv-generator(8)
Process: 13398 ExecStart=/etc/init.d/kaltura-nginx start (code=exited, status=1/FAILURE)

Oct 28 13:14:58 OFvideo systemd[1]: Starting LSB: starts the nginx web server…
Oct 28 13:14:58 OFvideo kaltura-nginx[13398]: Starting nginx: nginx: [emerg] cannot load certificate key "/etc/letsencrypt/live/video.omsorgsforlaget.s…
Oct 28 13:14:58 OFvideo kaltura-nginx[13398]: nginx: configuration file /opt/kaltura/nginx/conf/nginx.conf test failed
Oct 28 13:14:58 OFvideo systemd[1]: kaltura-nginx.service: Control process exited, code=exited status=1
Oct 28 13:14:58 OFvideo systemd[1]: Failed to start LSB: starts the nginx web server.
Oct 28 13:14:58 OFvideo systemd[1]: kaltura-nginx.service: Unit entered failed state.
Oct 28 13:14:58 OFvideo systemd[1]: kaltura-nginx.service: Failed with result ‘exit-code’.
Hint: Some lines were ellipsized, use -l to show in full.
dpkg: error processing package kaltura-nginx (–configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for ureadahead (0.100.0-19.1) …
Processing triggers for systemd (229-4ubuntu21.29) …
Processing triggers for libc-bin (2.23-0ubuntu11.2) …
Errors were encountered while processing:
kaltura-nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)

I think I might have entered incorrect ports, is it possible that this is whats causing the issue? I wanted to use SSL but I used the default ports suggested in the menu, but later realized that those suggestions was for non-ssl. How can i restart and reconfigure this?

If i rerun apt install kaltura-nginx the menu no longer pops up, instead it goes straight to the error messages.

Please advide,
Ed

Hello @Edward,

This is the issue:

After you fix that, if Nginx still does not start, check the logs under /opt/kaltura/log/nginx/

Thanks @jess ,

I found the config (ssl.conf) with the issue below. Notice how the key has double the location. I’m guessing i double pasted that in the installation by misstake.

Now, when I change the value in the conf-file and run apt install kaltura-nginx, it enters the same faulty value back into the config. How can I remedy this?

# HTTPS server

server {
listen 8443 ssl;
server_name video.omsorgsforlaget.se;

ssl_certificate      /etc/letsencrypt/live/video.omsorgsforlaget.se/fullchain.pem;
ssl_certificate_key  **/etc/letsencrypt/live/video.omsorgsforlaget.se/privkey.pem/etc/letsencrypt/live/video.omsorgsforlaget.se/privkey.pem;**

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

include /opt/kaltura/nginx/conf/server.conf;

}

@jess thank you. The issue changed somewhat now.

I’m getting the error:
2020/10/29 12:35:51 [emerg] 19395#0: no “ssl_certificate” is defined for the “listen … ssl” directive in /opt/kaltura/nginx/conf/nginx.conf:23

But my config looks correct to me. Can you se a issue below? I want to use SSL.

HTTPS server

server {
listen 8443 ssl;
server_name video.omsorgsforlaget.se;

ssl_certificate      /etc/letsencrypt/live/video.omsorgsforlaget.se/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/video.omsorgsforlaget.se/privkey.pem;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

include /opt/kaltura/nginx/conf/server.conf;

}

It works when i change the port from 8443 to anything else, but the port port is correct is it not?

/Ed

I did a complete reinstall (again) and I’m getting the same issue with Nginx. If I use 8443 Kaltura-nginx wont start. Most other numbers works fine.

If i check /opt/kaltura/log/nginx/kaltura_nginx_errors.log:

2020/10/29 19:56:41 [emerg] 7981#0: listen() to 0.0.0.0:443, backlog 511 failed (98: Address already in use)
2020/10/29 19:56:41 [emerg] 7981#0: listen() to 0.0.0.0:443, backlog 511 failed (98: Address already in use)
2020/10/29 19:56:41 [emerg] 7981#0: listen() to 0.0.0.0:443, backlog 511 failed (98: Address already in use)
2020/10/29 19:56:41 [emerg] 7981#0: listen() to 0.0.0.0:443, backlog 511 failed (98: Address already in use)
2020/10/29 19:56:41 [emerg] 7981#0: listen() to 0.0.0.0:443, backlog 511 failed (98: Address already in use)
2020/10/29 19:56:41 [emerg] 7981#0: still could not bind()

This is because I experimented with port 443 as SSL port in ssl.conf. It does not mention here that 8443 is in use. So the issue seems not to be that it is busy.

/Ed

Oct 30 17:09:05 OFvideo systemd[1]: Stopped LSB: starts the nginx web server.
Oct 30 17:09:05 OFvideo systemd[1]: Starting LSB: starts the nginx web server…
Oct 30 17:09:05 OFvideo kaltura-nginx[20878]: Starting nginx: nginx: [emerg] no “ssl_certificate” is defined for the “listen … ssl” directive in /opt/kaltura/nginx/conf/nginx.conf:24
Oct 30 17:09:05 OFvideo kaltura-nginx[20878]: nginx: configuration file /opt/kaltura/nginx/conf/nginx.conf test failed
Oct 30 17:09:05 OFvideo systemd[1]: kaltura-nginx.service: Control process exited, code=exited status=1
Oct 30 17:09:05 OFvideo systemd[1]: Failed to start LSB: starts the nginx web server.
Oct 30 17:09:05 OFvideo systemd[1]: kaltura-nginx.service: Unit entered failed state.
Oct 30 17:09:05 OFvideo systemd[1]: kaltura-nginx.service: Failed with result ‘exit-code’.

Hello @Edward,

You cannot use 443 with Nginx if you’re using it for Apache (main web server, serving the API requests, Admin Console and KMC).
Here’s a valid Nginx SSL config for reference:

server {
    listen     8443   ssl;
    server_name ce-ubuntu.kaltura.org;

    ssl_certificate      /etc/ssl/certs/kaltura.org.crt;
    ssl_certificate_key  /etc/ssl/private/kaltura.org.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    include /opt/kaltura/nginx/conf/server.conf;
}

What are the file contents on your machine?
Also, what’s the output for:

# netstat -plnt

?

If everything looks alright, please check the Nginx error log again and let’s see what we can find.

Cheers,

I’m still getting this error:

kaltura-nginx.service - LSB: starts the nginx web server
Loaded: loaded (/etc/init.d/kaltura-nginx; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2020-11-20 19:15:26 CET; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 30279 ExecStart=/etc/init.d/kaltura-nginx start (code=exited, status=1/FAILURE)

Nov 20 19:15:26 OFvideo systemd[1]: Starting LSB: starts the nginx web server…
Nov 20 19:15:26 OFvideo kaltura-nginx[30279]: Starting nginx: nginx: [emerg] no “ssl_certificate” is defined for the “listen … ssl” directive in /opt/kaltura/nginx/conf/nginx.conf:23
Nov 20 19:15:26 OFvideo kaltura-nginx[30279]: nginx: configuration file /opt/kaltura/nginx/conf/nginx.conf test failed
Nov 20 19:15:26 OFvideo systemd[1]: kaltura-nginx.service: Control process exited, code=exited status=1
Nov 20 19:15:26 OFvideo systemd[1]: Failed to start LSB: starts the nginx web server.
Nov 20 19:15:26 OFvideo systemd[1]: kaltura-nginx.service: Unit entered failed state.
Nov 20 19:15:26 OFvideo systemd[1]: kaltura-nginx.service: Failed with result ‘exit-code’.

This is my ssl config:

HTTPS server

server {
listen 8443 ssl;
server_name video.omsorgsforlaget.se;

ssl_certificate      /etc/cert/fullchain.pem;
ssl_certificate_key  /etc/cert/privkey.pem;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

include /opt/kaltura/nginx/conf/server.conf;

}

netstat -plnt:

root@OFvideo:/opt/kaltura# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9312 0.0.0.0:* LISTEN 28177/searchd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 29411/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 23855/memcached
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 11969/sshd
tcp6 0 0 :::443 :::* LISTEN 1376/apache2
tcp6 0 0 :::80 :::* LISTEN 1376/apache2
tcp6 0 0 :::8880 :::* LISTEN 23755/node
tcp6 0 0 :::22 :::* LISTEN 11969/sshd
tcp6 0 0 :::8889 :::* LISTEN 23755/node

Does this file exist and does it contain a valid cert and CA?

Yes, I even generated a new (letsencrypt) cert and I get the same error.

I got it working now, but i’m not quite sure what the issue was. What I did was delete the nginx folder in /opt/kaltura/ and ran “apt-get purge kaltura-nginx” and then reinstalled it using another port. A possible issue could have been that I input the wrong port values when installing Nginx. It asks twice for the “VHOST PORT” and I used 8443 both times, but likely you should input 88 the first time and 8443 later when it’s asking specifically about SLL config.

Hi @Edward,

Indeed, that must have been at least one of your issues. It would have resulted in Nginx trying to start a listener on 8443 when it already has one.

Cheers,

Hi Edward

We are experiencing the same issue repeatedly, despite reinstalling everything from zero. So we want to ask you: Are you installing nginx on a subdomain or on the same domain as kaltura itself?

Any help will be appreciated

Oscar

Hi Oscar,

I was installing Nginx on the same subdomain as the rest of my Kaltura installation. I’m installing a all-in-one server.

When kaltura-Nginx asks for the Kaltura service url, make sure not to write “https://” but remember to write the port “:443” after the url. Also as I wrote above, make sure to input 88 the first time nginx asks for a Vhost port, and 8443 the second time.