Fresh install on 22.04: issue with nginx repos

Just thought I’d mention this. I did a fresh install of Hestia yesterday on an Ubuntu 22.04 server. For some reason, the part of the install script that sets up the nginx repo failed and I got a zero length file in
What this meant is that the install proceeded, but used the version of nginx from Ubuntu repos. I only noticed this when I did an apt update a bit later and it gave an error about the nginx repo.

I fixed it by following the instructions on the nginx website to retrieve the key and set up the repo which gave me a slightly different setup: key in /usr/share/keyrings/nginx-archive-keyring.gpg and the following line in my /etc/apt/sources.list.d/nginx.list
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] jammy nginx

When I ran apt update it wouldn’t update to the latest version of nginx, without removing these: libnginx-mod-http-geoip2 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2 nginx-common nginx-core
So I let it do that and go ahead and install the new version of nginx.

All seems to be working fine. I’m just wondering if there are any consequences of running without these extra packages, or whether the version of nginx from the other repo already has those included.

nginx -V gives me.

nginx version: nginx/1.22.0
built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/ --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt=‘-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.22.0/debian/debuild-base/nginx-1.22.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC’ --with-ld-opt=‘-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,–as-needed -pie’

I guess if you want to check if you’re affected, see if /usr/share/keyrings/nginx-keyring.gpg is zero-length

It looks like you are using the stable version instead of “mainline”

Well spotted. I’ve updated to mainline now, so version 1.23 installed. No other packages were installed, just nginx package updated.
I tried the line from the installer, which grabs the gpg key, and that works now, so I don’t know what was going on when I ran the installer. Maybe the repo was offline for a few minutes.

curl -s | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg >/dev/null 2>&1