getting this message in the notifications:
IMPORTANT: Manual Action Required
To enable the ‘Enhanced and Optimized TLS’ feature, we must update the NGINX configuration file at /etc/nginx/nginx.conf.
But for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.
Please follow the default configuration file to sync it:
/usr/local/hestia/install/deb/nginx/nginx.conf
Backed up configuration file:
/root/hst_backups/120720230543/conf/nginx/nginx.conf
The message means that the installer tried to replace the nginx conf file (/etc/nginx/nginx.conf) but before replace it, the installer checks the Hestia version you are using and downloads the default nginx.conf file used for that version and compares it with the current one, if they are not the same, it means you modified the nginx conf file so the installer doesn’t replace the nginx.conf file.
If you modified the nginx.conf file, take the new default nginx conf file /usr/local/hestia/install/deb/nginx/nginx.conf as a base to made the required changes to fit your needs and replace manually the current conf file /etc/nginx/nginx.conf with the new conf.
Note: There is a backup of the original file /etc/nginx/nginx.conf here /root/hst_backups/120720230543/conf/nginx/nginx.conf but be sure that the backup is still there or make a new backup of the file just in case.
Note 2:You can compare the new and original file with this command:
diff -u /usr/local/hestia/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
Note 3: If you made changes to conf, check first whether the syntax is ok and remember to restart nginx after that.
nginx -t
If you see any error using above command, stop here and try to fix the error before restarting nginx.
systemctl restart nginx
Thanks, I haven’t changed the file though.
Could someone help with this please. I dont want to break my server.
Show the output of this command:
diff -u /usr/local/hestia/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
diff -u /usr/local/hestia/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
--- /usr/local/hestia/install/deb/nginx/nginx.conf 2023-11-27 19:40:32.000000000 +0000
+++ /etc/nginx/nginx.conf 2023-10-25 05:43:17.967678904 +0100
@@ -1,130 +1,140 @@
# Server globals
-user www-data;
-worker_processes auto;
-worker_rlimit_nofile 65535;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
-include /etc/nginx/conf.d/main/*.conf;
-include /etc/nginx/modules-enabled/*.conf;
+user www-data;
+worker_processes auto;
+worker_rlimit_nofile 65535;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
# Worker config
events {
- worker_connections 1024;
- use epoll;
- multi_accept on;
+ worker_connections 1024;
+ use epoll;
+ multi_accept on;
}
http {
- # Main settings
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- client_header_timeout 180s;
- client_body_timeout 180s;
- client_header_buffer_size 2k;
- client_body_buffer_size 256k;
- client_max_body_size 1024m;
- large_client_header_buffers 4 8k;
- send_timeout 60s;
- keepalive_timeout 30s;
- keepalive_requests 1000;
- reset_timedout_connection on;
- server_tokens off;
- server_name_in_redirect off;
- server_names_hash_max_size 512;
- server_names_hash_bucket_size 512;
- charset utf-8;
- # FastCGI settings
- fastcgi_buffers 512 4k;
- fastcgi_buffer_size 256k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_connect_timeout 30s;
- fastcgi_read_timeout 300s;
- fastcgi_send_timeout 180s;
- fastcgi_cache_lock on;
- fastcgi_cache_lock_timeout 5s;
- fastcgi_cache_background_update on;
- fastcgi_cache_revalidate on;
- # Proxy settings
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header Early-Data $rfc_early_data;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass_header Set-Cookie;
- proxy_buffers 256 4k;
- proxy_buffer_size 32k;
- proxy_busy_buffers_size 32k;
- proxy_temp_file_write_size 256k;
- proxy_connect_timeout 30s;
- proxy_read_timeout 300s;
- proxy_send_timeout 180s;
- # Log format
- log_format main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
- log_format bytes '$body_bytes_sent';
- log_not_found off;
- access_log off;
- # Mime settings
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- # Compression
- gzip on;
- gzip_vary on;
- gzip_static on;
- gzip_comp_level 6;
- gzip_min_length 1024;
- gzip_buffers 128 4k;
- gzip_http_version 1.1;
- gzip_types text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;
- gzip_proxied any;
- # Cloudflare IPs
- include /etc/nginx/conf.d/cloudflare.inc;
- # SSL PCI compliance
- ssl_buffer_size 1369;
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
- ssl_dhparam /etc/ssl/dhparam.pem;
- ssl_early_data on;
- ssl_ecdh_curve auto;
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_session_cache shared:SSL:20m;
- ssl_session_tickets on;
- ssl_session_timeout 7d;
- resolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
- resolver_timeout 5s;
- # Error pages
- error_page 403 /error/404.html;
- error_page 404 /error/404.html;
- error_page 410 /error/410.html;
- error_page 500 501 502 503 504 505 /error/50x.html;
- # Proxy cache
- proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
- proxy_cache_key "$scheme$request_method$host$request_uri";
- proxy_temp_path /var/cache/nginx/temp;
- proxy_ignore_headers Cache-Control Expires;
- proxy_cache_use_stale error timeout invalid_header updating http_502;
- proxy_cache_valid any 1d;
- # FastCGI cache
- fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m inactive=30m max_size=1024m;
- fastcgi_cache_key "$scheme$request_method$host$request_uri";
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
- add_header X-FastCGI-Cache $upstream_cache_status;
-
- # Cache bypass
- map $http_cookie $no_cache {
- default 0;
- ~SESS 1;
- ~wordpress_logged_in 1;
- }
-
- # File cache (static assets)
- open_file_cache max=10000 inactive=30s;
- open_file_cache_valid 60s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
- # Wildcard include
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/conf.d/domains/*.conf;
-}
\ No newline at end of file
+ # Main settings
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ client_header_timeout 180s;
+ client_body_timeout 180s;
+ client_header_buffer_size 2k;
+ client_body_buffer_size 256k;
+ client_max_body_size 256m;
+ large_client_header_buffers 4 8k;
+ send_timeout 60s;
+ keepalive_timeout 30s;
+ keepalive_requests 100000;
+ reset_timedout_connection on;
+ server_tokens off;
+ server_name_in_redirect off;
+ server_names_hash_max_size 512;
+ server_names_hash_bucket_size 512;
+ charset utf-8;
+
+ # FastCGI settings
+ fastcgi_buffers 8 256k;
+ fastcgi_buffer_size 256k;
+ fastcgi_busy_buffers_size 256k;
+ fastcgi_temp_file_write_size 256k;
+ fastcgi_connect_timeout 30s;
+ fastcgi_read_timeout 300s;
+ fastcgi_send_timeout 180s;
+ fastcgi_cache_lock on;
+ fastcgi_cache_lock_timeout 5s;
+ fastcgi_cache_background_update on;
+ fastcgi_cache_revalidate on;
+
+ # Proxy settings
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass_header Set-Cookie;
+ proxy_buffers 32 4k;
+ proxy_connect_timeout 30s;
+ proxy_read_timeout 300s;
+ proxy_send_timeout 180s;
+
+ # Log format
+ log_format main '$remote_addr - $remote_user [$time_local] $request '
+ '"$status" $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ log_format bytes '$body_bytes_sent';
+ log_not_found off;
+ access_log off;
+
+ # Mime settings
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Compression
+ gzip on;
+ gzip_static on;
+ gzip_vary on;
+ gzip_comp_level 6;
+ gzip_min_length 1024;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+ gzip_proxied any;
+ gzip_disable "MSIE [1-6]\.";
+
+ # Cloudflare https://www.cloudflare.com/ips
+ include /etc/nginx/conf.d/cloudflare.inc;
+
+ # SSL PCI compliance
+ ssl_session_cache shared:SSL:20m;
+ ssl_session_timeout 60m;
+ ssl_buffer_size 1400;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+ ssl_dhparam /etc/ssl/dhparam.pem;
+ ssl_ecdh_curve secp384r1;
+ ssl_session_tickets off;
+ resolver 127.0.0.53 valid=300s ipv6=off;
+ resolver_timeout 5s;
+
+ # Error pages
+ error_page 403 /error/404.html;
+ error_page 404 /error/404.html;
+ error_page 410 /error/410.html;
+ error_page 500 501 502 503 504 505 /error/50x.html;
+
+ # Proxy cache
+ proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
+ proxy_cache_key "$host$request_uri $cookie_user";
+ proxy_temp_path /var/cache/nginx/temp;
+ proxy_ignore_headers Expires Cache-Control;
+ proxy_cache_use_stale error timeout invalid_header http_502;
+ proxy_cache_valid any 1d;
+
+ # FastCGI cache
+ fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;
+ fastcgi_cache_key "$scheme$request_method$host$request_uri";
+ fastcgi_cache_methods GET HEAD;
+ fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
+ fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+ add_header X-FastCGI-Cache $upstream_cache_status;
+
+ # Cache bypass
+ map $http_cookie $no_cache {
+ default 0;
+ ~SESS 1;
+ ~wordpress_logged_in 1;
+ }
+
+ # File cache (static assets)
+ open_file_cache max=10000 inactive=30s;
+ open_file_cache_valid 60s;
+ open_file_cache_min_uses 2;
+ open_file_cache_errors off;
+
+ # Wildcard include
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/conf.d/domains/*.conf;```I see no problem to replace the conf file.
nginx -t
cp /etc/nginx/nginx.conf /root/nginx.conf.backup_2024-04-10
cp /usr/local/hestia/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
nginx -t
systemctl restart nginx
If it fails or your sites don’t work as they should:
cp /root/nginx.conf.backup_2024-04-10 /etc/nginx/nginx.conf
systemctl restart nginx
I have done this thank you. Should this get rid of the notification inside the Hestia Panel?
You’re welcome.
You should remove manually the notification.