!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

867 Members
Declaratively manage your switching, routing, wireless, tunneling and more. | Don't rely on `networking.*` use systemd-networkd and NetworkManager instead. | Set `SYSTEMD_LOG_LEVEL=debug` to debug networking issues with networkd | No bad nft puns, please. | Room recommendations: #sysops:nixos.org248 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
2 Aug 2025
@saiko:knifepoint.net@saiko:knifepoint.net changed their profile picture.00:28:14
3 Aug 2025
@adrielus:matrix.orgprescientmoon changed their display name from Adriel to prescientmoon.14:31:40
@x10an14:matrix.orgx10an14 joined the room.19:38:36
@x10an14:matrix.orgx10an14

Anyone familiar with this NGINX error?

aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Scheduled restart job, restart counter is at 4.
aug. 03 20:49:52 nas-2024 systemd[1]: Starting Nginx Web Server...
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: [emerg] cannot load certificate "/persist/var/lib/tailscale/certs/cert.pem": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/persist/var/lib/tailscale/certs/cert.pem, r) error:10080002:BIO routines::system lib)
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: configuration file /nix/store/s4f1q4wpfzq07rlp1pkbcavzrgn31lyi-nginx.conf test failed
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Failed with result 'exit-code'.
aug. 03 20:49:52 nas-2024 systemd[1]: Failed to start Nginx Web Server.

I'm trying to start services.immich w/SSL corts through my services.tailscale, as illustrated in this paste: https://paste.sr.ht/~x10an14/6dc6db515a8695a3a7722b86ff26f2a6aa171af8

I've tried:

  1. Copying certs manually into path
  2. Chowning them from root to nginx ownership
  3. Testet the nginx config file in online browser validators (it passes)
  4. Searchin after the error online (can't really find anything w/mention of tailscale, only SELinux/AppArmor really, neither in use on this machine)
19:48:48
@x10an14:matrix.orgx10an14*SSL certs19:53:13
@x10an14:matrix.orgx10an14** tested19:53:29
@magic_rb:matrix.redalder.orgmagic_rb

Can you send the output of:

  1. systemctl show nginx | grep -E 'User|Group' (hopefully i got this right, if not, you know what i meant)
  2. ls -lah /persist/var/lib/tailscale/certs
22:03:45
@x10an14:matrix.orgx10an14
In reply to @magic_rb:matrix.redalder.org

Can you send the output of:

  1. systemctl show nginx | grep -E 'User|Group' (hopefully i got this right, if not, you know what i meant)
  2. ls -lah /persist/var/lib/tailscale/certs
Sure, both of these are in the paste link though 		22:09:31
@x10an14:matrix.orgx10an14

Here you go:

[2025-08-04 00:10:54] 0 x10an14@nas-2024:~/Documents/sr.ht/nix-configs
-> $ systemctl show nginx | grep -Ei '(user|group)=' && sudo ls -lah /persist/var/lib/tailscale/certs
User=nginx
Group=nginx
DynamicUser=no
SameProcessGroup=no
total 40K
drwxr-xr-x 2 root  root     7 aug.   3 20:29 .
drwx------ 4 root  root     9 aug.   3 20:29 ..
-rw------- 1 root  root   227 aug.   3 20:29 acme-account.key.pem
-rw-r--r-- 1 nginx nginx 2,9K aug.   3 20:29 cert.pem
-rw------- 1 nginx nginx  227 aug.   3 20:29 key.pem
22:11:27

Show newer messages

Back to Room ListRoom Version: 6