| 1 Aug 2025 |
 adamcstephens | 
Download ima_a39bd14.jpeg | 01:38:52 |
 hexa (clat on linux when) | now where does that link go 😄 | 01:39:42 |
| adamcstephens | They were going to drop the realtek target completely for 24.10 until it was updated past 5.15 | 01:40:01 |
| hexa (clat on linux when) | yeah | 01:40:06 |
| hexa (clat on linux when) | or at least make it source-only | 01:40:14 |
| adamcstephens | looks like it's actually on 6.12 now in main https://github.com/openwrt/openwrt/pull/19139 | 01:41:35 |
| hexa (clat on linux when) | ok, that's decent | 01:42:45 |
| 2 Aug 2025 |
|  Katalin 🔪 changed their profile picture. | 00:28:14 |
| 3 Aug 2025 |
|  prescientmoon changed their display name from Adriel to prescientmoon. | 14:31:40 |
|  x10an14 joined the room. | 19:38:36 |
| x10an14 | Anyone familiar with this NGINX error?
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Scheduled restart job, restart counter is at 4.
aug. 03 20:49:52 nas-2024 systemd[1]: Starting Nginx Web Server...
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: [emerg] cannot load certificate "/persist/var/lib/tailscale/certs/cert.pem": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/persist/var/lib/tailscale/certs/cert.pem, r) error:10080002:BIO routines::system lib)
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: configuration file /nix/store/s4f1q4wpfzq07rlp1pkbcavzrgn31lyi-nginx.conf test failed
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Failed with result 'exit-code'.
aug. 03 20:49:52 nas-2024 systemd[1]: Failed to start Nginx Web Server.
I'm trying to start services.immich w/SSL corts through my services.tailscale, as illustrated in this paste: https://paste.sr.ht/~x10an14/6dc6db515a8695a3a7722b86ff26f2a6aa171af8
I've tried:
- Copying certs manually into path
- Chowning them from
root to nginx ownership
- Testet the nginx config file in online browser validators (it passes)
- Searchin after the error online (can't really find anything w/mention of tailscale, only SELinux/AppArmor really, neither in use on this machine)
| 19:48:48 |
| x10an14 | *SSL certs | 19:53:13 |
| x10an14 | ** tested | 19:53:29 |
 magic_rb | Can you send the output of:
systemctl show nginx | grep -E 'User|Group' (hopefully i got this right, if not, you know what i meant)ls -lah /persist/var/lib/tailscale/certs
| 22:03:45 |
| x10an14 | In reply to @magic_rb:matrix.redalder.org
Can you send the output of:
systemctl show nginx | grep -E 'User|Group' (hopefully i got this right, if not, you know what i meant)ls -lah /persist/var/lib/tailscale/certs
Sure, both of these are in the paste link though | 22:09:31 |
| x10an14 | Here you go:
[2025-08-04 00:10:54] 0 x10an14@nas-2024:~/Documents/sr.ht/nix-configs
-> $ systemctl show nginx | grep -Ei '(user|group)=' && sudo ls -lah /persist/var/lib/tailscale/certs
User=nginx
Group=nginx
DynamicUser=no
SameProcessGroup=no
total 40K
drwxr-xr-x 2 root root 7 aug. 3 20:29 .
drwx------ 4 root root 9 aug. 3 20:29 ..
-rw------- 1 root root 227 aug. 3 20:29 acme-account.key.pem
-rw-r--r-- 1 nginx nginx 2,9K aug. 3 20:29 cert.pem
-rw------- 1 nginx nginx 227 aug. 3 20:29 key.pem
| 22:11:27 |
| magic_rb | In reply to @x10an14:matrix.org
Sure, both of these are in the paste link though oh are they? sorry 😅 | 22:14:40 |
| magic_rb | okay then, try to debug it by becoming nginx :P do nix shell nixpkgs#runit and then chpst -u nginx:nginx bash then try to access it yourself | 22:15:50 |
| magic_rb | if youre able to repro it from a shell its easier to debug | 22:15:59 |
| x10an14 | In reply to @magic_rb:matrix.redalder.org
if youre able to repro it from a shell its easier to debug Gimmie 10min =) | 22:16:33 |
| magic_rb | im going to sleep in 2 minutes :( | 22:16:49 |
| hexa (clat on linux when) | doubt | 22:17:06 |
| magic_rb | i can help tomorrow in the eve if no-one else steps up, also over vc so that youre not typing | 22:17:11 |
| magic_rb | In reply to @hexa:lossy.network
doubt oi, quiet over there | 22:17:20 |
| magic_rb | (did i spell it right?) | 22:17:34 |
| magic_rb | (yes i did) | 22:17:44 |
| hexa (clat on linux when) | not sure what language you were aiming for | 22:17:49 |
| x10an14 | In reply to @magic_rb:matrix.redalder.org
i can help tomorrow in the eve if no-one else steps up, also over vc so that youre not typing Aight, thanks for tip, I'll try and take a gander at it =) I'll report any progress! | 22:18:36 |
| magic_rb | :) | 22:18:56 |
| x10an14 | In reply to @magic_rb:matrix.redalder.org
okay then, try to debug it by becoming nginx :P do nix shell nixpkgs#runit and then chpst -u nginx:nginx bash then try to access it yourself Managed to switch user like this, as well as triggering the same error through running the service's ExecStartPre nix store script (basically just nginx -c <conf file> -t) | 22:57:38 |
