Help

Revvy nothingtohide at revvy.de
Sun Sep 17 13:39:19 UTC 2023 

I use nginx for my DNS over HTTPS and DNS over TLS. Here is my nginx.conf:

user www-data;

worker_processes auto;
pid /run/nginx.pid;
load_module /etc/nginx/modules/ngx_http_js_module.so;
load_module /etc/nginx/modules/ngx_stream_js_module.so;

events {
     worker_connections 768;
}


# DNS Stream Services
stream {
   # Import the NJS module
   js_import /etc/nginx/njs.d/dns/dns.js;

   # The $dns_qname variable can be populated by preread calls, and can 
be used for DNS routing
   js_set $dns_qname dns.get_qname;

   # DNS upstream pool.
   upstream dns {
     zone dns 64k;
     server 127.0.0.1:53;
   }

   # DNS(TCP) and DNS over TLS (DoT) Server
   # Terminate DoT and DNS TCP, and proxy onto standard DNS
   server {
     listen 853 ssl;
     ssl_certificate_key /etc/letsencrypt/live/revvy.de/privkey.pem;
     ssl_certificate /etc/letsencrypt/live/revvy.de/fullchain.pem;
     js_preread dns.preread_dns_request;
     proxy_pass dns;
   }

   # DNS over HTTPS (gateway) Service
   # Upstream can be either DNS(TCP) or DoT. If upstream is DNS, 
proxy_ssl should be off.
   server {
     listen 127.0.0.1:8053;
     js_filter dns.filter_doh_request;
     proxy_pass dns;
   }
}

http {
     sendfile on;
     tcp_nopush on;
     types_hash_max_size 2048;
     variables_hash_max_size 2048;
     server_names_hash_bucket_size 256;
     include /etc/nginx/snippets/mime.types;
     default_type application/octet-stream;

     log_format main '[$time_local] $host $status $bytes_sent $uri';

     fastcgi_read_timeout 300;
     proxy_read_timeout 1d;

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;

     #access_log /etc/nginx/logs/access.log main;
     #access_log /etc/nginx/logs/access.log;
     access_log /dev/null;
     error_log /dev/null;
     #error_log /etc/nginx/logs/error.log;
     server_tokens off;
     resolver 1.1.1.1;
     include /etc/nginx/conf.d/*;

}

When I restart the systemd service, I am greeted with:
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Starting nginx.service - 
nginx - high performance web server...
Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] dlopen() 
"/etc/nginx/modules/ngx_http_js_module.so" failed 
(/etc/nginx/modules/ngx_http_js_module.so: undefined symbol: 
EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Control 
process exited, code=exited, status=1/FAILURE
Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Failed with 
result 'exit-code'.
Sep 17 13:36:52 toronto-srv-03 systemd[1]: Failed to start nginx.service 
- nginx - high performance web server.


I am running on Debian 12 bookworm.

More information about the nginx mailing list