UCI not generating relevant config file on commit

vockley · February 1, 2023, 2:07am

I'm new to OpenWrt, and am loving it so far, but I've run into an issue that I cant seem to figure out.

I'm in the process of configuring nginx to act as a reverse proxy for some internal services. I've been editing /etc/config/nginx to set up the various directives that I need.

Everything was working fine for a while, but now I've run into an issue where running "uci commit" has stopped updating the nginx config file at /etc/nginx/uci.conf. I'm not sure if I'm just missing something, or if there's actually something wrong here.

It doesn't look like the uci command has any real debug functionality or produces a log file I can look at, so I'm at a loss as to how I can troubleshoot this. I've included my /etc/config/nginx file below.

config main 'global'
        option uci_enable 'true'

config server 'luci'
        option listen '443 ssl'
        option server_name 'router.vockley.com'
        list include 'restrict_locally'
        list include 'conf.d/luci.locations'
        option ssl_certificate '/etc/nginx/vockley.com.cer'
        option ssl_certificate_key '/etc/nginx/vockley.com.key'
        option ssl_session_cache 'shared:SSL:32k'
        option ssl_session_timeout '64m'
        option access_log 'off'
        option error_log 'off'
        option root '/www'

config server 'adguard'
        option listen '443 ssl'
        option server_name 'adguard.vockley.com'
        list include 'restrict_locally'
        list include 'conf.d/adguard.locations'
        option ssl_certificate '/etc/nginx/vockley.com.cer'
        option ssl_certificate_key '/etc/nginx/vockley.com.key'
        option ssl_session_cache 'shared:SSL:32k'
        option ssl_session_timeout '64m'
        option access_log 'off'
        option error_log 'off'

config server 'default_ssl'
        option listen '443 ssl default_server'
        option server_name 'default_ssl'
        option return '444'
        option include 'restrict_localy'
        option ssl_certificate '/etc/nginx/vockley.com.cer'
        option ssl_certificate_key '/etc/nginx/vockley.com.key'
        option ssl_session_cache 'shared:SSL:32k'
        option ssl_session_timeout '64m'
        option access_log 'off'
        option error_log 'off'

config server '_redirect2ssl'
        option listen '80 default_server'
        option server_name '_redirect2ssl'
        option return '302 https://$host$request_uri'

stangri · February 1, 2023, 3:24am

Not familiar/haven't checked the code of the OpenWrt nginx init script, but usually it's the init script which translates the config file from /etc/config into the daemon's native parameters.

AFAIK, usually if you're running uci commit from CLI (as in it's not invoked by luci), you should reload/restart the init script (/etc/init.d/nginx reload) manually from CLI as well.

bluewavenet · February 2, 2023, 8:43am

Uci commands to update configs (eg uci set ....) are kept in /tmp (a tmpfs "ram drive").
uci commit [servicename] writes the volatile changes to the non-volatile storage at /etc/config/.

In your example, /etc/nginx/uci.conf will never be touched by uci.
Usually, to prevent flash wear, the init.d script produces a native package .conf somewhere on /tmp ( possibly /tmp/etc/nginix/uci.conf?), so restarting the service will be required to update the native config.

vockley · February 2, 2023, 11:44pm

Well, I guess I'm a bit confused then. I swear that /etc/nginx/uci.conf was being updated at one point. I was making changes in /etc/config/nginx and checking the newly generated config files in /ete/nginx/.

Either way, it's not using the updated configuration after running service nginx restart. I make changes to /etc/config/nginx and they are not reflected in the running nginx processes.

I've since switched over to a static /etc/nginx/nginx.conf, so this isn't an issue anymore.

anomeome · February 2, 2023, 11:57pm

is normally just a link to /var/lib/nginx/uci.conf which I assume is regenerated on a restart | reload of nginx to reflecting contents of the /etc/config/nginx config.

vockley · February 3, 2023, 3:47am

Ah ha! I hadn't noticed that /etc/nginx/uci.conf was a link. At one point during my testing I deleted and re-created it and just left a text file there. That explains why it wasn't updating.