Restoring a messed up nginx setup

Hi,

I have been running a Pi5 with multiple services (nextcloud, syncthing, homer, pihole, baikal) for lan only.
The setup has been up and running via http in my lan for longer than a year (thanks for that )
Last week I have been trying to setup https via openssl to stop nextcloud from complaining about it. Unfortunately while doing so, me beeing a noob and also me putting to much trust in GPT, I messed up my nginx setup.

Restoring dietpi-backup did not help and I did not create backupfiles of /etc/nginx myself either. I tried to restore the nextcloud.config and nginx.config files form the Gitrepo but could not make it work.

Has anyone suggestions on how to recreate the configfiles other than resetting the OS?
I fear loosing data when transfering the files to a new install.

why not using dietpi-letsencrypt?? It would have done everything without the need to use GPT or other guides

Let’s try to get an understanding on your system. Can you show following

ls -la /etc/nginx/sites-*

Certbot needed a open port in my router which I was not willing to give. Thus the attempt via openssl.

Here’s the output:

/etc/nginx/sites-available:
total 12
drwxr-xr-x 2 root root 4096 Oct  9 11:57 .
drwxr-xr-x 9 root root 4096 Oct  9 12:06 ..
-rw-r–r-- 1 root root  422 Oct  9 12:34 default

/etc/nginx/sites-dietpi:
total 44
drwxr-xr-x 2 root root 4096 Oct  9 12:32 .
drwxr-xr-x 9 root root 4096 Oct  9 12:06 ..
-rw-r–r-- 1 root root  138 Sep 24 11:20 dietpi-baikal.conf
-rw-r–r-- 1 root root  191 Sep 24 11:20 dietpi-dav_redirect.conf
-rw-r–r-- 1 root root 5278 Oct  6 10:03 dietpi-nextcloud.conf.bak
-rw-r–r-- 1 root root 5278 Oct  6 10:14 dietpi-nextcloud.conf.bak2
-rw-r–r-- 1 root root 5278 Dec 27  2024 dietpi-nextcloud.conf.dietpi-old
-rw-r–r-- 1 root root 1015 Oct  6 10:13 dietpi-nextcloud.conf.gpt

/etc/nginx/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Oct  9 12:35 .
drwxr-xr-x 9 root root 4096 Oct  9 12:06 ..
lrwxrwxrwx 1 root root   34 Dec 26  2024 default → /etc/nginx/sites-available/default

can you show LISTEN ports

ss -alnp | grep LISTEN

and service log

journalctl -u nginx.service

ss -alnp | grep LISTEN

u_str LISTEN 0      0        /run/systemd/io.systemd.Hostname 1547            users:((“systemd”,pid=1,fd=136))
u_str LISTEN 0      0        /run/systemd/journal/io.systemd.journal 3670     users:((“systemd-journal”,pid=148,fd=9))
u_str LISTEN 0      0        /run/systemd/io.systemd.sysext 4700              users:((“systemd”,pid=1,fd=130))
u_str LISTEN 0      0        /run/systemd/private 5138                        users:((“systemd”,pid=1,fd=24))
u_str LISTEN 0      0        /run/systemd/userdb/io.systemd.DynamicUser 5139  users:((“systemd”,pid=1,fd=25))
u_str LISTEN 0      0        /run/systemd/io.systemd.ManagedOOM 5140          users:((“systemd”,pid=1,fd=26))
u_str LISTEN 0      0        /run/systemd/io.systemd.Credentials 5151         users:((“systemd”,pid=1,fd=121))
u_str LISTEN 0      0        /run/systemd/journal/stdout 5154                 users:((“systemd-journal”,pid=148,fd=5),(“systemd”,pid=1,fd=132))
u_str LISTEN 0      0        /var/run/fail2ban/fail2ban.sock 5870             users:((“fail2ban-server”,pid=604,fd=3))
u_str LISTEN 0      0        /run/unbound.ctl 6246                            users:((“unbound”,pid=666,fd=7))
u_str LISTEN 0      0        /run/mysqld/mysqld.sock 44699                    users:((“mariadbd”,pid=12791,fd=26))
u_str LISTEN 0      0        /run/redis/redis-server.sock 47177               users:((“redis-server”,pid=12750,fd=11))
u_str LISTEN 0      0        /run/php/php8.4-fpm.sock 47221                   users:((“php-fpm8.4”,pid=12836,fd=10),(“php-fpm8.4”,pid=12835,fd=10),(“php-fpm8.4”,pid=12834,fd=10),(“php-fpm8.4”,pid=12833,fd=10),(“php-fpm8.4”,pid=12826,fd=8))
u_seq LISTEN 0      0        /run/udev/control 5155                           users:((“systemd-udevd”,pid=216,fd=3),(“systemd”,pid=1,fd=115))
tcp   LISTEN 0      256      127.0.0.1:533   0.0.0.0:\*                       users:((“unbound”,pid=666,fd=6))
tcp   LISTEN 0      256      127.0.0.1:5335  0.0.0.0:\*                       users:((“unbound”,pid=666,fd=4))
tcp   LISTEN 0      32         0.0.0.0:53    0.0.0.0:\*                       users:((“pihole-FTL”,pid=657,fd=21))
tcp   LISTEN 0      1000       0.0.0.0:22    0.0.0.0:\*                       users:((“dropbear”,pid=603,fd=3))
tcp   LISTEN 0      80       127.0.0.1:3306  0.0.0.0:\*                       users:((“mariadbd”,pid=12791,fd=25))
tcp   LISTEN 0      200        0.0.0.0:8089  0.0.0.0:\*                       users:((“pihole-FTL”,pid=657,fd=34))
tcp   LISTEN 0      511      127.0.0.1:6379  0.0.0.0:\*                       users:((“redis-server”,pid=12750,fd=9))
tcp   LISTEN 0      4096            \*:22000 *:*                              users:((“syncthing”,pid=12885,fd=16))
tcp   LISTEN 0      32          \[::\]:53     \[::\]:\*                       users:((“pihole-FTL”,pid=657,fd=23))
tcp   LISTEN 0      1000        \[::\]:22     \[::\]:\*                       users:((“dropbear”,pid=603,fd=4))
tcp   LISTEN 0      4096            \*:8384  *:*                              users:((“syncthing”,pid=12885,fd=18))
tcp   LISTEN 0                 \[::1\]:6379   \[::\]:\*                       users:((“redis-server”,pid=12750,fd=10))

journalctl -u nginx.service

Oct 09 10:40:47 DietPi systemd\[1\]: Starting nginx.service - A high performance webserver and a reverse proxy server…
Oct 09 10:40:48 DietPi nginx\[668\]: 2025/10/09 10:40:47 \[warn\] 668#668: duplicate extension “wasm”, content type: “application/wasm”, previous content type: “application/wasm” in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:83
Oct 09 10:40:48 DietPi nginx\[675\]: 2025/10/09 10:40:48 \[warn\] 675#675: duplicate extension “wasm”, content type: “application/wasm”, previous content type: “application/wasm” in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:83
Oct 09 10:40:48 DietPi systemd\[1\]: Started nginx.service - A high performance web server and a reverse proxy server.
Oct 09 12:29:42 DietPi systemd\[1\]: Stopping nginx.service - A high performance webserver and a reverse proxy server…
Oct 09 12:29:42 DietPi systemd\[1\]: nginx.service: Deactivated successfully.
Oct 09 12:29:42 DietPi systemd\[1\]: Stopped nginx.service - A high performance web server and a reverse proxy server.
Oct 09 12:29:53 DietPi systemd\[1\]: Starting nginx.service - A high performance webserver and a reverse proxy server…
Oct 09 12:29:53 DietPi nginx\[12854\]: 2025/10/09 12:29:53 \[warn\] 12854#12854: duplicate extension “wasm”, content type: “application/wasm”, previous content type: “application/wasm” in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:83
Oct 09 12:29:53 DietPi nginx\[12854\]: 2025/10/09 12:29:53 \[emerg\] 12854#12854: “location” directive is not allowed here in /etc/nginx/sites-enabled/dietpi-nextcloud.conf:4
Oct 09 12:29:53 DietPi nginx\[12854\]: nginx: configuration file /etc/nginx/nginx.conf test failed
Oct 09 12:29:53 DietPi systemd\[1\]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Oct 09 12:29:53 DietPi systemd\[1\]: 5:185m5:185mnginx.service: Failed with result ‘exit-code’.
Oct 09 12:29:53 DietPi systemd\[1\]: Failed to start nginx.service - A high performance web server and a reverse proxy server.

can you share the default configuration file

cat /etc/nginx/sites-available/default

# /etc/nginx/sites-available/default
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www;
        #root /var/baikal/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name 1234.duckdns.org;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }
}

This message seems to be strange as the file doesn’t seems to exist. Can you check

cat /etc/nginx/sites-enabled/dietpi-nextcloud.conf

“No such file or directory.”

Is it possible, that this is because of a broken symlink?

I don’t think so. Because it would have been show in this output

ok let’s try to debug the config

sudo nginx -t

This probably will give an error as we have seen above

Next would be a dump of the full effective config.

nginx -T 

this will be a long output. Pls try to copy it into a text file and attach it to your next post. Remove personal domain information beforehand.

sudo nginx -t

2025/10/10 16:09:49 [emerg] 170606#170606: no port in upstream “php” in /etc/nginx/
sites-enabled/default:20
nginx: configuration file /etc/nginx/nginx.conf test failed

nginx -T

2025/10/10 16:09:49 [emerg] 170606#170606: no port in upstream “php” in /etc/nginx/
sites-enabled/default:20
nginx: configuration file /etc/nginx/nginx.conf test failed

Same output for both commands

Might be wrong but from your default config (cat /etc/nginx/sites-available/default) →fastcgi_pass php;→ This is the line that tells Nginx where to send the PHP request and it gives an error

2025/10/10 16:09:49 [emerg] 170606#170606: no port in upstream “php” in /etc/nginx/
sites-enabled/default:20
nginx: configuration file /etc/nginx/nginx.conf test failed

it’s pointing to an upstream called php, but I think that might not be defined anywhere — hence your error.

If you want to customize it in your default config, it should be something like:

• fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; (if PHP-FPM listens on a socket). I think you can check with ls /var/run/php/
• or fastcgi_pass 127.0.0.1:9000; ( if PHP-FPM listens on TCP on port 9000 or using docker)
• or fastcgi_pass localhost:9000 ( if PHP‑FPM listens on TCP port 9000 or using docker)
• or fastcgi_pass php:9000; (if using docker container named php and container listens on port 9000)

You should be able to check the php service listen config with
grep '^listen' /etc/php/*/fpm/pool.d/www.conf

• If you see an IP/port → use 127.0.0.1:9000 (or localhost:9000).

• If you see a .sock file → use the unix:/path/to/socket form

Or… if you have the php upstream declared in /etc/nginx/nginx.conf or in a separate file under /etc/nginx/conf.d/ try to add the connection details there

It should look something like this

upstream php {
    # Option 1: if PHP-FPM listens on a Unix socket
    server unix:/var/run/php/php8.2-fpm.sock;

    # Option 2: if PHP-FPM listens on TCP
    # server 127.0.0.1:9000;
}

Add there the details and leave the default config untouched.

Then after you do the changes

sudo nginx -t

# and if it works
sudo systemctl reload nginx

I came up with a partial solution to the problem.
I spun up a fresh dietpi install on a different sd and copied the fresh files listed to the old system.

/etc/nginx/nginx.conf
/etc/nginx/sites-dietpi/dietpi-nextcloud.conf
/etc/nginx/sites-dietpi/dietpi-baikal.conf
/etc/nginx/sites-dietpi/dietpi-dav_redirect.conf

nginx -t now produces:

root@DietPi:~# nginx -t
2025/10/14 07:46:39 [warn] 71232#71232: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:83
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If i remove the wasm line in dietpi-nextcloud.conf I can start nginx and the setup works except nextcloud.

Here is the output of nginx -T
nginx -T.txt (18,3 KB)

root@DietPi:~# cat /etc/nginx/sites-available/default
# /etc/nginx/sites-available/default
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name "$hostname";

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }
}

root@DietPi:~# ls /var/run/php/
php-fpm.sock  php8.4-fpm.pid  php8.4-fpm.sock

I am not running any docker right now.

root@DietPi:~# grep '^listen' /etc/php/*/fpm/pool.d/www.conf 
listen = /run/php/php8.4-fpm.sock
listen.owner = www-data
listen.group = www-data

root@DietPi:~# cat /etc/nginx/conf.d/dietpi-nextcloud.conf 
# Set the "immutable" cache control option for assets with a cache busting "v=" argument
map $arg_v $asset_immutable {
        "" "";
        default ", immutable";
}

But that is exactly as in the fresh install.

Any other idea on how to fix the Nextcloud setup?

What exactly you like to fix. If I understood correctly, your system is starting now.

this part of nginx -t

025/10/14 07:46:39 [warn] 71232#71232: duplicate extension “wasm”, content type: “application/wasm”, previous content type: “application/wasm” in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:83

I still can’t connect to nextcloud if I remove the wasm part from /etc/nginx/sites-dietpi/nextcloud-dietpi.conf

These are warnings only. It should be possible to access NC even if they are inside the configuration

You are right. After running an update on Nexcloud everything is now working (except the ssl of course )

Thank you for your support and your patience.

Did you check this already

just tried it again. But as I said before, this requires me to open port 80 on my router. That is something I really want to avoid.

But without you will not get a valid certificate and you would need to deal with self signed certificates yourself. Or ignore the warning in NC if you don’t plan to access the system from external