Unexplained problems with nginx, while trying to rebuild nixos

anon22412468 · November 28, 2020, 11:10am

Highly respected community,

I bumped into a very strange issue, recently. My nixos system was working fine for a long time, but for some reason, now it’s unable to build normally and fails with with python exception while trying to build nginx.conf.drv(although I haven’t made any changes to nginx configuration).

building '/nix/store/ndl27sjnh7vcjswm00pb2d1bq2hrd75l-nginx.conf.drv'...
Traceback (most recent call last):
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/bin/.gixy-wrapped", line 9, in <module>
    sys.exit(main())
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/cli/main.py", line 168, in main
    yoda.audit(path, fdata, is_stdin=False)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/manager.py", line 27, in audit
    self._audit_recursive(self.root.children)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/manager.py", line 53, in _audit_recursive
    self._audit_recursive(directive.children)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/manager.py", line 53, in _audit_recursive
    self._audit_recursive(directive.children)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/manager.py", line 53, in _audit_recursive
    self._audit_recursive(directive.children)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/manager.py", line 49, in _audit_recursive
    self.auditor.audit(directive)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/core/plugins_manager.py", line 66, in audit
    plugin.audit(directive)
  File "/nix/store/jkv5278xcy9mfql0v9xc5ia3z04gj9bc-gixy-0.1.20/lib/python2.7/site-packages/gixy/plugins/ssrf.py", line 35, in audit
    value = directive.args[0]
IndexError: list index out of range
builder for '/nix/store/ndl27sjnh7vcjswm00pb2d1bq2hrd75l-nginx.conf.drv' failed with exit code 1
building '/nix/store/spj54mk8jd99rgchckl60kbdhrda38by-nixos-tmpfiles.d.drv'...
cannot build derivation '/nix/store/zwxzckr8zabf7jjs31ph68w077v1nc01-unit-nginx.service.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/85l6s2rx92b1ahhy3h4fraszqwrd3kf7-system-units.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/m1m2n971aj15qhmnl66xnh5vng161sy8-etc.drv': 1 dependencies couldn't be built

Could someone, please, advice me a way of debugging it possible problem cause?

aanderse · November 28, 2020, 12:53pm

Please save a copy of yournginx configuration. I believeyou’ve somehow managed to make an nginx config file formatter crash. We should report this bug to the gixy project.

Can you post your nginx config and NixOS version please.

mudrii · November 28, 2020, 3:25pm

I see the gixy depends on the deprecated version of python 2.7

anon22412468 · December 9, 2020, 11:03am

Sorry for delayed response. To omit further misunderstanding, please clarify, is it required to submit my .nix files, that being used to configure nginx, or try to get final version of nginx.conf built from those .nix files?

aanderse · December 9, 2020, 11:43am

I guess we can start with your nix configuration and go from there.

anon22412468 · December 9, 2020, 11:46am

Ok. Give me a sec. I’ll collect them and strip sensitive data from them

anon22412468 · December 9, 2020, 12:39pm

nginx.nix

{ pkgs, ... }:
{
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "mydomain.com" = {
        enableACME = true;
        forceSSL = true;
        locations = {
	  "/" = {
            proxyPass = "";
	    extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
	    '';
	  };
        };
      };
      "git.mydomain.com = {
        enableACME = true;
        forceSSL = true;
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:3000";
	    extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
            '';
	  };
        };
      };
      "cloud.mydomain.com" = {
        enableACME = true;
	forceSSL = true;
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:80/";
	    extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
	    '';
	  };
	};
      };
      "password.mydomain.com" = {
        enableACME = true;
	forceSSL = true;
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:8222";
	    extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
	    '';
	  };
	};
      };
      "api.mydomain.com" = {
        enableACME = true;
	forceSSL = true;
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:1256";
	    extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
            '';
	  };
	};
      };
    };
  };
}

jitsi.nix

{ pkgs, ... }:
{
  services.jitsi-meet = {
    enable = true;
    hostName = "meet.mydomain.com";
    nginx.enable = true;
    interfaceConfig = {
      SHOW_JITSI_WATERMARK = false;
      SHOW_WATERMARK_FOR_GUESTS = false;
    };  
  };
}