Environment
- EDR Server: 7.x and above
Symptoms
Nginx is failing to start after upgrading from a 6.x series to 7.x series server.
- /var/log/cb/nginx/startup.log shows
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7
Cause
A new configuration property for UseIncreasedSecurityCiphers was added to cb.conf. The duplicate is caused by a previously customized cipher list
Resolution
- Edit /etc/cb/nginx/conf.d/includes/cb.server.base_body
- Find the line ssl_ciphers and copy the current if you would like to continue using these ciphers
- Delete the ssl_ciphers line and save the file
- Edit /etc/cb/nginx/conf.d/templates/cipher_lists.conf.template
- Replace the following line with the previous ssl_ciphers copied, or keep the one already set (This is environmentally specific to your needs)
- Save the file if changes were made
- Start cb-nginx
CentOS/RHEL 6: service cb-nginx start
CentOS/RHEL 7/8: systemctl start cb-nginx
Related Content