I updated my system to Yunohost 2.5.6 (was 2.5.5).
Everything was working fine before the update, but now I have an issue with one package, nginx-extras (that is blocking yunohost update).
I didn’t touch nginx config files, but it seems that every
access_by_lua_file parameter fail to pass the config test.
So now nginx server can’t start.
During the update, some change were made to nginx packages, and I chose to keep the old config files. Was it an error ?
Here are the Nginx changes reported:
nginx-common (1.10.2-4) unstable; urgency=medium
Since nginx 1.9.14 Debian has gradually switched to dynamic loadable modules
for all third party modules and core modules that support it. For each
module a new binary package is introduced under the libnginx-mod-* namespace.
The modules are loadable from all nginx flavors (light,full,extras) and are
automatically registered by installing a symlink under
/etc/nginx/modules-enabled/. If you use a modified /etc/nginx/nginx.conf make
sure to include that directory.
– Christos Trochalakis email@example.com Sun, 22 Jan 2017 12:19:30 +0200
nginx-common (1.10.2-1) unstable; urgency=high
In order to secure nginx against privilege escalation attacks, we are
changing the way log file owners & permissions are handled so that www-data
is not allowed to symlink a logfile. /var/log/nginx is now owned by root:adm
and its permissions are changed to 0755. The package checks for such symlinks
on existing installations and informs the admin using debconf.
That unfortunately may come at a cost in terms of privacy. /var/log/nginx is
now world-readable, and nginx hardcodes permissions of non-existing logs to
0644. On systems running logrotate log files are private after the first
logrotate run, since the new log files are created with 0640 permissions.
– Christos Trochalakis firstname.lastname@example.org Tue, 04 Oct 2016 15:20:33 +0300
Thanks for your help