[BUG] nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3

[pharpe]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Reverse proxy stopped working as of the latest release (2.2.0-ls174). I am seeing this error in the logs:

nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3

I have been running without error for over a year before this release. I rolled back to 1.32.0-ls172 and it is working fine.

Expected Behavior

SWAG starts and reverse proxy works.

Steps To Reproduce

Restart SWAG container or stop, purge, and rerun the docker run.

Environment

- OS: Ubuntu 20.04.5 LTS running in a Proxmox LXC
- How docker service was installed: Per the docker website: https://docs.docker.com/desktop/install/ubuntu/

CPU architecture

x86-64

Docker creation

docker run -d \
--name=swag \
--cap-add=NET_ADMIN \
--net=lsio \
--health-cmd="curl --silent --fail localhost:80 || exit 1" \
--health-interval=30s \
--health-retries=3 \
--health-timeout=10s \
-e CERTPROVIDER=zerossl \
-e EMAIL=xxxxxxxxxxxxxxx@gmail.com \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=America/Chicago \
-e URL=xxxxxxxxx.duckdns.org \
-e SUBDOMAINS=wildcard \
-e VALIDATION=duckdns \
-e DUCKDNSTOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-e EMAIL=xxxxxxxxxxxxxxxx@gmail.com \
-e ONLY_SUBDOMAINS=false \
-e STAGING=false \
-p 443:443 \
-p 80:80 \
-v /mnt/storage/config/swag:/config \
--restart always \
ghcr.io/linuxserver/swag

Container logs

[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

using keys found in /config/keys
Variables set:
PUID=1000
PGID=1000
TZ=America/Chicago
URL=xxxxxxx.duckdns.org
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=duckdns
CERTPROVIDER=zerossl
DNSPLUGIN=
EMAIL=xxxxxxxxxxxxxxxx@gmail.com
STAGING=false

the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
ZeroSSL is selected as the cert provider, registering cert with xxxxxxxxxxxx@gmail.com
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of xxxxxxxxxxx.duckdns.org will be requested
E-mail address entered: xxxxxxxxxxxxxxxxx@gmail.com
dns validation via duckdns plugin is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
/config/nginx/geoip2.conf exists.
        Please migrate to https://github.com/linuxserver/docker-mods/tree/swag-maxmind
/config/nginx/ldap.conf exists.
        Please apply any customizations to /config/nginx/ldap-server.conf
        Ensure your configs are updated and remove /config/nginx/ldap.conf
        If you do not use this config, simply remove it.
**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
/config/nginx/authelia-server.conf
/config/nginx/site-confs/default.conf
/config/nginx/authelia-location.conf
/config/nginx/proxy.conf
/config/nginx/ldap-server.conf
/config/nginx/proxy-confs/radarr.subdomain.conf
/config/nginx/proxy-confs/ombi.subdomain.conf
/config/nginx/proxy-confs/plex.subdomain.conf
/config/nginx/proxy-confs/sonarr.subdomain.conf
/config/nginx/proxy-confs/transmission.subdomain.conf
/config/nginx/proxy-confs/homeassistant.subdomain.conf
/config/nginx/nginx.conf
/config/nginx/ssl.conf

[custom-init] No custom files found, skipping...
[ls.io-init] done.
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
2023-01-22 11:55:40,194 fail2ban.configreader   [338]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Server ready
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3
...

[github-actions]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[Roxedus]

Dupe of #322 #321 #320 #319 #318 #316

[pharpe]

I know this is closed and linked to other issues. While #316 does give some guidance toward a resolution, it is locked, so I'm going to add my experience here in hopes that it helps someone else. I would say that the primary issue is that I am not an expert in nginx and that's the reason I'm using SWAG docker image in the first place. So post like this go completely over my head:

"The upstream package changed how they ship the default nginx configs, if your existing configs already define a stream block it will break because there can only be one."

From the other posts in #316 I surmised that there are breaking changes in this latest release that are incompatible with my configuration. It was not really clear from my logs which config was the issue and, not understanding what a "stream block" is I wasn't sure where to look. Since most of the variables are set in my docker run I just decided to stop and purged the SWAG container. Then, I backed up my config folder and deleted it contents. I restarted and checked the logs to confirmed it was running. After that I just copied the proxy-confs over from the config folder backup and restated the container. Everything is now working on the latest version.

[aptalca]

The container log tells you exactly what to do.

From the log above:

**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
/config/nginx/authelia-server.conf
/config/nginx/site-confs/default.conf
/config/nginx/authelia-location.conf
/config/nginx/proxy.conf
/config/nginx/ldap-server.conf
/config/nginx/proxy-confs/radarr.subdomain.conf
/config/nginx/proxy-confs/ombi.subdomain.conf
/config/nginx/proxy-confs/plex.subdomain.conf
/config/nginx/proxy-confs/sonarr.subdomain.conf
/config/nginx/proxy-confs/transmission.subdomain.conf
/config/nginx/proxy-confs/homeassistant.subdomain.conf
/config/nginx/nginx.conf
/config/nginx/ssl.conf

[pharpe]

We will just have to agree to disagree that a message that there is something in one of 13 different files tells you exactly what to do.

I just felt my method was a lot simpler than trying to comb through a bunch of files trying to figure out if there are diffs and what the impact may be. Just replace them all and copy back what I needed seemed like the path of least resistance.

Again this is primary do to my ignorance. I do appreciate all the work that goes into all this. Just trying to help someone in a similar boat as me.

[aptalca]

You nuked the entire thing and started over. How is that simple?

If you didn't intentionally customize the confs, you could have just copied the samples over, or even simpler, you could have deleted them and restarted the container, which would have updated them automatically.

We had multiple announcements about them for years. Our changelog lists every time a crucial conf is updated, urging you to update, and links to the specific instructions in the readme.
https://github.com/linuxserver/docker-swag#versions
https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs

Plus, the first line of each config links to the git history of that specific file if you want to see the details.

We can't honestly make it any easier or simpler. But you do you.

Only reason I'm responding here is so others don't think they have to nuke and start over which would be an awful solution or a workaround.

[TangentFoxy]

I spent too long trying to figure this issue out myself just now, and I really have to ask why aren't unmodified configs automatically updated? That's most of why this confused me so much. Why would I need to update the config? I just updated! I haven't changed anything in it.

I also think communication here needs improvement. If the first reply on #316 had explained that configs aren't automatically updated and gave a reminder as to why the message about differing versions in the log is there, I could've figured this out much quicker. "The container log tells you exactly what to do." being there would've also helped.