Known Issues
This document lists and describes the known issues and possible workarounds in NGINX Instance Manager. Fixed issues are removed after 45 days.
We recommend you upgrade to the latest version of Instance Manager to take advantage of new features, improvements, and bug fixes.
2.3.0
Scan misidentifies some NGINX OSS instances as NGINX Plus
| Issue ID | Status |
|---|---|
| 35172 | Open |
Description
When NGINX Plus is installed on a datapath instance, then removed and replaced with NGINX OSS, NGINX Instance Manager may incorrectly identify the instance as an NGINX Plus instance. This is due to multiple NGINX entries for the same datapath.
Workaround
Use NGINX Instance Manager’s NGINX Instances API to remove the inactive NGINX instance. For instructions, refer to the API reference guide, which you can find at https://<NGINX-INSTANCE-MANAGER-FQDN>/ui/docs.
You may need to stop the NGINX Agent first. To stop the NGINX Agent, run the following command:
sudo systemctl stop nginx-agent
Metrics may report additional data
| Issue ID | Status |
|---|---|
| 34255 | Open |
Description
NGINX Instance Manager reports metrics at a per-minute interval and includes dimensions for describing the metric data’s characteristics.
An issue has been identified in which metric data is aggregated across all dimensions, not just for existing metrics data. When querying the Metrics API with aggregations like SUM(metric-name), the aggregated data causes the API to over count the metric. This overcounting skews some of the metrics dashboards.
Workaround
When querying the Metrics API, you can exclude the data for an aggregated dimension by specifying the dimension name in the filterBy query parameter.
filterBy=<dimension-name>!= ''
Unable to publish config changes to a custom nginx.conf location
| Issue ID | Status |
|---|---|
| 35276 | Open |
Description
Using Instance Manager to publish a config may fail if the NGINX Instance has the configuration file stored in a folder other than the default.
Workaround
Use the default location for the configuration file.
2.2.0
Post-install steps to load SELinux policy are in the wrong order
| Issue ID | Status |
|---|---|
| 34276 | Fixed in 2.3.0 |
Description
After installing Instance Manager, the post-installation steps shown in the command-line output say to start the NGINX Management Suite services before loading the included SELinux policy. These steps are transposed. You need to load the SELinux policy first and start the NMS services after; otherwise, the NMS services will be unconfined.
Workaround
See the Enforce Security with SELinux Policy guide for the correct instructions.
Giving long names (255+ characters) to certificates causes internal error
| Issue ID | Status |
|---|---|
| 34185 | Open |
Description
When adding certificates, an internal error (error code: 134018) is returned if the name given for the certificate exceeds 255 characters.
Workaround
Use a name that is 255 or fewer characters.
Associating instances with expired certificates causes internal error
| Issue ID | Status |
|---|---|
| 34182 | Open |
Description
An internal error (error code: 134018) is reported when adding an expired certificate if the certificate is associated with an instance.
Workaround
If possible, use a certificate that isn’t expired.
NGINX service may fail to start after upgrading NGINX OSS on RHEL 8
| Issue ID | Status |
|---|---|
| 34130 | Open |
Description
In some cases, after NGINX OSS is upgraded on RHEL 8, the NGINX service fails to start and returns an error similar to the following:
Job for nginx.service failed because the control process exited with error code.
Workaround
-
Run the following commands:
sudo fuser -k 80/tcp sudo fuser -k 443/tcp -
Restart the NGINX service:
sudo service nginx restart
2.1.0
Running Agent install script with sh returns “not found” error
| Issue ID | Status |
|---|---|
| 33385 | Fixed in 2.2.0 |
Description
When running the NGINX Agent install script with sh, an error similar to the following is reported:
"171: [[: not found"
This message is only a warning and does not interrupt the installation processes.
Workaround
Run the script with bash.
Duplicate instances are shown after upgrading Agent to 2.1.0
| Issue ID | Status |
|---|---|
| 33307 | Open |
Description
After upgrading to NGINX Instance Manager 2.1.0, and updating nginx-agent from platform packaging, duplicate instances may appear on the Instance overview page. This issue is caused by a change in how the NGINX Agent generates the system_uid.
Workaround
You can safely delete the older entries or wait for them to expire.
Helm chart deployments don’t support OIDC
| Issue ID | Status |
|---|---|
| 33248 | Open |
Description
OIDC is not supported for helm chart deployments of NGINX Instance Manager on Kubernetes. Only basic auth is supported.
“No such process” error occurs when publishing a configuration
| Issue ID | Status |
|---|---|
| 33160 | Open |
Description
When publishing a configuration, you might encounter an error similar to the following example:
config action failed: Config apply failed (write): no such process
This error can occur when there is a desyncronization between the NGINX Agent and NGINX PID, often after manually restarting NGINX when the Agent is running.
Workaround
Restart the NGINX Agent:
sudo systemctl restart nginx-agent
2.0.0
“Option unknown” password error when installing Instance Manager on Ubuntu with OpenSSL v1.1.0
| Issue ID | Status |
|---|---|
| 33055 | Open |
Description
When installing NGINX Instance Manager on Ubuntu with OpenSSL v1.1.0, you might see an error similar to the following example:
Generating default password for ‘admin’ user account
Using openssl version 1.1
passwd: Option unknown option -6
passwd: Use -help for summary.
dpkg: error processing package nms-instance-manager
If you receive this error during the installation, your version of OpenSSL is not compatible with the password hashing algorithm used to generate an initial admin password.
Workaround
Upgrade your OpenSSL version to v1.1.1 or later:
sudo apt-get install openssl
After updating OpenSSL this way, apt will re-try installing NGINX Instance Manager.
NGINX App Protect WAF blocks Instance Manager from publishing configurations
| Issue ID | Status |
|---|---|
| 32718 | Open |
Description
NGINX Instance Manager does not currently support managing NGINX App Protect WAF instances. NGINX App Protect WAF may block attempts to publish configurations to NGINX App Protect WAF instances.
Web interface returns Bad Gateway (502) error on RHEL 7
| Issue ID | Status |
|---|---|
| 31277 | Fixed in 2.1.0 |
Description
On RHEL 7, when authenticating with basic auth, the web interface becomes unresponsive and returns a 502 error.
Workaround
-
Verify that NGINX is added to the NMS group:
id nginxThe expected output looks similar to the following example:
uid=994(nginx) gid=991(nginx) groups=991(nginx),992(nms) -
If the NMS group is missing, run the following command to add it:
usermod -a -G nms nginx -
Restart each daemon:
systemctl start nms-core systemctl start nms-dpm systemctl start nms-ingestion
Tag-based access controls are not enforced for instance groups
| Issue ID | Status |
|---|---|
| 31267 | Fixed in 2.1.0 |
Description
When using the experimental Instance Groups feature, access controls based on instance tags are not enforced. We recommend only using Instance Groups at this time if you are not relying on tag-based access controls.
Instance Manager reports old NGINX version after upgrade
| Issue ID | Status |
|---|---|
| 31225 | Open |
Description
After upgrading NGINX to a new version, the NGINX Instance Manager web interface and API report the old NGINX version until the NGINX Agent is restarted.
Workaround
Restart the Agent to have the new version reflected properly:
systemctl restart nginx-agent
“granting scope: forbidden” error if user granting permissions belongs to multiple roles
| Issue ID | Status |
|---|---|
| 31215 | Fixed in 2.1.0 |
Description
If a user is assigned to multiple roles for Instance Management and Settings, and the user has WRITE access for Settings, which allows for creating new roles, the user cannot grant permissions to new roles or existing ones. The system returns an error similar to the following:
Error granting scope: forbidden. You cannot grant access for a scope you are not assigned to.
Workaround
Combine all permissions into one role for the user, allowing them to create new roles with the same set of permissions.
Web interface doesn’t report error when failing to upload large config files
| Issue ID | Status |
|---|---|
| 31081 | Open |
Description
In the web interface, when uploading a config file that’s larger than 50 MB (max size), the system incorrectly reports the state as Analyzing (Status code 403), although the upload failed.
Workaround
Keep config files under 50 MB.
Include cycles in the configuration cause the analyzer to timeout
| Issue ID | Status |
|---|---|
| 31025 | Fixed in 2.1.0 |
Description
A configuration containing a cycle will cause the analyzer to timeout before causing an nms-dpm restart.
nginx.conf:
http {
include conf.d/server-1.conf
}
conf.d/server-1.conf:
server {
listen 80;
include conf.d/server-2.conf
}
conf.d/server-2.conf
server {
listen 443;
include conf.d/server-1.conf
}
Workaround
Avoid uploading configurations that contain cycles.
Cannot register multiple Agents in containers on the same host
| Issue ID | Status |
|---|---|
| 30780 | Fixed in 2.1.0 |
Description
NGINX Instance Manager 2.0.0 does not support containers at this time. Look for support in a future release.
CentOS 7, RHEL 7, and Amazon Linux 2 package managers allow unsupported NGINX/NGINX Plus versions
| Issue ID | Status |
|---|---|
| 28758 | Open |
Description
When installing on CentOS 7, RHEL 7, and Amazon Linux 2, the package manager doesn’t prevent installing NGINX Instance Manager with unsupported versions of NGINX or NGINX Plus. As a consequence, it is possible that nms-instance-manager is installed without an NGINX gateway. Resulting in a less than optimal experience.
Workaround
Install a supported version of NGINX (v1.18 or later) or NGINX Plus (R22 or later). See the Technical Specifications guide for details.
gRPC errors when starting Instance Manager
| Issue ID | Status |
|---|---|
| 28683 | Open |
Description
When starting NGINX Instance Manager, you may see errors similar to the following in /etc/nginx/conf.d/nms-http.conf:227:
nginx[1234]: nginx: [emerg] unknown directive "grpc_socket_keepalive"
Workaround
Make sure your version of NGINX is v1.18 or later. See the Technical Specifications guide for details.