OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: seed on March 27, 2023, 07:55:41 pm

Title: BUG: NGINX doesnt start
Post by: seed on March 27, 2023, 07:55:41 pm

Hello.

My Setup:

OPNsense 23.1.4_1-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

My setup is using some /32 ipv4s on my WAN and nginx is configured to bind to it.
After rebooting the opnsense. Nginx wont start.

Quote

2023/03/27    19:50:00    error    40394#100667    invalid PID number "" in "/var/run/nginx.pid"
2023/03/27    19:50:00    notice    40394#100667    signal process started
2023/03/27    19:49:10    emerg    86356#100227    bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)
2023/03/27    19:49:10    emerg    86281#100227    bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)

I must remove the .sock by hand: "rm -f /var/run/nginx_status.sock" and click on start again.

This must be a bug

Title: Re: BUG: NGINX doesnt start
Post by: franco on March 27, 2023, 09:02:29 pm

Web GUI runs a redirect from port 80 by default. Not a bug and you can disable it. ;)


Cheers,
Franco

Title: Re: BUG: NGINX doesnt start
Post by: seed on March 28, 2023, 08:13:23 pm

Quote

Disable web GUI redirect rule

is enabled and the web ui port is on 4444.

Title: Re: BUG: NGINX doesnt start
Post by: Fright on March 28, 2023, 09:27:48 pm

Hi
XXX.XX.XXX.XX is not there when nginx starts?
really need to bind to exact ip and not just "80"?

Title: Re: BUG: NGINX doesnt start
Post by: seed on March 30, 2023, 07:19:41 am

I must bind Nginx on the specific IP. On one the other ips im running other services like haproxy.

So this is very likely a bug.

Title: Re: BUG: NGINX doesnt start
Post by: franco on March 30, 2023, 08:13:29 am

With the little information given and the error message it looks like a limitation of the system or configuration mistake, but not a bug.


Cheers,
Franco

Title: Re: BUG: NGINX doesnt start
Post by: seed on March 30, 2023, 08:35:53 am

Ok thats fair. What other information should i provide?


I hope this helps:
I have multiple /32 v4s and multiple /128 v6 configured on my wan interface.

One v4 and one v6 are ment to be dedicated for nginx as reverse Proxy.
This runs normaly fine. But after a opnsense reboot nginx doesnt like to start.
When i check with netstat for running services on port 80 i dont see any service on port 80.

In the logfile i just see the error:   "bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)" (redacted ip)

after removing the sock (/var/run/nginx_status.sock) and clicking on start service nginx runs fine.

Title: Re: BUG: NGINX doesnt start
Post by: franco on March 30, 2023, 10:16:27 am

At the time of nginx start the IP address in question does not seem to be available on the interface if we want to rule out a conflict between services already binding on it. What WAN modes have you set for IPv4 and IPv6?


Cheers,
Franco

Title: Re: BUG: NGINX doesnt start
Post by: Fright on March 30, 2023, 10:17:55 am

since it "Can't assign requested address" and not "48: Address already in use" i think its not a bind conflict (as i said earlier).its an address absence i think. so may be interface address is not ready when nginx tries to start at boot. but you did not provide more info.
/var/run/nginx_status.sock binding error is a consequence of the first error, because nginx leaves the sockets in this case

Title: Re: BUG: NGINX doesnt start
Post by: Fright on March 30, 2023, 02:51:11 pm

@franco
how bad is idea to exit on _setup fail at
https://github.com/opnsense/src/blob/stable/23.1/libexec/rc/rc.subr#L1110
? (this should prevent start if config broken. sounds logical?)

Title: Re: BUG: NGINX doesnt start
Post by: franco on March 30, 2023, 03:06:55 pm

Bad, because a badly written script wil wreck it. Remember that last command sets error condition on script exit. Besides, which command should actually fail in setup script?

_precmd is implemented to do config checks in rc.d files sometimes, but the result is the same: Service doesn't work and no step further.

If anything we are missing a restart to be back running, but the question still is why the virtual IP is not there (if it really isn't).

Title: Re: BUG: NGINX doesnt start
Post by: Fright on March 30, 2023, 03:20:04 pm

Quote

is why the virtual IP is not there

yep, this is the most interesting for now

Quote

_precmd is implemented to do config checks in rc.d files sometimes

yes. but in nginx case it may return 1 for "reload" if config broken. but not for "start"..

Quote

which command should actually fail in setup script?

https://github.com/opnsense/plugins/blob/c08a2ea1771b8243f8f28de27c3f2286b2beb4af/www/nginx/src/opnsense/scripts/nginx/setup.php#L339  ;)

Quote

because a badly written script wil wreck it

hm. understood

/var/run/nginx_status.sock is not unlinked after an unsuccessful start attempt and it prevents next runs. looks like it fixed at
https://trac.nginx.org/nginx/changeset/7cbf6389194b9170514e514ca7ee495369c9c8ac/nginx but it doesn't seem to be backported

Title: Re: BUG: NGINX doesnt start
Post by: franco on March 30, 2023, 03:28:02 pm

Ah you are talking about your latest addition and not about the situation with the user. I saw it as a means to get startup errors to syslog, not to stop well-defined startup sequence.

I'd extend setup.php to remove the socket(s) when the nginx pid is not there. That's why we have it. :)

Alternatively ask Jochen via FreeBSD ports to add this patch to the port.


Cheers,
Franco

Title: Re: BUG: NGINX doesnt start
Post by: Fright on March 30, 2023, 03:37:41 pm

Quote

I'd extend setup.php to

sounds like a plan. already running on test vm )
thanks

Title: Re: BUG: NGINX doesnt start
Post by: benyamin on March 30, 2023, 07:28:29 pm

I'm not running the plugin myself, but if it is using the rc.d system to start, does the REQUIRE: keyword include the NETWORKING option.

For comparison inetd has: # REQUIRE: DAEMON LOGIN FILESYSTEMS