OPNsense Forum
Archive => 23.1 Legacy Series => Topic started by: seed on March 27, 2023, 07:55:41 pm
-
Hello.
My Setup:
OPNsense 23.1.4_1-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
My setup is using some /32 ipv4s on my WAN and nginx is configured to bind to it.
After rebooting the opnsense. Nginx wont start.
2023/03/27 19:50:00 error 40394#100667 invalid PID number "" in "/var/run/nginx.pid"
2023/03/27 19:50:00 notice 40394#100667 signal process started
2023/03/27 19:49:10 emerg 86356#100227 bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)
2023/03/27 19:49:10 emerg 86281#100227 bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)
I must remove the .sock by hand: "rm -f /var/run/nginx_status.sock" and click on start again.
This must be a bug
-
Web GUI runs a redirect from port 80 by default. Not a bug and you can disable it. ;)
Cheers,
Franco
-
Disable web GUI redirect rule
is enabled and the web ui port is on 4444.
-
Hi
XXX.XX.XXX.XX is not there when nginx starts?
really need to bind to exact ip and not just "80"?
-
I must bind Nginx on the specific IP. On one the other ips im running other services like haproxy.
So this is very likely a bug.
-
With the little information given and the error message it looks like a limitation of the system or configuration mistake, but not a bug.
Cheers,
Franco
-
Ok thats fair. What other information should i provide?
I hope this helps:
I have multiple /32 v4s and multiple /128 v6 configured on my wan interface.
One v4 and one v6 are ment to be dedicated for nginx as reverse Proxy.
This runs normaly fine. But after a opnsense reboot nginx doesnt like to start.
When i check with netstat for running services on port 80 i dont see any service on port 80.
In the logfile i just see the error: "bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)" (redacted ip)
after removing the sock (/var/run/nginx_status.sock) and clicking on start service nginx runs fine.
-
At the time of nginx start the IP address in question does not seem to be available on the interface if we want to rule out a conflict between services already binding on it. What WAN modes have you set for IPv4 and IPv6?
Cheers,
Franco
-
since it "Can't assign requested address" and not "48: Address already in use" i think its not a bind conflict (as i said earlier).its an address absence i think. so may be interface address is not ready when nginx tries to start at boot. but you did not provide more info.
/var/run/nginx_status.sock binding error is a consequence of the first error, because nginx leaves the sockets in this case
-
@franco
how bad is idea to exit on _setup fail at
https://github.com/opnsense/src/blob/stable/23.1/libexec/rc/rc.subr#L1110
? (this should prevent start if config broken. sounds logical?)
-
Bad, because a badly written script wil wreck it. Remember that last command sets error condition on script exit. Besides, which command should actually fail in setup script?
_precmd is implemented to do config checks in rc.d files sometimes, but the result is the same: Service doesn't work and no step further.
If anything we are missing a restart to be back running, but the question still is why the virtual IP is not there (if it really isn't).
-
is why the virtual IP is not there
yep, this is the most interesting for now
_precmd is implemented to do config checks in rc.d files sometimes
yes. but in nginx case it may return 1 for "reload" if config broken. but not for "start"..
which command should actually fail in setup script?
https://github.com/opnsense/plugins/blob/c08a2ea1771b8243f8f28de27c3f2286b2beb4af/www/nginx/src/opnsense/scripts/nginx/setup.php#L339 ;)
because a badly written script wil wreck it
hm. understood
/var/run/nginx_status.sock is not unlinked after an unsuccessful start attempt and it prevents next runs. looks like it fixed at
https://trac.nginx.org/nginx/changeset/7cbf6389194b9170514e514ca7ee495369c9c8ac/nginx but it doesn't seem to be backported
-
Ah you are talking about your latest addition and not about the situation with the user. I saw it as a means to get startup errors to syslog, not to stop well-defined startup sequence.
I'd extend setup.php to remove the socket(s) when the nginx pid is not there. That's why we have it. :)
Alternatively ask Jochen via FreeBSD ports to add this patch to the port.
Cheers,
Franco
-
I'd extend setup.php to
sounds like a plan. already running on test vm )
thanks
-
I'm not running the plugin myself, but if it is using the rc.d system to start, does the REQUIRE: keyword include the NETWORKING option.
For comparison inetd has: # REQUIRE: DAEMON LOGIN FILESYSTEMS