BUG: NGINX doesnt start

seed · March 27, 2023, 07:55:41 PM

Hello.

My Setup:

OPNsense 23.1.4_1-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

My setup is using some /32 ipv4s on my WAN and nginx is configured to bind to it.
After rebooting the opnsense. Nginx wont start.

Quote2023/03/27    19:50:00    error    40394#100667    invalid PID number "" in "/var/run/nginx.pid"
2023/03/27    19:50:00    notice    40394#100667    signal process started
2023/03/27    19:49:10    emerg    86356#100227    bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)
2023/03/27    19:49:10    emerg    86281#100227    bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)

I must remove the .sock by hand: "rm -f /var/run/nginx_status.sock" and click on start again.

This must be a bug

franco · March 27, 2023, 09:02:29 PM

Web GUI runs a redirect from port 80 by default. Not a bug and you can disable it. ;)

Cheers,
Franco

seed · March 28, 2023, 08:13:23 PM

QuoteDisable web GUI redirect rule

is enabled and the web ui port is on 4444.

Fright · March 28, 2023, 09:27:48 PM

Hi
XXX.XX.XXX.XX is not there when nginx starts?
really need to bind to exact ip and not just "80"?

seed · March 30, 2023, 07:19:41 AM

I must bind Nginx on the specific IP. On one the other ips im running other services like haproxy.

So this is very likely a bug.

franco · March 30, 2023, 08:13:29 AM

With the little information given and the error message it looks like a limitation of the system or configuration mistake, but not a bug.

Cheers,
Franco

seed · March 30, 2023, 08:35:53 AM

Ok thats fair. What other information should i provide?

I hope this helps:
I have multiple /32 v4s and multiple /128 v6 configured on my wan interface.

One v4 and one v6 are ment to be dedicated for nginx as reverse Proxy.
This runs normaly fine. But after a opnsense reboot nginx doesnt like to start.
When i check with netstat for running services on port 80 i dont see any service on port 80.

In the logfile i just see the error: "bind() to XXX.XX.XXX.XX:80 failed (49: Can't assign requested address)" (redacted ip)

after removing the sock (/var/run/nginx_status.sock) and clicking on start service nginx runs fine.

franco · March 30, 2023, 10:16:27 AM

At the time of nginx start the IP address in question does not seem to be available on the interface if we want to rule out a conflict between services already binding on it. What WAN modes have you set for IPv4 and IPv6?

Cheers,
Franco

Fright · March 30, 2023, 10:17:55 AM

since it "Can't assign requested address" and not "48: Address already in use" i think its not a bind conflict (as i said earlier).its an address absence i think. so may be interface address is not ready when nginx tries to start at boot. but you did not provide more info.
/var/run/nginx_status.sock binding error is a consequence of the first error, because nginx leaves the sockets in this case

Fright · March 30, 2023, 02:51:11 PM

@franco
how bad is idea to exit on _setup fail at
https://github.com/opnsense/src/blob/stable/23.1/libexec/rc/rc.subr#L1110
? (this should prevent start if config broken. sounds logical?)

franco · March 30, 2023, 03:06:55 PM

Bad, because a badly written script wil wreck it. Remember that last command sets error condition on script exit. Besides, which command should actually fail in setup script?

_precmd is implemented to do config checks in rc.d files sometimes, but the result is the same: Service doesn't work and no step further.

If anything we are missing a restart to be back running, but the question still is why the virtual IP is not there (if it really isn't).

Fright · March 30, 2023, 03:20:04 PM

Quoteis why the virtual IP is not there

yep, this is the most interesting for now

Quote_precmd is implemented to do config checks in rc.d files sometimes

yes. but in nginx case it may return 1 for "reload" if config broken. but not for "start"..

Quotewhich command should actually fail in setup script?

https://github.com/opnsense/plugins/blob/c08a2ea1771b8243f8f28de27c3f2286b2beb4af/www/nginx/src/opnsense/scripts/nginx/setup.php#L339 ;)

Quotebecause a badly written script wil wreck it

hm. understood

/var/run/nginx_status.sock is not unlinked after an unsuccessful start attempt and it prevents next runs. looks like it fixed at
https://trac.nginx.org/nginx/changeset/7cbf6389194b9170514e514ca7ee495369c9c8ac/nginx but it doesn't seem to be backported

franco · March 30, 2023, 03:28:02 PM

Ah you are talking about your latest addition and not about the situation with the user. I saw it as a means to get startup errors to syslog, not to stop well-defined startup sequence.

I'd extend setup.php to remove the socket(s) when the nginx pid is not there. That's why we have it. :)

Alternatively ask Jochen via FreeBSD ports to add this patch to the port.

Cheers,
Franco

Fright · March 30, 2023, 03:37:41 PM

QuoteI'd extend setup.php to

sounds like a plan. already running on test vm )
thanks

benyamin · March 30, 2023, 07:28:29 PM

I'm not running the plugin myself, but if it is using the rc.d system to start, does the REQUIRE: keyword include the NETWORKING option.

For comparison inetd has: # REQUIRE: DAEMON LOGIN FILESYSTEMS

BUG: NGINX doesnt start

seed

March 27, 2023, 07:55:41 PM

franco

March 27, 2023, 09:02:29 PM #1

seed

March 28, 2023, 08:13:23 PM #2

Fright

March 28, 2023, 09:27:48 PM #3

seed

March 30, 2023, 07:19:41 AM #4

franco

March 30, 2023, 08:13:29 AM #5

seed

March 30, 2023, 08:35:53 AM #6

franco

March 30, 2023, 10:16:27 AM #7

Fright

March 30, 2023, 10:17:55 AM #8 Last Edit: March 30, 2023, 10:20:54 AM by Fright

Fright

March 30, 2023, 02:51:11 PM #9

franco

March 30, 2023, 03:06:55 PM #10

Fright

March 30, 2023, 03:20:04 PM #11

franco

March 30, 2023, 03:28:02 PM #12

Fright

March 30, 2023, 03:37:41 PM #13

benyamin

March 30, 2023, 07:28:29 PM #14 Last Edit: March 30, 2023, 07:30:25 PM by benyamin