[vpsFree.cz: community-list] nginx padá

petr.bolf at taborpolana.cz petr.bolf at taborpolana.cz
Thu Oct 15 22:07:33 CEST 2020


Díky moc.


Dělá to certbot. Způsobí přesně tu popisovanou chybu. Shodí běžící nginx 
a pak spustí nějaký jiný.

běží mi nginx

tcp        0      0 0.0.0.0:443 0.0.0.0:*               LISTEN      
9848/nginx: master
tcp        0      0 0.0.0.0:80 0.0.0.0:*               LISTEN      
9848/nginx: master
tcp6       0      0 :::443 :::*                    LISTEN      
9848/nginx: master
tcp6       0      0 :::80 :::*                    LISTEN      
9848/nginx: master


sudo certbot renew --dry-run


sudo netstat -luntp | grep "80\|443"
tcp        0      0 0.0.0.0:443 0.0.0.0:*               LISTEN      
10616/nginx: master
tcp        0      0 0.0.0.0:80 0.0.0.0:*               LISTEN      
10616/nginx: master
tcp6       0      0 :::443 :::*                    LISTEN      
10616/nginx: master
tcp6       0      0 :::80 :::*                    LISTEN      
10616/nginx: master


Takže teď sice nginx znova běží, weby jsou dostupné, ale ten nginx demon 
v systemd to není, jestli to dobře chápu, tak běží nějaká instance nginx 
mimo systemd. Je to tak?

sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor 
preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-10-15 21:32:52 
CEST; 31min ago
      Docs: man:nginx(8)
   Process: 10811 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; 
master_process on; (code=exited, status=0/SUCCESS)
   Process: 10812 ExecStart=/usr/sbin/nginx -g daemon on; master_process 
on; (code=exited, status=1/FAILURE)

Oct 15 21:32:51 domogled nginx[10812]: nginx: [emerg] bind() to 
0.0.0.0:80 failed (98: Address already in use)
Oct 15 21:32:51 domogled nginx[10812]: nginx: [emerg] bind() to [::]:80 
failed (98: Address already in use)
Oct 15 21:32:52 domogled nginx[10812]: nginx: [emerg] bind() to [::]:443 
failed (98: Address already in use)
Oct 15 21:32:52 domogled nginx[10812]: nginx: [emerg] bind() to 
0.0.0.0:443 failed (98: Address already in use)
Oct 15 21:32:52 domogled nginx[10812]: nginx: [emerg] bind() to 
0.0.0.0:80 failed (98: Address already in use)
Oct 15 21:32:52 domogled nginx[10812]: nginx: [emerg] bind() to [::]:80 
failed (98: Address already in use)
Oct 15 21:32:52 domogled nginx[10812]: nginx: [emerg] still could not bind()
Oct 15 21:32:52 domogled systemd[1]: nginx.service: Control process 
exited, code=exited, status=1/FAILURE
Oct 15 21:32:52 domogled systemd[1]: nginx.service: Failed with result 
'exit-code'.
Oct 15 21:32:52 domogled systemd[1]: Failed to start A high performance 
web server and a reverse proxy server.

Ale v /etc/letsencrypt/renewal-hooks/ nemám žádný hooks, který by nějak 
spouštěl nginx.

V /etc/cron.d/certbot mám

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system 
&& perl -e 'sleep int(rand(43200))' && certbot -q renew


Chápu to dobře, že certbot shodí nginx, provede něco (aktualizace 
certifikátů) a pak už nenahodí systemd demona nginx, ale spustí ho nějak 
jinak? Proč ale? Kde to může být nastavené?


dík

Petr B.


Dne 14. 10. 20 v 9:18 Lukáš Němec napsal(a):
> A co ten certbot? Nesnaží se restartovat nginx nebo ho spustit jinak 
> než přes sysctl? A spustí duplicitní procesy?
>
> Očividně je tam problém že něco jinýho se spustí na portu 80 a 443, 
> není to ten certbot samotný aby si udělal acme-challenge?
>
> Lukáš
>
>> 14. 10. 2020 v 9:16, Stepan Liska <stepan at comlinks.cz 
>> <mailto:stepan at comlinks.cz>>:
>>
>> Ne že bych znal nginx nějak dobře, ale přijde mi divné, že by sám od 
>> sebe bez vnějšího povelu najednou 23:40 restartoval. A jinak nechápu 
>> proč by dělal znovu listen. Klidně to může být nějaký posthook na 
>> certbotu (ale ten to snad dělá jenom když je nový certifikát, ne?). 
>> Koukni taky na log CRONu nebo také máš systemd, tak ten má taky 
>> nějaké naplánované úlohy.
>>
>> Přijde mi to, jak kdyby se pustil nějaký restart, starý proces se 
>> nestihl z nějakého důvodu ukončit a už se startoval nový. Je nad 
>> tímhle záznamem ještě něco dalšího velmi blízko (< 2min) před tímto 
>> časem?
>>
>> Neboli - prošel bych všechny systémové logy a podíval se co se dělo 
>> okolo času 23:40 a pokusil se zjistit příčinu restart nginx.
>>
>> Š.
>> Dne 14. 10. 20 v 8:48 petr.bolf at taborpolana.cz napsal(a):
>>>
>>>
>>>
>>> sudo netstat -luntp | grep "80\|443"
>>>
>>>
>>> nic tam neběží na těch portech.
>>>
>>> Server jsem spustil v cca 16 hod a ve 23.40 to spadlo. To se do toho 
>>> musí motat nějaký další program, možná by mohl být vinník certbot, 
>>> nebo nějaké nastavení v cronu? Ale nic podezřelého nevidím.
>>>
>>> sudo tail -f /var/log/nginx/error.log.1
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to [::]:443 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to 0.0.0.0:443 
>>> failed (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to 0.0.0.0:80 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to [::]:80 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to [::]:443 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to 0.0.0.0:443 
>>> failed (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to 0.0.0.0:80 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: bind() to [::]:80 failed 
>>> (98: Address already in use)
>>> 2020/10/13 23:40:34 [emerg] 19730#19730: still could not bind()
>>> 2020/10/13 23:40:37 [alert] 19672#19672: unlink() "/run/nginx.pid" 
>>> failed (2: No such file or directory)
>>>
>>>
>>> sudo systemctl status nginx.service
>>> ● nginx.service - A high performance web server and a reverse proxy 
>>> server
>>>    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; 
>>> vendor preset: en
>>>    Active: failed (Result: exit-code) since Tue 2020-10-13 23:40:36 
>>> CEST; 8h ago
>>>      Docs: man:nginx(8)
>>>   Process: 19729 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; 
>>> master_process
>>>   Process: 19730 ExecStart=/usr/sbin/nginx -g daemon on; 
>>> master_process on; (cod
>>>
>>> Oct 13 23:40:35 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> 0.0.0.0:80 faile
>>> Oct 13 23:40:35 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> [::]:80 failed (
>>> Oct 13 23:40:36 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> [::]:443 failed
>>> Oct 13 23:40:36 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> 0.0.0.0:443 fail
>>> Oct 13 23:40:36 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> 0.0.0.0:80 faile
>>> Oct 13 23:40:36 domogled nginx[19730]: nginx: [emerg] bind() to 
>>> [::]:80 failed (
>>> Oct 13 23:40:36 domogled nginx[19730]: nginx: [emerg] still could 
>>> not bind()
>>> Oct 13 23:40:36 domogled systemd[1]: nginx.service: Control process 
>>> exited, code
>>> Oct 13 23:40:36 domogled systemd[1]: nginx.service: Failed with 
>>> result 'exit-cod
>>> Oct 13 23:40:37 domogled systemd[1]: Failed to start A high 
>>> performance web serv
>>> lines 1-17/17 (END)
>>>
>>>
>>> Dne 13. 10. 20 v 17:15 Jan Pleva napsal(a):
>>>> no, nabehne... prave ze nenabehne... pokud tam ten web bezi v 
>>>> mezicase, pak je dost mozna problem v tom, ze bud tam bezi jiny 
>>>> webserver, nebo nejaka druha instance nginxu o ketere ten start 
>>>> script nevi. Tak nebo onak, nginx se nemuze poslouchat na 80/443 
>>>> protoze uz na tom portu neco jineho posloucha. At uz nginx, Apache 
>>>> nebo neco jineho.
>>>>
>>>> Jak pise kolega, /netstat -luntp | grep "80\|443"/ by melo vnest 
>>>> svetlo odkud vitr fouka.
>>>>
>>>> S pozdravem
>>>>
>>>> Jan Pleva
>>>>
>>>>
>>>> út 13. 10. 2020 v 16:03 odesílatel petr.bolf at taborpolana.cz 
>>>> <mailto:petr.bolf at taborpolana.cz> <petr.bolf at taborpolana.cz 
>>>> <mailto:petr.bolf at taborpolana.cz>> napsal:
>>>>
>>>>     dík
>>>>
>>>>
>>>>     Mate mne, že server naběhne, nginx -t je spokojený a chyba se
>>>>     projeví až
>>>>     po nějakém čase. Zatím se mi zdá, že jsem měl bordel v jednom
>>>>     konfiguráku a jakoby to tam udělal certbot, a nebo se tam něco
>>>>     omylem
>>>>     zkopírovalo.
>>>>
>>>>
>>>>     Když jsem měl chybu v konfiguraci serveru, většinou se to
>>>>     projevilo už
>>>>     při startu, nebo při nginx -t.
>>>>
>>>>
>>>>
>>>>     Petr
>>>>
>>>>     Dne 13. 10. 20 v 15:31 Vojtěch Oram napsal(a):
>>>>     > Ahoj,
>>>>     > neběží tim tam třeba ještě Apache? Vypadá to, že Nginx nemůže
>>>>     > nastartovat, protože jsou porty 80 a 443 už obsazené. Zkus se
>>>>     kouknout
>>>>     > na výstup "netstat -nlp", co tam běží na portu 80 a 443.
>>>>     >
>>>>     > S přáním pěkného dne
>>>>     >
>>>>     > Vojtěch "Flaiming" Oram
>>>>     > https://vojtechoram.cz <https://vojtechoram.cz/>
>>>>     >
>>>>     > Dne 13. 10. 20 v 14:57 petr.bolf at taborpolana.cz
>>>>     <mailto:petr.bolf at taborpolana.cz> napsal(a):
>>>>     >> zdravím,
>>>>     >>
>>>>     >>
>>>>     >> nevěděl by někdo s čím může být problém - asi někde v
>>>>     konfiguraci
>>>>     >> serverů pro nginx.
>>>>     >>
>>>>     >> sudo nginx -t
>>>>     >> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
>>>>     >> nginx: configuration file /etc/nginx/nginx.conf test is
>>>>     successful
>>>>     >>
>>>>     >>
>>>>     >> sudo systemctl start nginx.service
>>>>     >>
>>>>     >> sudo systemctl status nginx.service
>>>>     >> ● nginx.service - A high performance web server and a
>>>>     reverse proxy
>>>>     >> server
>>>>     >>    Loaded: loaded (/lib/systemd/system/nginx.service;
>>>>     enabled; vendor
>>>>     >> preset: en
>>>>     >>    Active: active (running) since Tue 2020-10-13 14:49:08
>>>>     CEST; 6min ago
>>>>     >>      Docs: man:nginx(8)
>>>>     >>   Process: 16277 ExecStartPre=/usr/sbin/nginx -t -q -g
>>>>     daemon on;
>>>>     >> master_process
>>>>     >>   Process: 16278 ExecStart=/usr/sbin/nginx -g daemon on;
>>>>     >> master_process on; (cod
>>>>     >>  Main PID: 16279 (nginx)
>>>>     >>    Memory: 21.0M
>>>>     >>    CGroup: /system.slice/nginx.service
>>>>     >>            ├─16279 nginx: master process /usr/sbin/nginx -g
>>>>     daemon
>>>>     >> on; master_pr
>>>>     >>            ├─16280 nginx: worker process
>>>>     >>            ├─16281 nginx: worker process
>>>>     >>            ├─16282 nginx: worker process
>>>>     >>            ├─16283 nginx: worker process
>>>>     >>            ├─16284 nginx: worker process
>>>>     >>            ├─16285 nginx: worker process
>>>>     >>            ├─16286 nginx: worker process
>>>>     >>            └─16287 nginx: worker process
>>>>     >>
>>>>     >>
>>>>     >> jenže po nějakém čase server spadne.
>>>>     >>
>>>>     >>
>>>>     >> sudo tail -f /var/log/nginx/error.log
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to [::]:443
>>>>     failed (98:
>>>>     >> Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to 0.0.0.0:443
>>>>     <http://0.0.0.0:443/> failed
>>>>     >> (98: Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to 0.0.0.0:80
>>>>     <http://0.0.0.0/> failed
>>>>     >> (98: Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to [::]:80
>>>>     failed (98:
>>>>     >> Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to [::]:443
>>>>     failed (98:
>>>>     >> Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to 0.0.0.0:443
>>>>     <http://0.0.0.0:443/> failed
>>>>     >> (98: Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to 0.0.0.0:80
>>>>     <http://0.0.0.0/> failed
>>>>     >> (98: Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: bind() to [::]:80
>>>>     failed (98:
>>>>     >> Address already in use)
>>>>     >> 2020/10/13 02:39:01 [emerg] 7506#7506: still could not bind()
>>>>     >> 2020/10/13 02:39:04 [alert] 7357#7357: unlink()
>>>>     "/run/nginx.pid"
>>>>     >> failed (2: No such file or directory)
>>>>     >>
>>>>     >>
>>>>     >> a když je spadlý tak
>>>>     >>
>>>>     >>
>>>>     >> sudo systemctl status nginx.service
>>>>     >> [sudo] password for pruga:
>>>>     >> ● nginx.service - A high performance web server and a
>>>>     reverse proxy
>>>>     >> server
>>>>     >>    Loaded: loaded (/lib/systemd/system/nginx.service;
>>>>     enabled; vendor
>>>>     >> preset: en
>>>>     >>    Active: failed (Result: exit-code) since Tue 2020-10-13
>>>>     02:39:04
>>>>     >> CEST; 11h ag
>>>>     >>      Docs: man:nginx(8)
>>>>     >>   Process: 7501 ExecStartPre=/usr/sbin/nginx -t -q -g daemon
>>>>     on;
>>>>     >> master_process
>>>>     >>   Process: 7506 ExecStart=/usr/sbin/nginx -g daemon on;
>>>>     >> master_process on; (code
>>>>     >>
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> 0.0.0.0:80 <http://0.0.0.0/> failed
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> [::]:80 failed (9
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> [::]:443 failed (
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> 0.0.0.0:443 <http://0.0.0.0:443/> faile
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> 0.0.0.0:80 <http://0.0.0.0/> failed
>>>>     >> Oct 13 02:39:03 domogled nginx[7506]: nginx: [emerg] bind() to
>>>>     >> [::]:80 failed (9
>>>>     >> Oct 13 02:39:04 domogled nginx[7506]: nginx: [emerg] still
>>>>     could not
>>>>     >> bind()
>>>>     >> Oct 13 02:39:04 domogled systemd[1]: nginx.service: Control
>>>>     process
>>>>     >> exited, code
>>>>     >> Oct 13 02:39:04 domogled systemd[1]: nginx.service: Failed with
>>>>     >> result 'exit-cod
>>>>     >> Oct 13 02:39:04 domogled systemd[1]: Failed to start A high
>>>>     >> performance web serv
>>>>     >>
>>>>     >>
>>>>     >> přičemž
>>>>     >>
>>>>     >> sudo systemctl start nginx.service
>>>>     >>
>>>>     >>
>>>>     >> ho zase nastartuje a zase chvilu běží.
>>>>     >>
>>>>     >>
>>>>     >> díky
>>>>     >>
>>>>     >>
>>>>     >> Petr Bolf
>>>>     >>
>>>>     >> _______________________________________________
>>>>     >> Community-list mailing list
>>>>     >> Community-list at lists.vpsfree.cz
>>>>     <mailto:Community-list at lists.vpsfree.cz>
>>>>     >> http://lists.vpsfree.cz/listinfo/community-list
>>>>     > _______________________________________________
>>>>     > Community-list mailing list
>>>>     > Community-list at lists.vpsfree.cz
>>>>     <mailto:Community-list at lists.vpsfree.cz>
>>>>     > http://lists.vpsfree.cz/listinfo/community-list
>>>>     _______________________________________________
>>>>     Community-list mailing list
>>>>     Community-list at lists.vpsfree.cz
>>>>     <mailto:Community-list at lists.vpsfree.cz>
>>>>     http://lists.vpsfree.cz/listinfo/community-list
>>>>
>>>>
>>>> _______________________________________________
>>>> Community-list mailing list
>>>> Community-list at lists.vpsfree.cz
>>>> http://lists.vpsfree.cz/listinfo/community-list
>>>
>>> _______________________________________________
>>> Community-list mailing list
>>> Community-list at lists.vpsfree.cz
>>> http://lists.vpsfree.cz/listinfo/community-list
>>
>> _______________________________________________
>> Community-list mailing list
>> Community-list at lists.vpsfree.cz <mailto:Community-list at lists.vpsfree.cz>
>> http://lists.vpsfree.cz/listinfo/community-list
>
>
> _______________________________________________
> Community-list mailing list
> Community-list at lists.vpsfree.cz
> http://lists.vpsfree.cz/listinfo/community-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vpsfree.cz/pipermail/community-list/attachments/20201015/4eab2760/attachment-0001.html>


More information about the Community-list mailing list