Welcome! Log In Create A New Profile

Weird problem cannot standup nginx on 443 ipv4

Forum List Message List New Topic Print View

Julian Brown

April 25, 2019 03:28PM

Sorry this is a bit long:

On Debian Stretch 9.8, fresh install. I want to setup nginx as a load
balancer to just one node at this time just to play with it and understand
it.

I installed the apt package nginx-full, which I assume will have all there.

So I slightly modified nginx.conf, where I removed the part about
sites-available and only included the one loadbalance.conf.

nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json
application/javascript text/xml application/xml application/xm

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/loadbalance.conf;
}

Here is
/etc/nginx/conf.d/loadbalance.conf

upstream learngigs {
server 192.168.1.250;
}

server {
server_name learngigs.com www.learngigs.com

listen 443;
listen [::]:443;

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/learngigs.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/learngigs.com/privkey.pem;

access_log /var/log/nginx/loadbalance.access.log;
error_log /var/log/nginx/loadbalance.error.log debug;

location / {
proxy_pass http://learngigs/;
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;

server_name _;

return 301 https://learngigs.com;
}

root@loadbalance01:/etc/nginx# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

As you can see there are no syntax errors.

root@loadbalance01:/etc/nginx# netstat -anop | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
1322/nginx: master off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN
1322/nginx: master off (0.00/0/0)
tcp6 0 0 :::443 :::* LISTEN
1322/nginx: master off (0.00/0/0)
unix 3 [ ] STREAM CONNECTED 20723 1322/nginx:
master
unix 3 [ ] STREAM CONNECTED 20724 1322/nginx:
master

From this you can see it will not bind to 0.0.0.0:443, it was able to and
did for 80, and did 443 on ipv6, but not ipv4.

There is nothing sitting on 443:

root@loadbalance01:/etc/nginx# netstat -anop | grep 443
tcp6 0 0 :::443 :::* LISTEN
1322/nginx: master off (0.00/0/0)

So there is no bind error.

Looking at the logs:

root@loadbalance01:/var/log/nginx# ls -ld *
-rw-r--r-- 1 root root 0 Apr 25 14:20 access.log
-rw-r--r-- 1 root root 265 Apr 25 14:20 error.log
-rw-r--r-- 1 root root 0 Apr 25 14:20 loadbalance.access.log
-rw-r--r-- 1 root root 78 Apr 25 14:20 loadbalance.error.log

As you can see it created loadbalance.error.log, so it understood my config
for that.

root@loadbalance01:/var/log/nginx# cat loadbalance.error.log
2019/04/25 14:20:09 [debug] 1368#1368: epoll add event: fd:8 op:1
ev:00002001
root@loadbalance01:/var/log/nginx# cat error.log
2019/04/25 14:20:09 [info] 1363#1363: Using 32768KiB of shared memory for
nchan in /etc/nginx/nginx.conf:63
2019/04/25 14:20:09 [debug] 1368#1368: epoll add event: fd:9 op:1
ev:00002001
2019/04/25 14:20:09 [debug] 1368#1368: epoll add event: fd:10 op:1
ev:00002001

And there is nothing interesting in the logs.

I put this on serverfault and someone suggested that listening on a port on
ipv6 would also work for ipv4, but if I do a telnet myip 443 from another
server it says refused connection.

There is nothing of note in syslog:

Apr 25 14:20:03 loadbalance01 systemd[1]: Stopping A high performance web
server and a reverse proxy server...
Apr 25 14:20:03 loadbalance01 systemd[1]: Stopped A high performance web
server and a reverse proxy server.
Apr 25 14:20:09 loadbalance01 systemd[1]: Starting A high performance web
server and a reverse proxy server...
Apr 25 14:20:09 loadbalance01 systemd[1]: nginx.service: Failed to read PID
from file /run/nginx.pid: Invalid argument
Apr 25 14:20:09 loadbalance01 systemd[1]: Started A high performance web
server and a reverse proxy server.

I tried to strace it, and it does not even try to bind to 443 on ipv4, it
is almost like it is compiled to ignore port 443 on ipv4.

Can someone help me?

Thank you

Julian Brown
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Weird problem cannot standup nginx on 443 ipv4	Julian Brown	April 25, 2019 03:28PM
Re: Weird problem cannot standup nginx on 443 ipv4	Rainer Duffner	April 25, 2019 03:38PM
Re: Weird problem cannot standup nginx on 443 ipv4	Julian Brown	April 25, 2019 04:26PM
Re: Weird problem cannot standup nginx on 443 ipv4	OiledAmoeba	April 25, 2019 07:21PM
Re: Weird problem cannot standup nginx on 443 ipv4	Julian Brown	April 25, 2019 09:10PM
Re: Weird problem cannot standup nginx on 443 ipv4	Francis Daly	April 26, 2019 11:14AM
Re: Weird problem cannot standup nginx on 443 ipv4	Julian Brown	April 26, 2019 12:02PM