I have a problem with nginx. I tried different solutions, but for me nothing work.
That is my error:
4 root#BANANAS ~ # sudo service nginx restart :(
Restarting nginx: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx.
Can you help me?
Probably other process is using specified port:
sudo netstat -tulpn
Get the PID of the process that already using 443. And send signal with kill command.
sudo kill -2 <PID>
sudo service nginx restart
Aternatively you can do:
sudo fuser -k 443/tcp
Make sure you dont use old syntax:
server {
listen :80;
listen [::]:80;
}
The above syntax will cause
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Correct syntax:
server {
listen 80;
listen [::]:80 ipv6only=on;
}
or
server {
listen [::]:80;
}
Both above syntax will achieve the same thing, listening on both ipv4 and ipv6.
Another way (from my experience) is just force quit the process that running on that port 443
sudo fuser -k 443/tcp
or if you running on port 80 just change the port to
sudo fuser -k 80/tcp
Hope it helps someone who had the same issue
Alternative using lsof:
Find the PID & kill the process which running on port 443
sudo kill -9 $(lsof -t -i :443)
Thank you for the answer.
After running
sudo netstat -tulpn
I realised that I had apache2 running on port 80. This was probably done after I used Certbot to install SSL on the server.
I removed Apache2 and the server was up and running.
apt remove apache2
This did the trick! Thank you again.
First, we have to check how many services run on port 80. To check that, you could run the following command:
sudo netstat -plant | grep 80
This would show you which service exactly is listening on port 80 and then you can make a decision whether you want to have that service as is or have Nginx instead.
If it is Apache, you will need to decide whether you want to use Apache or Nginx.
If you only want to have Nginx, you need to stop Apache first:
sudo systemctl stop apache2 && sudo systemctl start nginx
I received the above error due to accidentally repeating the listen directive twice within the same server block as follows:
server {
listen [::]:443 ssl ipv6only=off;
listen 443 ssl;
...
}
changing it to:
server {
listen 443 ssl;
...
}
or
server {
listen [::]:443 ssl ipv6only=off;
...
}
resolved the problem when restarting the server: sudo service nginx start
When I killed the nginx process bind to 80 & 443 ports, the process always reappeared with new PID.
It helped me to temporarily comment this line in /etc/nginx/nginx.conf, restart nginx and then uncomment the line back:
worker_processes auto;
In my case, running Ubuntu 20.04, I bounced the server, and Apache2 was set to automatically start.
$ sudo lsof -i -P -n | grep LISTEN
This showed Apache2 running on port 80, and was causing a conflict. I shut it down with
$ sudo systemctl stop Apache2
And then started nginx with
$ sudo systemctl start nginx
If using a virtual machine, you may just need to restart the virtual machine. I was having the same issues yesterday and I could not get Nginx to start using any of the methods in this post. So I started the virtual machine up this morning, checked the running processes, and I see Nginx running on port 80. I even viewed the status of Nginx yesterday with systemctl and it said failed, but today it is active. Not sure what happened here, but it could be worth a try.
Related
I am trying to generate an ssl certificate on an AWS EC2 nano machine configured with a NGINX server.
My NGINX configuration file is as follows:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name my_server_name.com;
}
When I check my Nginx configuration with the following command :
nginx -t
this error is returned:
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22 nginx: configuration file /etc/nginx/nginx.conf test failed
Of course, when I try to go further in generating the SSL certificate with the following command:
certbot certonly --dry-run
the following error is returned:
Error while running nginx -c /etc/nginx/nginx.conf -t.
What changes/commands do I need to make to generate the SSL certificate ?
I have modified my Nginx configuration file in a thousand ways, without success.
Assuming you have installed NGINX correctly on your machine, for Certbot to take into account your configuration, you must first move (or delete) the default one located here:
/etc/nginx/sites-enabled/
for this, you will need these 2 commands:
cd /etc/nginx/sites-enabled/
rm default
Once these 2 commands are done, you have to switch off the NGINX server to generate the SSL certificate, using this command:
service nginx stop
Now you can restart your command and generate the SSL certificate with :
certbot certonly
I have a backend server on http (on some IP), which is not intended to be accessed directly. I have setup another nginx server on a different machine, and used Let's Encrypt certbot to setup an ssl certificate on this machine
sudo apt-get install -y nginx
sudo certbot --nginx
Now, what I am hoping to achieve is - any request from client on https (port 443) should be redirected to my backend server on port 80.
Do I setup reverse_proxy in this case as explained here - https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Or, do I setup TLS termination on nginx as explained here - https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
If I need both, what should my configurations look like?
my current reverse-proxy.conf -
server {
listen 443;
location / {
proxy_pass http://<backend-ip-address>;
}
}
which doesn't work. My configtest on nginx always fail too -
service nginx configtest
* Testing nginx configuration [fail]
Any help is appreciated. Thanks.
PS: whithout reverse-proxy.conf or any redirection, default nginx server worked well on https. This shows that let's encrypt worked correctly.
Error messages in /var/log/nginx/error.log -
2022/01/23 20:00:04 [notice] 3005#3005: signal process started
2022/01/23 20:00:06 [notice] 3007#3007: signal process started
2022/01/23 20:01:31 [crit] 3008#3008: *23 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 5.8.10.202, server: 0.0.0.0:443
2022/01/23 20:05:22 [crit] 3008#3008: *54 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 107.178.231.247, server: 0.0.0.0:443
2022/01/23 20:09:02 [crit] 3008#3008: *69 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 107.178.232.189, server: 0.0.0.0:443
Edit: Fixed the issue
I just had to add a few entries in /etc/nginx/nginx.conf (Make sure you are not missing ending semi-colons)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 443 ssl;
server_name <domain-name>;
ssl_certificate <path-to-fullchain.pem>;
ssl_certificate_key <path-to-privkey.pem>;
location / {
proxy_pass http://<downstream-ip>;
}
}
And make sure no reverse-proxy.conf is setup in /etc/nginx/sites-enabled
Then run
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl status nginx
to verify if everything is working fine.
Hi I am trying to get a nginx conf working with minecraft.
I created several subdomains (A-records) and I want to use only the subdomains (without port).
Therefore I installed nginx (stable release) on CentOS 7.
Added portforward in my router on 25565 to this VM (fixed IP) and added 25565 (tcp, permanent) to the firewall. Testing nginx with default ip (port 80) => Welcome to nginx....
Testing port 25565 (with minecraft) also works.
Left nginx.conf and default.conf intact (no changes) and added my minecraft.conf in /etc/nginx/conf.d/
Minecraft uses tcp protocol (I asume this is supported by nginx) and listens default to 25565 that's why I run my instances on 25566 and 25567
As far as I understood main directives like http(s), stream etc. should be declared in nginx.conf
It's not posible to declare a stream in the minecraft.conf (in ./conf.d/)
Also not possible to proxy_pass to the upstream (directive proxy_pass not allowed here)
(I can use location / { http://..} but that's not tcp)
What do I miss to make it work as I want to use a proxy (Network Solutions does not allow SRV records for subdomains)
my minecraft.conf:
upstream mcserver1 {
server 192.168.1.14:25566;
}
upstream mcserver2 {
server 192.168.1.14:25567;
}
server {
listen 25565;
server_name camelot.xyz.net;
access_log /var/log/nginx/mcs1.access;
error_log /var/log/nginx/mcs1.error;
proxy_pass mcserver1;
}
server {
listen 25565;
server_name cityworld.xyz.net;
access_log /var/log/nginx/mcs2.access;
error_log /var/log/nginx/mcs2.error;
proxy_pass mcserver2;
}
In the default error.log I find
2021/04/11 21:37:12 [notice] 5525#5525: signal process started
2021/04/11 21:37:12 [emerg] 2325#2325: bind() to 0.0.0.0:25565 failed (98: Address already in use)
2021/04/11 21:37:12 [emerg] 2325#2325: still could not bind()
I cannot run Nginx because port 80 is already listening on a docker-proxy service.
tcp6 0 0 :::80 :::* LISTEN 13110/docker-proxy
I would like to run Nginx on port 8800 instead of the default port 80.
As such, I've edited the default file as below;
sudo nano /etc/nginx/sites-available/default
listen 8800 default_server;
listen [::]:8800 default_server;
listen localhost;
However, I still cannot get it working as expected even after restart.
What am I doing wrong and how can I resolve it?
Below is the error I get;
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2019-04-26 04:23:14 EDT; 13min ago
Docs: man:nginx(8)
Process: 16955 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 16944 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 80941 (code=exited, status=0/SUCCESS)
Apr 26 04:23:11 ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 26 04:23:11 ubuntu nginx[16955]: nginx: [emerg] bind() to 127.0.0.1:80 failed (98: Address already in use)
Apr 26 04:23:12 ubuntu nginx[16955]: nginx: [emerg] bind() to 127.0.0.1:80 failed (98: Address already in use)
Apr 26 04:23:12 ubuntu nginx[16955]: nginx: [emerg] bind() to 127.0.0.1:80 failed (98: Address already in use)
Apr 26 04:23:13 ubuntu nginx[16955]: nginx: [emerg] bind() to 127.0.0.1:80 failed (98: Address already in use)
Apr 26 04:23:13 ubuntu nginx[16955]: nginx: [emerg] bind() to 127.0.0.1:80 failed (98: Address already in use)
Apr 26 04:23:14 ubuntu nginx[16955]: nginx: [emerg] still could not bind()
Apr 26 04:23:14 ubuntu systemd[1]: nginx.service: Control process exited, code=exited status=1
Apr 26 04:23:14 ubuntu systemd[1]: nginx.service: Failed with result 'exit-code'.
Apr 26 04:23:14 ubuntu systemd[1]: Failed to start A high performance web server and a reverse proxy server.
You have to go to the /etc/nginx/sites-enabled/default
Edit that file and put (If you are willing to put "8800" as your port for nginx)
server { listen 8800; }
The start the server
sudo service nginx start
or
sudo service nginx restart if previously running.
Then access localhost:8800
Add a rule to iptables
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8800 -j ACCEPT
Restart IPtables
sudo service iptables restart;
It looks like the problem is in the line
listen localhost;
The "listen" directive can take a port number, a host,
or both. I believe in your case this line defaults
the port to 80, which would cause the problems you
are experiencing.
Also, beware if "default" is not the only file
in hosts_available. Each of these (each server block) will default
to using port 80 unless overridden there. Just
editing "default" would not be enough in that case.
I found this answer on Server Fault helpful: https://serverfault.com/questions/655067/is-it-possible-to-make-nginx-listen-to-different-ports
You can add ports to the one server block to keep things simple:
server {
listen 80;
listen 8000;
server_name example.org;
root /var/www/;
}
I have trying to add proxy_set_header in my nginx.conf file. When I try to add proxy_pass and invoke the URL it throws 502 Bad Gateway nginx/1.11.1 error.
Not sure how to resolve this error:
upstream app-server {
# connect to this socket
server unix:///tmp/alpasso-wsgi.sock; # for a file socket
}
server {
server_name <name>;
listen 80 default_server;
# Redirect http to https
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name <name>;
listen 443 ssl default_server;
recursive_error_pages on;
location /azure{
proxy_pass http://app-server;
}
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_client_certificate /etc/nginx/server.crt;
ssl_verify_client optional;
}
Had similar problem with proxy_pass, if your Linux server is using SELINUX then you may want to try this.
$ setsebool -P httpd_can_network_connect true
Refer to Warren's answer: https://unix.stackexchange.com/questions/196907/proxy-nginx-shows-a-bad-gateway-error
502 is sent when your upstream is not reachable.
Try to switch on error log and you might see failed to connect to upstream,
for this you need to check whether your upstream server is running or not, sudo service upstream status, and try to switch that on.
Nginx proxy with unix socket troubleshooting:
Check nginx conf:
nginx -t
Check socket:
netstat --protocol=unix -nlp | grep alpasso-wsgi.socket
Check is app working:
curl --unix-socket /tmp/alpasso-wsgi.sock http:/your-path-on-app
(Must be html code on screen output)
If not, check your app. If yes:
Check nginx error log
sudo tail -f /var/log/nginx/error.log
In case you get a nginx permissions error, check nginx user rights for socket:
Determine which username nginx use:
ps aux | grep nginx
And, for example, if nginx user is www-data, give to www-data user required rights. Add www-data user to required group:
sudo usermod -a -G your-socket-file-group www-data
and check permissions of a socket file,
or use ACL:
sudo setfacl -R -m u:www-data:rwX /path-to-your-unix-socket
sudo setfacl -Rd -m u:www-data:rwX /path-to-your-unix-socket
Im my opinion, ACL is better for security. Because you give rights to nginx only to one file, not for all files which belongs to group.