nginx.conf and nginx.pid users and permissions - nginx
I'm embarking on watching my NGINX error.log files at level: warn... probably a silly idea and will cause me to crash my server as I work out any bugs happening, but hey, we're nerds and this is why we're here.
I'm noticing a [warn] and an [emerg] pop up every time I restart my server, which shows:
[warn] 8041#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
[emerg] 8041#0: open() "/run/nginx.pid" failed (13: Permission denied)
The top of my nginx.conf file reads:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
Which to me, shows me a few things.
I'm running NGINX with the user: www-data.
The number of worker processes that are allowed is automatically adjusted.
my PID file/information is being stored in /run/nginx.pid.
The error tells me that NGINX doesn't have permission to access /run/nginx.pid, which led me to see the user permissions for said file.
sudo ls -la /run/nginx.pid
reveals:
-rw-r--r-- 1 root root 5 Jun 18 05:34 /run/nginx.pid
Then trying:
ps -ef | grep nginx
produces:
root 5914 1 0 05:34 ? 00:00:00 nginx: master process /u
www-data 5917 5914 0 05:34 ? 00:00:00 nginx: worker process
scratches head
Now, can somebody out there tell me why, or how the hell NGINX has managed to create the master process with root ownership, and now the worker processes are owned by www-data?
Or more to the point, anybody have some suggestions on what to do about this [emerg] error I'm getting?
My first thought is to just try and change the ownership of the /run/nginx.pid file and see how NGINX likes it, but I kind of feel that even if I do that manually this time, when I restart the server, I'll run into the same problem.
My second thought is maybe there is somewhere else that I define my worker process initiation within NGINX..
Thanks.
EDIT
The contents of the /etc/systemd/system/multi-user.target.wants/nginx.service file are:
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/usr/sbin/nginx -s quit
[Install]
WantedBy=multi-user.target
I got the same error on my Centos 7 server today.
nginx.pid" failed (13: Permission denied)
For me, it turned out to be a problem with SELinux. I did the following to make it work again:
systemctl stop nginx
touch /var/run/nginx.pid
chcon -u system_u -t httpd_var_run_t /var/run/nginx.pid
systemctl start nginx
running
ls -Z nginx.pid
should output
-rw-r--r--. root root system_u:object_r:httpd_var_run_t:s0 nginx.pid
In my case I got a
"/usr/local/var/run/nginx.pid" failed (13: Permission denied)
bind() to 0.0.0.0:80 failed (48: Address already in use)
and the working solution was made up of these steps:
stop root process
sudo nginx -s stop
check if process stopped
ps aux | grep nginx
restart process
sudo nginx -s reload
gave me the error
nginx: [error] open() “/usr/local/var/run/nginx.pid” failed (2: No such file or directory)
probabil .pid was started with the wrong root user as I uncommented the line with path to .pid in /usr/local/etc/nginx/nginx.conf and then I commented it back again
to start nginx as a user and not root
brew services start nginx
result at running command
ps aux | grep nginx
youruser 89212 0.0 0.0 4268280 644 s002 S+ 2:46PM 0:00.00 grep nginx
youruser 89179 0.0 0.0 4302204 1776 ?? S 2:45PM 0:00.00 nginx: worker process
youruser 89178 0.0 0.0 4275372 4368 ?? S 2:45PM 0:00.01 nginx: master process /usr/local/opt/nginx/bin/nginx -g daemon off;
And as it can be seen, the nginx process started with the expected user and not as root and the conflict between processes was gone and I could access the PHP application local domain.
For Ubuntu 20.04+
I got the exact same error while I was using sudo systemctl reload nginx
Using sudo service nginx restart instead throws no error
Related
Install of openresty : nginx.pid not found
I try to install OpenResty 1.13.6.1 under CentOS 7. When I try to run openresty I get this error: [root#flo ~]# openresty -s reload nginx: [error] open() "/usr/local/openresty/nginx/logs/nginx.pid" failed (2: No such file or directory) When I look at my logs, I only have 2 files: [root#flo ~]# ll /usr/local/openresty/nginx/logs/ total 8 -rw-r--r--. 1 root root 0 1 mars 12:24 access.log -rw-r--r--. 1 root root 4875 1 mars 16:03 error.log I do not see how to find a solution. ///////////////////UPDATE////////////////// I try to do this to folow the instructions of this page : https://openresty.org/en/getting-started.html [root#flo ~]# PATH=/usr/local/openresty/nginx/sbin:$PATH [root#flo ~]# export PATH [root#flo ~]# nginx -p pwd/ -c conf/nginx.conf And I have this error : nginx: [alert] could not open error log file: open() "/root/logs/error.log" failed (2: No such file or directory) 2018/03/02 09:02:55 [emerg] 30824#0: open() "/root/conf/nginx.conf" failed (2: No such file or directory) /////////////////UPDATE2//////////////: [root#nexus-chat1 ~]# cd /root/ [root#nexus-chat1 ~]# ll total 4 -rw-------. 1 root root 1512 1 mars 11:05 anaconda-ks.cfg drwxr-xr-x. 3 root root 65 1 mars 11:36 openresty_compilation Where do I need to create these folders ? mkdir ~/work cd ~/work mkdir logs/ conf/ In /usr/local/openresty/ ?
Very likely nginx cannot open a log file because folder doesn't exists or permission issue. You can see the reason within error.log file
openresty -s reload is used to tell nginx to reload the currently running instance. That's why it's complaining about the missing pid file. Anyway, that's not the correct way to start openresty. Have a look at https://openresty.org/en/getting-started.html for instructions on how to get started.
Munin with Nginx and FastCGI
I'm trying to configure Munin over Nginx. To do so, I need to manually start the cgi process with this command: spawn-fcgi -s fastcgi-graph.sock -U nginx -u nginx -g nginx /var/lib/munin/cgi-tmp/munin-cgi-graph -n Unfortunately, I get the following error: spawn-fcgi: exec failed: Permission denied The permissions on the socket file is as followed: srwxr-xr-x 1 nginx nginx 0 May 2 14:08 fastcgi-graph.sock Can anyone point me out on what it wrong with that configuration? Thanks.
/etc/init.d/nginx restart as root fails but nginx -t won't tell anything
So Nginx is started in daemon mode, but root, as confirms this command: root#test:/home/vagrant# ps -edf | grep nginx root 7331 1 0 13:42 ? 00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; www-data 7333 7331 0 13:42 ? 00:00:00 nginx: worker process But if I: root#test:/home/vagrant# /etc/init.d/nginx restart * Restarting nginx nginx [fail] But when I run: root#test:/home/vagrant# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful It's only when I go back to user vagrant that I get: [13:46:58] vagrant#test:/home/vagrant $ nginx -t 2016/04/21 13:47:01 [emerg] 7390#7390: open() "/run/nginx.pid" failed (13: Permission denied) And if I: root#test:/home/vagrant# ls -l /run/nginx.pid -rw-r--r-- 1 root root 5 Apr 21 13:45 /run/nginx.pid So why won't nginx restart? What am I doing wrong? I mean, root not having enough permission doesn't make sense, does it? And how come sudo nginx -t doesn't display any error message?
Have you this directive in your configuration file user www www; ? If yes, does the user www (or whom you set) have access to the pid file and to the site directories ? extra: if you need you can move the pif file using the pid path; directive.
Restarting nginx: nginxnginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
When I try to restart nginx with sudo /etc/init.d/nginx restart I get the message from the subject. I discovered that the reason is most likely that the script doesn't know how to stop the deamon because the pid file (/var/run/nginx.pid) is not created on start. I have two installations on two different servers... one was compiled from source and the other came with phusion passenger. I tried this command: start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -c /etc/nginx/nginx.conf on both machines and on one the pid file is created and on the other it is not - on that machine the paths are a bit different (but I don't think this is relevant): start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec /opt/nginx/sbin/nginx -- -c /opt/nginx/conf/nginx.conf The process starts and pid is not written... I'm on Debian... Any suggestions?
The solution is to uncomment this line in nginx.conf: pid /var/run/nginx.pid; It looks like different installations do it differently but the right thing is to uncomment it.
I was able to fix this by running the following fuser command $ sudo fuser -k 80/tcp which kills whatever process is using port 80..hopefully didn't screw anything else. Credit for this goes to: https://goo.gl/6oc0xD
$ sudo nginx -t to see all processes, sometimes you do not have the full permission
Nginx Invalid PID number
I issued a nginx -s stop and after that I got this error when trying to reload it. [error]: invalid PID number "" in "/var/run/nginx.pid" That /var/run/nginx/pid file is empty atm. What do I need to do to fix it?
nginx -s reload is only used to tell a running nginx process to reload its config. After a stop, you don't have a running nginx process to send a signal to. Just run nginx (possibly with a -c /path/to/config/file)
in my case I solved this by starting the service. sudo /etc/init.d/nginx start The command above will start the service in Debian/Ubuntu. It will issue an error if there is any problem (like Apache listening in the same port) After that nginx -s reload will work like a charm
This will clear out the issue on ubuntu 16.04 and above sudo service nginx stop you may need to remove the pid file nginx.pid whose location may be defined in file /etc/nginx/nginx.conf look for line like cat /etc/nginx/nginx.conf | grep pid # see if pid file is defined this line may live in file /etc/nginx/nginx.conf pid /run/nginx.pid; # in file /etc/nginx/nginx.conf if pid file does exist then remove it now ls -la /var/run/nginx/pid # this file may live elsewhere ls -la /run/nginx.pid # on Ubuntu 16.04+ after the pid file has been removed lets launch nginx sudo service nginx start ps -eaf|grep nginx # confirm its running sudo nginx -t && sudo nginx -s reload # confirm config is OK # typical output # nginx: the configuration file /etc/nginx/nginx.conf syntax is ok # nginx: configuration file /etc/nginx/nginx.conf test is successful sudo service nginx stop # issue stop ps -eaf|grep nginx # confirm it actually stopped now sanity has been restored and you are free to launch at will
In the latest version(1.2.0) that I downloaded there is no "-s start" option, it will say nginx: invalid option: "-s start" You can start nginx by sudo /etc/nginx/sbin/nginx The server will be started and then there wont be any Invalid pid number errors.
To avoid downtime with restarting nginx, ps aux | grep nginx PID of nginx master process echo PID > /var/run/nginx.pid nginx -s reload
In my case nginx was stopped (crashed I assume). Solved the issue by: service nginx status nginx stop/waiting service nginx start nginx start/running, process 3535 Then nginx -s reload worked like a charm. I am using nginx/1.8.0 on trusty.
This happens if the nginx process was stopped manually or was killed. Check if the process is still running: sudo lsof -nP -iTCP:<port> | grep LISTEN I am on mac, and I reinstall the nginx with: brew reinstall nginx Then start the service using brew: brew services start nginx
On CentOS 7 I done it with this: sudo systemctl start nginx #Then check all things are OK sudo systemctl status -l nginx
For anyone who still has issues, in my case, there was an apache2 server that was running. You can try debugging what went wrong in your nginx machine by executing this command - systemctl status nginx This gave me an insight that the port was already in us by apache2 server. so you can do sudo service apache2 stop and then do sudo service nginx start.
Docker Alpine users should use nginx by using that nginx will be start there is no error by nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful then reload it by nginx -s reload