I installed nginx by passenger-install-nginx-module , and start nginx by /opt/nginx/sbin/nginx, but I don't know how to stop or restart nginx after I update my nginx conf.
I know I can use the way ps aux | grep and kill, it there a way like services restart nginx ?
nginx is build to reload configuration without the need for a restart. The common way to restart nginx is to first do
nginx -t
Which will analyse the configuration file and tell you if there are any problems (this is very convenient since syntax errors in the configuration file means downtime). And then
nginx -s reload
Will reload the configuration and restart nginx workers one by one with the new config. This simply finds the master nginx process and sends it the right signal (this is not much different from your ps axu | grep and kill, it just uses a different signal).
There are several other useful command line options for configuration and logging. Being aware of them lets you run nginx practically without any downtime.
Related
I have a dockerised Nginx server created with openresty base image. When a particular endpoint is called it need to update nginx config dynamically. For the changes to reflect I am trying to reload the nginx soon after the changes in config.
with in the container i am able to reload nginx server using /usr/local/openresty/nginx/sbin/nginx -s reload
when i try to use the same with in lua as below ,It doesn't shoot any error but the config changes aren't getting reflected.
os.execute("/usr/local/openresty/nginx/sbin/nginx -s reload ")
You can skip calling nginx altogether and just send a HUP signal to the master process using LuaJITs FFI.
local process = require 'ngx.process'
local ffi = require 'ffi'
ffi.cdef 'int kill(int pid, int sig);'
ffi.C.kill(process.get_master_pid(), 1)
However, this doesn't fix the permissions problem.
One idea that could work is:
Set up a named pipe with mkfifo and make it so your nginx-user can write to it
Enable the Priviliged Agent worker process.
Set the privileged worker up to listen for input on the named pipe (for example using the ngx.pipe module to open cat and waiting for input) and send a HUP signal to the master process
Change your os.execute code to instead write some line of text into the named pipe to have the privileged agent reload the server.
EDIT: If you dislike the cat hack, you might want to have a look at https://github.com/slact/ngx_lua_ipc
It might be possible to use IPC to keep the whole thing self-contained within a single nginx server instance, without any file access.
This command would be run with nginx worker process privileges, and you need to be a root in order to execute this command. You can try to make a particular script for this (lets assume its name would be /usr/local/openresty/nginx/sbin/reload-nginx.sh:
#!/bin/sh
/usr/local/openresty/nginx/sbin/nginx -s reload
set the owner of this script no nginx process user (lets assume its name is nginx), and set the suid bit on this script
chown nginx /usr/local/openresty/nginx/sbin/reload-nginx.sh
chmod +x /usr/local/openresty/nginx/sbin/reload-nginx.sh
chmod u+s /usr/local/openresty/nginx/sbin/reload-nginx.sh
and try to execute this script from your lua code:
os.execute("/usr/local/openresty/nginx/sbin/nginx-reload.sh")
I have pulled into my web server so it has the latest code from my repo, i try to restart nginx - this doesnt do anything.
So I try the command
sudo nginx -s stop, and get the response that its failed because there is no such file or directory "run/nginx.pid" failed.
Trying to run the command ps aux | grep nginx gives me the response: unsupported option (BSD syntax) -- it actually comes out as ps aux > grep nginx in the digital ocean console.
Basically it seems that even though there are apparently no nginx processes running (although the command to check isnt working) my website is still running and using the old code, is there a way for me to check more definitively on the running processes?
Thanks if you can help.
Try sudo netstat -plunt to check if there's any nginx process running. See if there's anything running on port 80 or 443 and then look at the corresponding program name. You might have another server running possibly apache since it ships by default with most distributions which may be why nginx failed to start.
Another reason why it won't start might be due to faulty config. Go to /etc/nginx/ and double check that it's correct. You can also run sudo nginx -t to ensure that the config syntax is correct.
Alternatively, just check your nginx access log to see if it's actually serving any requests. You can also check the error log to see why it might fail to start. These resides in /var/log/nginx by default or check your nginx.conf for any custom path to logs.
I have an Nginx server that has some 50 redirect config files it pulls from.
Is there any way to pull this data as a single list of the server names being listened on once Nginx is running? Or is my best option to manually compile the data?
I have SSH'd in but can't see anywhere obvious that this data could be. Is there a command I could use?
Add in your nginx.conf include /etc/nginx/sites-enabled/*; or another path where your sites located
after it check your configs
command nginx -t
and reload
command service nginx reload
If you meant you want to see complete config in one go then you can use below command
nginx -T
This will tell you if there are any errors in config and if not will print the whole config also
Edit-1: 5th Jul 2018
There is nothing like a apachectl -S in nginx. The only other thing you may try and do is to filter the complete config
nginx -T | grep server_name
We are using Nginx as a reverse proxy for docker-cloud services. A script is implemented to update the config file of Nginx whenever new service deploys on docker cloud or if service gets new url on docker-cloud.
The Nginx and the script have been run in a docker container separately.
The Nginx config file is mounted in Host(ECS). After updating the config file using script, it needs to reload the Nginx in order to apply the changes.
First, I would like to know if this is the best way of updating Nginx config file and also what is the best way to reload the Nginx without any downtime?
Shall I recreate the Nginx container after each update? if so, how?
or it's fine to reload the Nginx from Host by monitoring the changes in the config file(using a script) and reload it with below command?
docker exec NginxcontainerID | nginx -s reload
Shall I recreate the Nginx container after each update? if so, how?
No, You just need to reload nginx service most of the time.
You can use:
docker exec nginxcontainername/id nginx -s reload
or
docker kill -s HUP nginxcontainername/id
Another option would be using a custom image and check nginx config checksum and reload nginx when ever it changes. Example script:
nginx "$#"
oldcksum=`cksum /etc/nginx/conf.d/default.conf`
inotifywait -e modify,move,create,delete -mr --timefmt '%d/%m/%y %H:%M' --format '%T' \
/etc/nginx/conf.d/ | while read date time; do
newcksum=`cksum /etc/nginx/conf.d/default.conf`
if [ "$newcksum" != "$oldcksum" ]; then
echo "At ${time} on ${date}, config file update detected."
oldcksum=$newcksum
nginx -s reload
fi
done
You need to install inotifywait package.
So I want to be able to cap:deploy without having to type any passwords. I have setup all private keys so I can get to the remote servers fine, and am now using svn over ssh, so no passwords there.
I have one last problem, I need to be able to restart nginx. Right now I have sudo /etc/init.d/nginx reload. That is a problem b/c it uses the capistrano password, the one I just removed b/c I am using keys. Any ideas on how to restart nginx w\out a password?
I just spent a good hour looking at sudoer wildcards and the like trying to solve this exact problem. In truth, all you really need is a root executable script that restarts nginx.
Add this to the /etc/sudoers file
username hostname ALL=NOPASSWD: /path/to/script
Write script as root
#! /bin/bash
/bin/kill -HUP `cat /var/run/nginx.pid`
Make the script executable
Test.
sudo /path/to/script
There is a better answer on Stack Overflow that does not involve writing a custom script:
The best practice is to use /etc/sudoers.d/myusername
The /etc/sudoers.d/ folder can contain multiple files that allow users
to call stuff using sudo without being root.
The file usually contains a user and a list of commands that the user
can run without having to specify a password.
Instructions:
In all commands, replace myusername with the name of your user that you want to use to restart nginx without sudo.
Open sudoers file for your user:
$ sudo visudo -f /etc/sudoers.d/myusername
Editor will open. There you paste the following line. This will allow that user to run nginx start, restart, and stop:
myusername ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart
Save by hitting ctrl+o. It will ask where you want to save, simply press enter to confirm the default. Then exit out of the editor with ctrl+x.
Now you can restart (and start and stop) nginx without password. Let's try it.
Open new session (otherwise, you might simply not be asked for your sudo password because it has not timed out):
$ ssh myusername#myserver
Stop nginx
$ sudo /usr/sbin/service nginx stop
Confirm that nginx has stopped by checking your website or running ps aux | grep nginx
Start nginx
$ sudo /usr/sbin/service nginx start
Confirm that nginx has started by checking your website or running ps aux | grep nginx
PS: Make sure to use sudo /usr/sbin/service nginx start|restart|stop, and not sudo service nginx start|restart|stop.
Run sudo visudo
Append with below lines (in this example you can add multiple scripts and services after comma)
# Run scripts without asking for pass
<your-user> ALL=(root) NOPASSWD: /opt/fixdns.sh,/usr/sbin/service nginx *,/usr/sbin/service docker *
Save and exit with :wq
Create a rake task in Rails_App/lib/capistrano/tasks/nginx.rake and paste below code.
namespace :nginx do
%w(start stop restart reload).each do |command|
desc "#{command.capitalize} Nginx"
task command do
on roles(:app) do
execute :sudo, "service nginx #{command}"
end
end
end
end
Then ssh to your remote server and open file
sudo vi /etc/sudoers
and the paste this line (after line %sudo ALL=(ALL:ALL) ALL)
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *
Or, as in your case,
deploy ALL=(ALL:ALL) NOPASSWD: /etc/init.d/nginx *
Here I am assuming your deployment user is deploy.
You can add here other commands too for which you dont require to enter password. For example
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *, /etc/init.d/mysqld, /etc/init.d/apache2