Join Log in
Score:0
avatar Ubuntu

multiple workers looking on the same port: nginx mess!

vn flag
Paolo Di Pietro

I have exactly one test machine running different applications: a client and a server.

The client responds to the port 3000, while the server responds to the port 3001.

I setup nginx as a reverse proxy, and allows the user to connect to my domain:

The client should respond to the following names: domain.net, www.domain.net and idsm.comain.net

while the server should respond to server.domain.net.

My nginx default file is the following

server {

    server_name domain.net www.domain.net idsm.domain.net;
    
    location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3000;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {

    server_name server.domain.net;
    
    location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3001;
        }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = idsm.domain.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.domain.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = domain.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name domain.net www.domain.net idsm.domain.net;
    return 404; # managed by Certbot
}

server {
    if ($host = server.domain.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name server.domain.net;
    return 404; # managed by Certbot
}

I added the certiticates using certbot as always: For me everything looks correct.

Then nginx -t returned no error.

Then I launched systemctl start nginx which returned no error.

The system status nginx returned the following:

root@neo4j:/etc/nginx/sites-enabled# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-11-19 19:03:53 CET; 2s ago
       Docs: man:nginx(8)
    Process: 36872 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 36873 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 36874 (nginx)
      Tasks: 9 (limit: 76087)
     Memory: 9.9M
        CPU: 58ms
     CGroup: /system.slice/nginx.service
             ├─36874 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             ├─36875 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36876 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36877 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36878 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36879 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36880 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─36881 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             └─36882 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

nov 19 19:03:53 neo4j systemd[1]: Starting A high performance web server and a reverse proxy server...
nov 19 19:03:53 neo4j systemd[1]: Started A high performance web server and a reverse proxy server.

Everything looks nice and seems correct.

But nothing run, and if I launch nginx the result is as follow:

root@neo4j:/etc/nginx/sites-enabled# nginx
nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] still could not bind()
root@neo4j:/etc/nginx/sites-enabled#

the config file is the only one in sites-enabled.

Apache2 has been uninstalled from the server.

There are exactly 8 processes listening to the port 80 and they are those of the nginx workers (from 36875 to 36882).

  1. I don't understand why there are so many (8) worker processes (could be because I have 8 cores?).

  2. I cannot understand why the nginx doesn't start and is unable to bind.

==============================================================

After the Thomas Ward comment, I run sudo ss -tulpn | grep 443 and this is the result:

sudo ss -tulpn | grep 443
[sudo] password di neo4j: 
tcp   LISTEN 0      511            0.0.0.0:443        0.0.0.0:*    users:(("nginx",pid=43361,fd=7),("nginx",pid=43360,fd=7),("nginx",pid=43359,fd=7),("nginx",pid=43358,fd=7),("nginx",pid=43357,fd=7),("nginx",pid=43356,fd=7),("nginx",pid=43355,fd=7),("nginx",pid=43354,fd=7),("nginx",pid=43353,fd=7))
tcp   LISTEN 0      511               [::]:443           [::]:*    users:(("nginx",pid=43361,fd=6),("nginx",pid=43360,fd=6),("nginx",pid=43359,fd=6),("nginx",pid=43358,fd=6),("nginx",pid=43357,fd=6),("nginx",pid=43356,fd=6),("nginx",pid=43355,fd=6),("nginx",pid=43354,fd=6),("nginx",pid=43353,fd=6))

But why all those nginx: [emerg] bind() to [::]:80 failed (98: Unknown error) with should mean that a port is already used?

Then I try to restate the question:

I have a react application running on port= 3000

If I run http://idsm.domain.net in the browser, it returns 502: bad gateway.

Why?

342
0 + 2
ru flag
Thomas Ward
what do you mean "nothing is run"? SystemD shows you that NGINX is in fact running. What does `sudo ss -tulpn | grep 443` show? What makes you think nginx is not running?
1
Reply
ru flag
Thomas Ward
Those "unknown error" notices are because you're already running NGINX and it's already *bound* to those ports - I chose 443 as an example. 502 Bad Gateway means that your `proxy_pass` to backend systems are failing and those backend ports (port 3000, 3001, etc.) are not reachable when NGINX hands off to the backend. Meaning it's not an nginx issue, it's your backend applications that're broke
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.