LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   can't get nginx to work (https://www.linuxquestions.org/questions/linux-server-73/cant-get-nginx-to-work-4175661036/)

rblampain 09-17-2019 11:24 AM

can't get nginx to work
 
I am using nginx for the first time and I cannot find why I cannot get it going under Debian 9.
I am trying to test plain html files located on a Linode before assigning DNS records which seems to be the conventional way of testing without giving world access to the files. When I ssh to the Linode IP address, I can see all the files and read them with nano.
I have tried to have the "server blocks" in
/etc/nginx/conf.d
and then move them to
/etc/nginx/sites-available
with symlinks in sites-enabled, in both cases, the config files are found to be correct.
I tried /etc/hosts:
ip_address hostname.mydomain.tld
and
ip_address mydomain.tld
ip_address www.mydomain.tld
The results are invariably a long "waiting for ip_address" followed by "connection reset...." although at one stage I got a 404 on index.html but I could not isolate the difference in the code.
It seems the problem is with the hosts file or hostname or both which seem to me to have correct values.

I simply cannot find a tutorial or howto on this specific subject.

Has anyone any suggestion?

Thank you for your help

NevemTeve 09-17-2019 12:47 PM

First you should simply try from the same computer:
Code:

wget -S http://127.0.0.1/

bathory 09-17-2019 02:02 PM

Quote:

Has anyone any suggestion?
Check the logs and maybe post errors here, so we could help you

Regards

rblampain 09-18-2019 12:47 AM

Quote:

First you should simply try from the same computer:
It works perfectly on the home computer either "clicking" index.html or through the server (apache2) "http://127.0.0.1/index.html" and trying your "wget" suggestion

Quote:

Check the logs and maybe post errors here, so we could help you
/var/log/nginx/ access log and error log have 0 byte although tries from previous days have lines of "...signal process started"

It seems nginx fails before being able to report anything wrong and it's not my connection since I can access LQ.

astrogeek 09-18-2019 01:19 AM

Quote:

Originally Posted by rblampain (Post 6037784)
It works perfectly on the home computer either "clicking" index.html or through the server (apache2) "http://127.0.0.1/index.html" and trying your "wget" suggestion


/var/log/nginx/ access log and error log have 0 byte although tries from previous days have lines of "...signal process started"

It seems nginx fails before being able to report anything wrong and it's not my connection since I can access LQ.

This actually tells you that nginx is working, assuming you ran the wget command as instructed (i.e. on the Linode).

Do you have any reason to think that it mysteriously fails before writing an error log, or is that a product of imagination? ;)

You most likely do not have nginx configured to listen on your Linode's IP address, or your firewall is not configured to allow traffic on port 80.

Can you post the appropriate parts of your nginx configuration (obscure the IP address if desired).

Also please post the output of iptables -L INPUT, or other relevant firewall rules.

In case you have not seen it here is a Linode page with relevant nginx configuration info. Make sure your server port/IP and names are properly defined, and that your server name is in your hosts file, restart nginx.

rblampain 09-18-2019 03:24 AM

Quote:

This actually tells you that nginx is working, assuming you ran the wget command as instructed (i.e. on the Linode).
No, I ran it on my home machine - trying to rush a bit too much and thinking the post was all about my own machine. Trying it on the Linode gives the following result:
Code:

Connecting to 127.0.0.1:80... failed: Connection refused.
I have meticulously followed Linode's instructions and after a few days of unsuccessful attempts, purge nginx and reinstalled from the same instructions.
Here is the main config from /etc/nginx/nginx.conf
Code:

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}
http {
    include      /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush    on;
    keepalive_timeout  65;
server_names_hash_bucket_size 64;
    #gzip  on;
    #include /etc/nginx/conf.d/*.conf;
server_tokens off;
}

and sites-available:
Code:

server {
    listen      80;
#    server_name  localhost;
#server_name    mydomain.org;
server_name    mydomain.org www.mydomain.org;
listen [::]:80;
#listen [::]:443 ssl;
#listen 1.2.3.4;
gzip          off;

    #charset koi8-r;
    access_log  /var/log/nginx/mydomain.access.log  main;
#        error_log    log/example2.error error;
# example:        error_log  /var/log/nginx/error.log warn;
error_log  /var/log/nginx/mydomain.error.log warn;

    location / {
#        root  /usr/share/nginx/html;
                root        /var/www/mydomain.org/;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page  500 502 503 504  /50x.html;
    location = /50x.html {
        root  /usr/share/nginx/html;
    }
add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
}

ip replaced with "1.2.3.4" and domain named replaced with "mydomain"

NevemTeve 09-18-2019 04:10 AM

Code:

Connecting to 127.0.0.1:80... failed: Connection refused.
It might be not running at all. Have you tried to use fuser(1) or netstat(8) or lsof(8) to find out?
Code:

fuser -n tcp 80
80/tcp:              16213 16215

netstat -tanp | grep ':80.*LISTEN'
tcp6      0      0 :::80                  :::*                    LISTEN      16213/httpd

lsof -i:80
COMMAND  PID    USER  FD  TYPE DEVICE SIZE/OFF NODE NAME
httpd  16213    root    4u  IPv6 410247      0t0  TCP *:http (LISTEN)
httpd  16215 www-data    4u  IPv6 410247      0t0  TCP *:http (LISTEN)


rblampain 09-18-2019 10:06 AM

Code:

systemctl status nginx
returns
Code:

● nginx.service - nginx - high performance web server
  Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
  Active: active (running) since Tue 2019-09-17 22:43:42 AWST; 23h ago
    Docs: http://nginx.org/en/docs/
  Process: 31191 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 31194 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 31195 (nginx)
    Tasks: 3 (limit: 4915)
  CGroup: /system.slice/nginx.service
          ├─31195 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
          ├─31196 nginx: worker process
          └─31197 nginx: worker process

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

Code:

fuser -n tcp 80
netstat -tanp | grep ':80.*LISTEN'
lsof -i:80

execute and return nothing

NevemTeve 09-18-2019 10:33 AM

It might very well be not listening on port 80. Try lsof again:
Code:

lsof -nP -p 31195 -a -i
COMMAND  PID USER  FD  TYPE DEVICE SIZE/OFF NODE NAME
httpd  31195 root    4u  IPv6  83641      0t0  TCP *:80 (LISTEN)
httpd  31195 root    6u  IPv6  83645      0t0  TCP *:443 (LISTEN)

(Of course, do all these as root.)

rblampain 09-19-2019 03:48 AM

Code:

lsof -nP -p 31195 -a -i
Also executes and returns nothing

rblampain 09-19-2019 03:59 AM

Code:

iptables -L
Chain INPUT (policy DROP)
target    prot opt source              destination       
ufw-before-logging-input  all  --  anywhere            anywhere           
ufw-before-input  all  --  anywhere            anywhere           
ufw-after-input  all  --  anywhere            anywhere           
ufw-after-logging-input  all  --  anywhere            anywhere           
ufw-reject-input  all  --  anywhere            anywhere           
ufw-track-input  all  --  anywhere            anywhere           

Chain FORWARD (policy DROP)
target    prot opt source              destination       
ufw-before-logging-forward  all  --  anywhere            anywhere           
ufw-before-forward  all  --  anywhere            anywhere           
ufw-after-forward  all  --  anywhere            anywhere           
ufw-after-logging-forward  all  --  anywhere            anywhere           
ufw-reject-forward  all  --  anywhere            anywhere           
ufw-track-forward  all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       
ufw-before-logging-output  all  --  anywhere            anywhere           
ufw-before-output  all  --  anywhere            anywhere           
ufw-after-output  all  --  anywhere            anywhere           
ufw-after-logging-output  all  --  anywhere            anywhere           
ufw-reject-output  all  --  anywhere            anywhere           
ufw-track-output  all  --  anywhere            anywhere           

Chain ufw-after-forward (1 references)
target    prot opt source              destination       

Chain ufw-after-input (1 references)
target    prot opt source              destination       
ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere            anywhere            tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere            anywhere            tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere            anywhere            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target    prot opt source              destination       
LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target    prot opt source              destination       
LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target    prot opt source              destination       

Chain ufw-after-output (1 references)
target    prot opt source              destination       

Chain ufw-before-forward (1 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp source-quench
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded
ACCEPT    icmp --  anywhere            anywhere            icmp parameter-problem
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request
ufw-user-forward  all  --  anywhere            anywhere           

Chain ufw-before-input (1 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere            anywhere            ctstate INVALID
DROP      all  --  anywhere            anywhere            ctstate INVALID
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp source-quench
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded
ACCEPT    icmp --  anywhere            anywhere            icmp parameter-problem
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request
ACCEPT    udp  --  anywhere            anywhere            udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere            anywhere           
ACCEPT    udp  --  anywhere            224.0.0.251          udp dpt:mdns
ACCEPT    udp  --  anywhere            239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere            anywhere           

Chain ufw-before-logging-forward (1 references)
target    prot opt source              destination       

Chain ufw-before-logging-input (1 references)
target    prot opt source              destination       

Chain ufw-before-logging-output (1 references)
target    prot opt source              destination       

Chain ufw-before-output (1 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere            anywhere           

Chain ufw-logging-allow (0 references)
target    prot opt source              destination       
LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target    prot opt source              destination       
RETURN    all  --  anywhere            anywhere            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target    prot opt source              destination       
RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type LOCAL
RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type MULTICAST
RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere            anywhere            limit: avg 3/min burst 10
DROP      all  --  anywhere            anywhere           

Chain ufw-reject-forward (1 references)
target    prot opt source              destination       

Chain ufw-reject-input (1 references)
target    prot opt source              destination       

Chain ufw-reject-output (1 references)
target    prot opt source              destination       

Chain ufw-skip-to-policy-forward (0 references)
target    prot opt source              destination       
DROP      all  --  anywhere            anywhere           

Chain ufw-skip-to-policy-input (7 references)
target    prot opt source              destination       
DROP      all  --  anywhere            anywhere           

Chain ufw-skip-to-policy-output (0 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           

Chain ufw-track-forward (1 references)
target    prot opt source              destination       

Chain ufw-track-input (1 references)
target    prot opt source              destination       

Chain ufw-track-output (1 references)
target    prot opt source              destination       
ACCEPT    tcp  --  anywhere            anywhere            ctstate NEW
ACCEPT    udp  --  anywhere            anywhere            ctstate NEW

Chain ufw-user-forward (1 references)
target    prot opt source              destination       

Chain ufw-user-input (1 references)
target    prot opt source              destination       
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh
DROP      tcp  --  anywhere            anywhere            tcp dpt:ftp

Chain ufw-user-limit (0 references)
target    prot opt source              destination       
LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT    all  --  anywhere            anywhere            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           

Chain ufw-user-logging-forward (0 references)
target    prot opt source              destination       

Chain ufw-user-logging-input (0 references)
target    prot opt source              destination       

Chain ufw-user-logging-output (0 references)
target    prot opt source              destination       

Chain ufw-user-output (1 references)
target    prot opt source              destination


NevemTeve 09-19-2019 04:38 AM

It seems not running at all. You should ask a unix-administrator for help.

astrogeek 09-19-2019 02:10 PM

In addition to possibly not running nginx process, I see no actual handling for HTTP in the firewall rules (although UFW rules can be difficult to follow). It looks to me as if HTTP/HTTPS requests would end up at the end of the INPUT chain and would default to the DROP policy handler - so even if nginx were running you cannot reach it from outside.

I agree that what you need is unix server admin help as this is not a programming problem. If you would like to request that your question be moved to Linux Server or other forum please use the Report button to request that.

rblampain 09-20-2019 07:03 AM

Thank you for the suggestions which I have followed. I am a bit more familiar with Apache2 and find Nginx far more complicated, perhaps erroneously, would I have a better chance of success moving to Apache2 or am I likely to face similar problems?

astrogeek 09-20-2019 01:38 PM

Quote:

Originally Posted by rblampain (Post 6038549)
Thank you for the suggestions which I have followed. I am a bit more familiar with Apache2 and find Nginx far more complicated, perhaps erroneously, would I have a better chance of success moving to Apache2 or am I likely to face similar problems?

I too have more experience with Apache, although I do not generally find nginx to be overly confusing.

The problems you seem to be having are not really nginx specific, so you would likely have them with Apache as well. For example, the firewall rules are independent of the web server being used and will need to allow HTTP/S requests to pass no matter what web server is in use. And any webserver must be configured to listen on the external interface and proper port numbers or incoming traffic cannot reach it. The configuration syntax and file locations may differ, but the "thing" being configured is ultimately the same for all.

You also need to approach such problems in a more structured way, somewhat like the path this thread has taken. That is, you first should determine unambiguously whether or not the web server is actually running, ps being an obvious choice, and verify startup and error messages in the log.

Once you know it is running, check what it is listening to for incoming requests, lsof or netstat are helpful here.

Once you know it is running and listening, verify firewall rules are in place to allow incoming requests through, and if not add those rules.

At this point you should receive a response from the server, either a page or an error message.

The point of seeking unix admin help is that all these are basic skills and structured troubleshooting methods which any unix admin would do more or less automatically and quickly. Building those skills and thought processes are very important to anyone running a web facing server.

Good luck!


All times are GMT -5. The time now is 12:14 AM.