Workaround of race condition between systemd and nginx.

Daniel K. dk at syse.no
Wed Dec 30 20:40:21 UTC 2015


On 12/30/2015 06:53 PM, Gena Makhomed wrote:
> On 30.12.2015 20:28, Daniel K. wrote:
>>> nginx now requires configured and up network, before starting daemon.
>>> Replace network.target with network-online.target is easy workaround.
>>
>> Actually it does not require that at all.
> 
> nginx failed to start if network is down via systemd race condition.

Again, no, nginx failed to start due to a local misconfiguration.


>> It would be more helpful if you posted your config files, but from your
>> log file i gather they look something like:
>>
>> server {
>> 	listen	172.22.22.202:80;
>> 	[...]
>> }
> 
> this is allowed syntax:
> 
> http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

I never said it wasn't. I just wanted to express what I had pulled out
of my hat based on reading the log you provided. That way you can see if
I'm completely off track, and tell me, and other readers can get the
context of the conversation more easily.


>> And that, due to using systemd, the nginx service gets started before
>> the network-interface have been configured with the IP address shown.
> 
> Yes. And nginx failed to start with *correct* config.

Well, syntactically correct, and logically correct is not the same thing.

Your config makes nginx try to bind to a non-assigned IP address, which
fails. A logical error in your config files.

You have two options to fix it.

>> 1) Allow non-local binds
>> 2) Configure nginx to listen to *:80

Of which option 2 is probably the better approach.

Note that the nginx config that comes with the source does exactly this.

>From the distributed conf/nginx.conf:

server {
	listen	80;
	[...]
}


> And I should send this text fragment to all nginx users?

I don't know what you should do, I feel like I am still missing a part
of the puzzle.

Did you create this config yourself or did it come with something you
installed?

If you are providing config files for an application that you are the
maintainer of, then yes, you should probably distribute something that
works.

If you arrange for an nginx server block to be added to the config files
you could probably omit the listen directive altogether (listen *:80 is
the default) and let the sysadmin add it back if he so chooses.


> or this text fragment should be included in manual
> 
> http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

As far as I can tell, it's there, only the port 8000 is used instead.


> or (better way) workaround should just be included in nginx unit file?

Arguably not better. The link you provided (repeated for context) tells
you this on using network-online.target.

http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

  It is strongly recommended not to pull in this target too liberally:
  [...] network server software should generally not pull this in

Jim quoted from this as well.

There you have it; the systemd folks tell us that your suggested
workaround is not a good idea to use for server software.


Daniel K.



More information about the nginx-devel mailing list