nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Maxim Dounin mdounin at mdounin.ru
Mon Dec 5 13:27:07 UTC 2016


Hello!

On Sun, Dec 04, 2016 at 09:39:59PM +0000, Steven Hartland wrote:

> We've used nginx for years and never had an issue with nginx upgrade 
> until today where the upgrade command ran but almost instantly after the 
> new process exited.
> 
> /usr/local/etc/rc.d/nginx upgrade
> Performing sanity check on nginx configuration:
> nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
> Upgrading nginx binary:
> Stopping old binary:
> 
> In the default nginx log we had:
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: still could not bind()
> nginx: [emerg] still could not bind()
> 
> Running the start just after resulted in a running version but is 
> obviously unexpected to have upgrade result in a failure.
> 
> I believe the change to add a localhost bind to the server in question 
> was relatively recent so I suspect it has something to do with that.
> 
> The config for this is simply:
> server {
>      listen 127.0.0.1:81;
>      server_name localhost;
> 
>      location /status {
>          stub_status;
>      }
> }
> 
> The upgrade in this case was:
> nginx: 1.10.1_1,2 -> 1.10.2_2,2
> 
> Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it 
> has 127.0.0.1 available yet it seems nginx has incorrectly bound the 
> address:
> netstat -na | grep LIST | grep 81
> tcp4       0      0 10.10.96.146.81        *.* LISTEN

In a FreeBSD jail with a single IP address any listening address 
is implicitly converted to the jail address.  As a result, if you 
write in config "127.0.0.1" - upgrade won't work, as it will see 
inherited socket listening on the jail address (10.10.96.146 in 
your case) and will try to create a new listening socket with the 
address from the configuration and this will fail.

There are two possible solutions for this problem:

- configure listening on the jail IP address to avoid this 
  implicit conversion;
- configure listening on "*" and use multiple addresses in the jail.

In both cases there will be no implicit conversion and as a result 
everything will work correctly.

-- 
Maxim Dounin
http://nginx.org/


More information about the nginx mailing list