Found Nginx 1.19.0 stopped but no idea what happened

Francis Daly francis at
Thu Jul 2 13:05:21 UTC 2020

On Wed, Jul 01, 2020 at 08:55:13AM +0200, evald ibrahimi wrote:

Hi there,

I don't have answers for you; but possibly you'll be able to provide
more information that will help someone to help you.

> I'm using nginx 1.19.0 with ModSec on Centos 7. The other day it
> happened twice that nginx was stopped. No idea what could cause the
> issue but i found on the error.log the following:

If unexpected things happen repeatedly, it can be useful to see if there
is a pattern that causes them to happen.

>From your normal logs, was there anything usual that happened shortly
before things stopped, that did not happen at other times?

> 2020/06/29 17:23:39 [alert] 1890#1890: sendmsg() failed (9: Bad file descriptor)

That (I think) usually means that something has gone wrong already --
a file or socket that nginx thinks it should have access to, is not
accessible. (That might be a "real" file that has changed; or it might
be due to a coding bug.)

> 2020/06/29 17:24:28 [alert] 1890#1890: fork() failed while spawning
> "worker process" (12: Cannot allocate memory)

That means that your operating system was unwilling to give nginx the
extra memory it asked for. It might be a resource problem on your system,
or it might be a consequence of the previous problem.

> 2020/06/29 18:10:35 [notice] 2461#2461: ModSecurity-nginx v1.0.1
> (rules loaded inline/local/remote: 0/19826/0)

That possibly means that nginx has just started.

> 2020/06/29 18:10:35 [emerg] 2461#2461: bind() to failed
> (98: Address already in use)
> 2020/06/29 18:10:35 [emerg] 2461#2461: bind() to failed
> (98: Address already in use)

And they mean that nginx can't start fully, because something else is
already running where nginx wants to. (Possibly a previous nginx which
has not fully shut down.)

"nginx -V" is usually very helpful for people to see what versions of what
code you are using. Often third-party modules written for one version of
nginx and used with another version of nginx, can lead to subtle problems.

ModSecurity-nginx is, I think, not a stock-nginx module. What other
modules are you using?

Often the nginx config can help identify a problem too; it is not clear
to me if that will help in this case.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list