Nginx segfault - `is_closing_session(): no DBUS_SESSION_BUS_ADDRESS in environment`

petecooper nginx-forum at forum.nginx.org
Sun Aug 14 08:46:31 UTC 2022


Sergey A. Osokin Wrote:
-------------------------------------------------------

Hello Sergey.

Thank you for your reply.

> On Sat, Aug 13, 2022 at 04:01:19AM -0400, petecooper wrote:
> > Hello.
> > I have a single-digit fleet of Ubuntu servers, all running a similar
> > configuration:
> > 
> >   * Ubuntu 20.04LTS, current kernel via `apt`
> >   * Nginx 1.23.1 from source, with 3rd party modules
> >   * PHP 8.0 or 8.1 from source
> 
> Could you please provide an output of the following command:
> 
> % nginx -T

I have included partially inline at the end of this email, but the body is
too large to send.

The nginx.conf is available here:

 
https://github.com/textpattern/server-config/blob/main/live/servers/files/tarzan.textpattern.net/etc/nginx/nginx.conf

…and the `servers-available` blocks are here (they are not inline due to
size):

 
https://github.com/textpattern/server-config/tree/main/live/servers/files/tarzan.textpattern.net/etc/nginx/servers-available

> Also, is there any specific reason to build nginx and php from
> source?  Is there a chance to reproduce the issue without any of
> party modules?

The Nginx source compile is to be able to use the 3rd party modules, and the
PHP source compile is to ensure compatibility of our open source project
with current PHP.

There are currently 6 other servers with an identical Nginx & PHP build, and
they are not affected. This server has been running as expected for some
months, and I am the sole administrator.

Thank you for your time and attention, I appreciate it greatly.

Best wishes to you.




$ sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
#begin `nginx.conf` at `/etc/nginx/nginx.conf`
load_module /usr/lib/nginx/modules/ndk_http_module.so;
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
load_module /usr/lib/nginx/modules/ngx_http_cache_purge_module.so;
load_module /usr/lib/nginx/modules/ngx_http_echo_module.so;
load_module /usr/lib/nginx/modules/ngx_http_geoip_module.so;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_image_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_length_hiding_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_memc_module.so;
#load_module /usr/lib/nginx/modules/ngx_http_naxsi_module.so;
load_module /usr/lib/nginx/modules/ngx_http_redis2_module.so;
load_module /usr/lib/nginx/modules/ngx_http_set_misc_module.so;
#load_module /usr/lib/nginx/modules/ngx_http_srcache_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_vhost_traffic_status_module.so;
load_module /usr/lib/nginx/modules/ngx_http_xslt_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_ipscrub_module.so;
load_module /usr/lib/nginx/modules/ngx_nchan_module.so;
#load_module /usr/lib/nginx/modules/ngx_pagespeed.so;
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
pcre_jit on;
pid /var/run/nginx.pid;
user www-data www-data;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
    accept_mutex on;
    multi_accept on;
    worker_connections 65535;
    use epoll;
}

http {
    #default `log_format` must be declared before `access_log`
    log_format ipscrubbed
        '$time_iso8601 '
        '$msec '
        'ips="$remote_addr_ipscrub" '
        'rm="$request_method" '
        'r="$request" '
        'ru="$request_uri" '
        'q="$query_string" '
        'u="$uri" '
        'url="$scheme://$host$request_uri" '
        's="$status" '
        'rl="$request_length" '
        'rt="$request_time" '
        'sn="$connection" '
        'cr="$connection_requests" '
        'ct="$connection_time" '
        'bbs="$body_bytes_sent" '
        'gzr="$gzip_ratio" '
        'ups="$upstream_status" '
        'upct="$upstream_connect_time" '
        'uprt="$upstream_response_time" '
        'uprl="$upstream_response_length" '
        'upht="$upstream_header_time" '
        'upbr="$upstream_bytes_received" '
        'upbs="$upstream_bytes_sent" '
        'upcs="$upstream_cache_status" '
        'sa="$server_addr" '
        'srvp="$server_protocol" '
        'tlsp="$ssl_protocol" '
        'tlsc="$ssl_cipher" '
        'tlscs="$ssl_ciphers" '
        'tlsr="$ssl_curves" '
        'tlsed="$ssl_early_data" '
        'tlssr="$ssl_session_reused" '
        'ref="$http_referer" '
        'hua="$http_user_agent" '
        'hxf="$http_x_forwarded_for"'
    ;
    access_log /mnt/tarzan_logs_01/log/nginx/live/nginx/nginx.access.log
ipscrubbed;
    autoindex off;
    charset UTF-8;
    charset_types
        text/css
        text/plain
        text/vnd.wap.wml
        text/javascript
        text/markdown
        text/calendar
        text/x-component
        text/vcard
        text/cache-manifest
        text/vtt
        application/json
        application/manifest+json
    ;
    client_body_buffer_size 2M;
    client_body_timeout 30s;
    client_header_buffer_size 4k;
    client_max_body_size 128M;
    default_type application/octet-stream;
    error_log /mnt/tarzan_logs_01/log/nginx/live/nginx/nginx.error.log
warn;
    fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:1
keys_zone=fastcgi-cache:16m max_size=256m inactive=1d;
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 5;
    gzip_http_version 1.0;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/vnd.ms-fontobject
        application/wasm
        application/x-javascript
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/cache-manifest
        text/calendar
        text/css
        text/javascript
        text/markdown
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy
        text/xml
    ;
    gzip_vary on;
    include /etc/nginx/mime.types;
    keepalive_timeout 30s;
    large_client_header_buffers 8 16k;
    length_hiding on;
    length_hiding_max 1024;
    limit_conn_zone $binary_remote_addr zone=conPerIp:5m;
    limit_req_zone $binary_remote_addr zone=reqPerMin1:60m rate=1r/m;
    limit_req_zone $binary_remote_addr zone=reqPerMin5:60m rate=5r/m;
    limit_req_zone $binary_remote_addr zone=reqPerMin10:60m rate=10r/m;
    limit_req_zone $binary_remote_addr zone=reqPerMin20:60m rate=20r/m;
    limit_req_zone $binary_remote_addr zone=reqPerSec1:5m rate=1r/s;
    limit_req_zone $binary_remote_addr zone=reqPerSec5:5m rate=5r/s;
    limit_req_zone $binary_remote_addr zone=reqPerSec10:5m rate=10r/s;
    limit_req_zone $binary_remote_addr zone=reqPerSec20:5m rate=20r/s;
    log_format content-security-policy '';
    log_format iplogged
        '$time_iso8601 '
        '$msec '
        'ip="$remote_addr" '
        'rm="$request_method" '
        'r="$request" '
        'ru="$request_uri" '
        'q="$query_string" '
        'u="$uri" '
        'url="$scheme://$host$request_uri" '
        's="$status" '
        'rl="$request_length" '
        'rt="$request_time" '
        'sn="$connection" '
        'cr="$connection_requests" '
        'ct="$connection_time" '
        'bbs="$body_bytes_sent" '
        'gzr="$gzip_ratio" '
        'ups="$upstream_status" '
        'upct="$upstream_connect_time" '
        'uprt="$upstream_response_time" '
        'uprl="$upstream_response_length" '
        'upht="$upstream_header_time" '
        'upbr="$upstream_bytes_received" '
        'upbs="$upstream_bytes_sent" '
        'upcs="$upstream_cache_status" '
        'sa="$server_addr" '
        'srvp="$server_protocol" '
        'tlsp="$ssl_protocol" '
        'tlsc="$ssl_cipher" '
        'tlscs="$ssl_ciphers" '
        'tlsr="$ssl_curves" '
        'tlsed="$ssl_early_data" '
        'tlssr="$ssl_session_reused" '
        'ref="$http_referer" '
        'hua="$http_user_agent" '
        'hxf="$http_x_forwarded_for"'
    ;
    log_format netdata-web_log '';
    log_format network-error '';
    log_format permissions-policy '';
    log_not_found off;
    map_hash_bucket_size 128;
    max_ranges 8;
    more_clear_headers Server;
    msie_padding off;
    proxy_ssl_protocols TLSv1.3 TLSv1.2;
    request_pool_size 8k;
    reset_timedout_connection on;
    resolver 1.1.1.1 9.9.9.9 [2606:4700:4700::1111] [2620:fe::fe]
valid=30s;
    resolver_timeout 5s;
    sendfile on;
    send_timeout 15s;
    #server_names_hash_bucket_size 128;
    #server_names_hash_max_size 1024;
    server_tokens off;
    ssl_buffer_size 4k;
    ssl_ciphers
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_dhparam /etc/nginx/certs/dhparam4096-openssl.pem;
    ssl_ecdh_curve 'prime256v1:secp384r1:secp521r1';
    #ssl_ocsp on;
    #ssl_ocsp_cache shared:OCSP:10m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_session_timeout 6h;
    ssl_stapling on;
    ssl_stapling_verify on;
    #ssl_trusted_certificate /opt/certs/mozilla-cacert.pem;
    #ssl_verify_client on;
    #ssl_verify_depth 2;
    tcp_nodelay on;
    tcp_nopush on;
    types_hash_max_size 2048;
    variables_hash_max_size 2048;
    variables_hash_bucket_size 512;
    vhost_traffic_status_zone;
    #last but not least
    include /etc/nginx/includes/deny/10-global-deny.conf;
    include /etc/nginx/includes/deny/20-undefined-server-deny.conf;
    include /etc/nginx/includes/monitoring/*.conf;
    include /etc/nginx/servers-enabled/*.conf;
    include /etc/nginx/streams-enabled/*.conf;
}
#end `nginx.conf`

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
   
application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/includes/deny/10-global-deny.conf:
#begin `10-global-deny.conf` server block at
`/etc/nginx/includes/deny/10-global-deny.conf`
    #deny all; #here be dragons
    #deny 192.0.2.1; #example for a single IPv4 address
    #deny 192.0.2.0/24; #example for an IPv4 CIDR block
    #deny 2001:db8::1; #example for a single IPv6 address
    #deny 2001:db8::/32; #example for an IPv6 CIDR block
#end `10-global-deny.conf` server block

# configuration file
/etc/nginx/includes/deny/20-undefined-server-deny.conf:
#begin `20-undefined-server-deny.conf` server block at
`/etc/nginx/includes/deny/20-undefined-server-deny.conf`
server {
    access_log
/mnt/tarzan_logs_01/log/nginx/live/undefined-server-deny/undefined-server-deny.access.log
iplogged;
    error_log
/mnt/tarzan_logs_01/log/nginx/live/undefined-server-deny/undefined-server-deny.error.log
warn;
    limit_req zone=reqPerMin5;
    listen [::]:80 default_server;
    listen 80 default_server;
    return 444;
    server_name _;
}
#end `20-undefined-server-deny.conf` server block

# configuration file /etc/nginx/includes/monitoring/heartbeat.conf:
#begin `heartbeat.conf` server block at
`/etc/nginx/includes/monitoring/heartbeat.conf`
server {#hostname, http -> https redirect
    access_log
/mnt/tarzan_logs_01/log/nginx/live/heartbeat/tarzan.textpattern.net.access.log
ipscrubbed;
    add_header Content-Security-Policy 'default-src \'none\'' always;
    add_header Permissions-Policy default-src=()' always;
    add_header Referrer-Policy "strict-origin" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;
    error_log
/mnt/tarzan_logs_01/log/nginx/live/heartbeat/tarzan.textpattern.net.error.log
warn;
    index index.html;
    limit_req zone=reqPerSec5;
    listen [::]:80;
    listen 80;
    return 301 https://$host$request_uri;
    root /var/www/heartbeat/live/;
    server_name tarzan.textpattern.net;
    location ^~ /.well-known/ {
        allow all;
        default_type "text/plain";
        root /var/www/heartbeat/_well-known/;
        try_files $uri/ $uri =404;
    }
    location ~ /\. {
        deny all;
        limit_req zone=reqPerSec1;
    }
    location /favicon.ico {
        access_log off;
        log_not_found off;
    }
    location /robots.txt {
        access_log off;
        limit_req zone=reqPerSec1;
        log_not_found off;
    }
    location / {
        index index.html;
        limit_except GET HEAD POST {
            deny all;
        }
        try_files $uri $uri/ =404;
    }
    location ~ ^.+\.php(?:/.*)?$ {
        return 502;
    }
}

server {#hostname, https
    access_log
/mnt/tarzan_logs_01/log/nginx/live/heartbeat/tarzan.textpattern.net.access.log
ipscrubbed;
    set $consecpol_heartbeat '';
    set $consecpol_heartbeat '${consecpol_heartbeat}base-uri \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}connect-src \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}default-src \'none\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}font-src \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}frame-ancestors
\'none\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}frame-src \'none\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}img-src \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}manifest-src
\'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}media-src \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}object-src \'none\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}script-src \'self\';';
    set $consecpol_heartbeat '${consecpol_heartbeat}style-src \'self\';';
    add_header Content-Security-Policy $consecpol_heartbeat always;
    set $perpol_heartbeat '';
    set $perpol_heartbeat '${perpol_heartbeat}camera=(),';
    set $perpol_heartbeat '${perpol_heartbeat}fullscreen=(self),';
    set $perpol_heartbeat '${perpol_heartbeat}geolocation=(),';
    set $perpol_heartbeat '${perpol_heartbeat}gyroscope=(),';
    set $perpol_heartbeat '${perpol_heartbeat}magnetometer=(),';
    set $perpol_heartbeat '${perpol_heartbeat}microphone=(),';
    set $perpol_heartbeat '${perpol_heartbeat}midi=(),';
    set $perpol_heartbeat '${perpol_heartbeat}notifications=(self),';
    set $perpol_heartbeat '${perpol_heartbeat}payment=(),';
    set $perpol_heartbeat '${perpol_heartbeat}push=(self),';
    set $perpol_heartbeat '${perpol_heartbeat}speaker=(),';
    set $perpol_heartbeat '${perpol_heartbeat}sync-xhr=(self),';
    set $perpol_heartbeat '${perpol_heartbeat}usb=(),';
    set $perpol_heartbeat '${perpol_heartbeat}vibrate=()'; #no trailing
comma
    add_header Permissions-Policy $perpol_heartbeat always;
    add_header Referrer-Policy "strict-origin" always;
    add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;
    error_log
/mnt/tarzan_logs_01/log/nginx/live/heartbeat/tarzan.textpattern.net.error.log
warn;
    index index.html;
    listen [::]:443 http2 ssl;
    listen 443 http2 ssl;
    root /var/www/heartbeat/live/;
    server_name tarzan.textpattern.net;
    ssl_certificate /etc/certbot/live/tarzan.textpattern.net/fullchain.pem;
    ssl_certificate_key
/etc/certbot/live/tarzan.textpattern.net/privkey.pem;
    ssl_trusted_certificate
/etc/certbot/live/tarzan.textpattern.net/fullchain.pem;
    location ^~ /.well-known/ {
        allow all;
        default_type "text/plain";
        root /var/www/heartbeat/_well-known/;
        try_files $uri/ $uri =404;
    }
    location /favicon.ico {
        access_log off;
        log_not_found off;
    }
    location /robots.txt {
        access_log off;
        log_not_found off;
    }
    location ~ /\. {
        deny all;
    }
    location / {
        index index.html;
        limit_except GET HEAD POST {
            deny all;
        }
        try_files $uri $uri/ =404;
    }
    location ~ ^.+\.php(?:/.*)?$ {
        return 502;
    }
}
#end `heartbeat.conf` server block

# configuration file /etc/nginx/includes/monitoring/netdata.conf:
#begin `netdata` server block at
`/etc/nginx/includes/monitoring/netdata.conf`
upstream netdata-socket {
    keepalive 60;
    server unix:/run/netdata/netdata.sock;
}

server {#netdata hostname, https
    access_log off;
    set $consecpol_netdata '';
    set $consecpol_netdata '${consecpol_netdata}connect-src
https://api.github.com https://registry.my-netdata.io \'self\';';
    set $consecpol_netdata '${consecpol_netdata}default-src \'none\';';
    set $consecpol_netdata '${consecpol_netdata}font-src \'self\';';
    set $consecpol_netdata '${consecpol_netdata}frame-ancestors \'self\';';
    set $consecpol_netdata '${consecpol_netdata}frame-src \'none\';';
    set $consecpol_netdata '${consecpol_netdata}img-src data: \'self\';';
    set $consecpol_netdata '${consecpol_netdata}manifest-src \'self\';';
    set $consecpol_netdata '${consecpol_netdata}media-src \'self\';';
    set $consecpol_netdata '${consecpol_netdata}object-src \'self\';';
    set $consecpol_netdata '${consecpol_netdata}script-src \'self\'
\'unsafe-inline\';';
    set $consecpol_netdata '${consecpol_netdata}style-src \'self\'
\'unsafe-inline\';';
    add_header Content-Security-Policy $consecpol_netdata;
    set $perpol_netdata '';
    set $perpol_netdata '${perpol_netdata}camera=(),';
    set $perpol_netdata '${perpol_netdata}fullscreen=(self),';
    set $perpol_netdata '${perpol_netdata}geolocation=(),';
    set $perpol_netdata '${perpol_netdata}gyroscope=(),';
    set $perpol_netdata '${perpol_netdata}magnetometer=(),';
    set $perpol_netdata '${perpol_netdata}microphone=(),';
    set $perpol_netdata '${perpol_netdata}midi=(),';
    set $perpol_netdata '${perpol_netdata}notifications=(self),';
    set $perpol_netdata '${perpol_netdata}payment=(),';
    set $perpol_netdata '${perpol_netdata}push=(self),';
    set $perpol_netdata '${perpol_netdata}speaker=(),';
    set $perpol_netdata '${perpol_netdata}sync-xhr=(self),';
    set $perpol_netdata '${perpol_netdata}vibrate=()'; #no trailing comma
    add_header Permissions-Policy $perpol_netdata;
    add_header Referrer-Policy strict-origin;
    add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    error_log
/mnt/tarzan_logs_01/log/nginx/live/netdata/netdata at tarzan.textpattern.net.error.log
warn;
    listen [::]:909 http2 ssl;
    listen 909 http2 ssl;
    server_name tarzan.textpattern.net;
    ssl_certificate /etc/certbot/live/tarzan.textpattern.net/fullchain.pem;
    ssl_certificate_key
/etc/certbot/live/tarzan.textpattern.net/privkey.pem;
    ssl_trusted_certificate
/etc/certbot/live/tarzan.textpattern.net/fullchain.pem;
    location / {
        limit_except GET HEAD POST {
            deny all;
        }
        auth_basic "Authentication";
        auth_basic_user_file /etc/nginx/auth/passwd-netdata;
        proxy_http_version 1.1;
        proxy_pass http://netdata-socket;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_store off;
    }
    location = /favicon.ico {
        log_not_found off;
    }
}
#end `netdata` server block

# configuration file /etc/nginx/includes/monitoring/nginx-stubstatus.conf:
#begin `nginx-stubstatus.conf` server block at
`/etc/nginx/includes/monitoring/nginx-stubstatus.conf`
server {#Nginx `stub_status`, IPv4 and IPv6 localhost, http
    allow 127.0.0.1;
    allow ::1;
    deny all;
    listen 127.0.0.1:81;
    listen [::1]:81;
    location /stub_status {
        access_log off;
        stub_status on;
    }
}
#end `nginx-stubstatus.conf` server block

# configuration file /etc/nginx/includes/monitoring/php-fpm80-socket.conf:
#begin `php-fpm80-socket.conf` at
`/etc/nginx/includes/monitoring/php-fpm80-socket.conf`
server {#localhost, PHP FastCGI
    access_log off;
    allow 127.0.0.1;
    allow ::1;
    deny all;
    index index.html;
    length_hiding off;
    listen [::]:880;
    listen 880;
    root /var/www/php-fpm/live/;
    location / {
        index index.html;
    }
    location ~ ^.+\.php(?:/.*)?$ {
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php-fpm80.sock;
        include fastcgi_params;
    }
}
#end `php-fpm80-socket.conf`


# configuration file /etc/nginx/fastcgi_params:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

# configuration file /etc/nginx/includes/monitoring/php-fpm80-status.conf:
#begin `php-fpm80-status.conf` at
`/etc/nginx/includes/monitoring/php-fpm80-status.conf`
server {#PHP-FPM 8.0 status, IPv4 and IPv6 localhost, http
    allow 127.0.0.1;
    allow ::1;
    deny all;
    listen 127.0.0.1:980;
    listen [::1]:980;
    server_name _;
    location /php-fpm80-status {
        access_log off;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php-fpm80.sock;
        include fastcgi_params;
    }
}
#end `php-fpm80-status.conf`

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294944,294946#msg-294946



More information about the nginx mailing list