Opened 5 years ago
Closed 5 years ago
#1960 closed enhancement (duplicate)
nginx -t tries to bind to ports
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.17.x |
Keywords: | test configuration | Cc: | |
uname -a: | Linux NixOS-Test 5.6.6-hardened #1-NixOS SMP Tue Apr 21 07:08:17 UTC 2020 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.16.1
built by gcc 9.3.0 (GCC) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --prefix=/nix/store/s35lpssk7v7bw1bad5c54ny8knkwc6hj-nginx-1.16.1 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-threads --with-pcre-jit --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --pid-path=/var/log/nginx/nginx.pid --http-client-body-temp-path=/var/cache/nginx/client_body --http-proxy-temp-path=/var/cache/nginx/proxy --http-fastcgi-temp-path=/var/cache/nginx/fastcgi --http-uwsgi-temp-path=/var/cache/nginx/uwsgi --http-scgi-temp-path=/var/cache/nginx/scgi --with-http_image_filter_module --with-file-aio --add-module=/nix/store/4w2zbpv9ihl36kbpp6w5d1x33gp5ivfh-source --add-module=/nix/store/n14bjnksgk2phl8n69m4yabmds7f0jj2-source --add-module=/nix/store/jsqrk045m09i136mgcfjfai8i05nq14c-source --add-module=/nix/store/vby65xv4ngj8xsxxnhkc24mcwcg5n39v-source --add-module=/nix/store/zs9hil66siqp0myai8d9r4lshmx2qh7a-source --add-module=/nix/store/nnd38k64qk5qlnxbh9bdwndza99r8ycx-source --add-module=/nix/store/ga1064z690d8x3z3szn8jz54daj0j5p1-source |
Description
nginx -t tries to bind to ports, which is a questionable thing to do while running as a separate user, and validating configuration before reloading the real server with the new configuration:
webserver # Apr 23 10:20:33 webserver nginx[1094]: 2020/04/23 10:20:33 [emerg] 1094#1094: bind() to 0.0.0.0:80 failed (13: Permission denied)
This variant patch maybe used?
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c index 3368253..387fe51 100644 --- a/src/core/ngx_connection.c +++ b/src/core/ngx_connection.c @@ -612,10 +612,6 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle) &ls[i].addr_text); } - if (err != NGX_EADDRINUSE) { - return NGX_ERROR; - } - if (!ngx_test_config) { failed = 1; }
Issue - https://github.com/NixOS/nixpkgs/pull/85820#issuecomment-618318976
Note:
See TracTickets
for help on using tickets.
The
nginx -t
is expected to test the configuration, and this what it does, including binding to ports configured. And "nginx -t" is expected to fail when started under the wrong user if the user has not enough rights to open listening sockets requests.There is no command to do a pure configuration syntax check without doing any configuration testing at the same time, see #1506 for such a feature request. Closing this as a duplicate of #1506.