Opened 5 weeks ago

Closed 5 weeks ago

#2385 closed defect (invalid)

missing r/w permissions on socket result in "invalid URL prefix"

Reported by: hboetes@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.22.x
Keywords: Cc: hboetes@…
uname -a: Linux framboos 5.19.2-300.fc37.aarch64 #1 SMP PREEMPT_DYNAMIC Wed Aug 17 15:10:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
nginx -V: nginx version: nginx/1.22.0
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dT,/builddir/build/BUILD/nginx-1.22.0/.package_note-nginx-1.22.0-4.fc37.aarch64.ld -Wl,-E'

Description

Whilst setting up the rspamd web interface, which runs with sockets I ran into this error message:

% sudo nginx -t                                         
nginx: [emerg] invalid URL prefix in /etc/nginx/conf.d/rspamd.conf:37                  
nginx: configuration file /etc/nginx/nginx.conf test failed            

% sed -ne 37p /etc/nginx/conf.d/rspamd.conf                   
        proxy_pass  unix:/run/rspamd/controller_socket;

So I started thinking Unix sockets are not supported, when in reality I had to restart nginx, so it joined the rspamd group and thus got r/w access to the Unix socket.

Please consider changing the error message to something like "cannot access '/run/rspamd/controller_socket': Permission denied

Change History (2)

comment:1 by hboetes@…, 5 weeks ago

Scratch that. I made a thinko. :-(

comment:2 by Sergey Kandaurov, 5 weeks ago

Resolution: invalid
Status: newclosed

For the record, the error suggests about a missing mandatory protocol (scheme) part.

Note: See TracTickets for help on using tickets.