Opened 4 years ago

Closed 4 years ago

#952 closed defect (duplicate)

Listener socket not removed on stop: Address already in use

Reported by: micah@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: socket, listen, tor, hidden service Cc:
uname -a: Linux xxx 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
Linux moineau.riseup.net 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-T5fW9e/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/nginx-T5fW9e/nginx-1.6.2/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-T5fW9e/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/nginx-T5fW9e/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/nginx-T5fW9e/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module

Description

If I make a server block with a listen configured for a unix socket, like this:

server {
  listen unix:/run/tor/nginx-onion-80.sock;
  server_name exampleonionaddress.onion;
  allow "unix:";
  deny all;
...

Then I can configure a tor hidden service to connect to that socket, and not open a inet listening port, such as this in torrc:

HiddenServicePort 80 unix:/run/tor/nginx-onion-80.sock

This works great, the socket is created by nginx, and tor can communicate with it. The only problem is when you restart, or stop nginx, that socket is not removed, and then when nginx starts, it fails because it expects to be able to create that socket and bind to it, but its already there, this is the error that is produced:

2016/04/11 23:45:43 [emerg] 1480#0: bind() to unix:/run/tor/nginx-onion-80.sock failed (98: Address already in use)
2016/04/11 23:45:43 [emerg] 1480#0: bind() to unix:/run/tor/nginx-onion-80.sock failed (98: Address already in use)
2016/04/11 23:45:43 [emerg] 1480#0: bind() to unix:/run/tor/nginx-onion-80.sock failed (98: Address already in use)
2016/04/11 23:45:43 [emerg] 1480#0: bind() to unix:/run/tor/nginx-onion-80.sock failed (98: Address already in use)
2016/04/11 23:45:43 [emerg] 1480#0: bind() to unix:/run/tor/nginx-onion-80.sock failed (98: Address already in use)
2016/04/11 23:45:43 [emerg] 1480#0: still could not bind()

and then it fails to start. I have to manually remove that socket after stopping nginx, before starting it again.

I believe that nginx should clean this up when it stops.

Change History (2)

comment:1 by Ruslan Ermilov, 4 years ago

First of all, I suggest to update to a modern nginx version of nginx.
Anyway, I've tested with 1.6.2, and it works for me - the socket is removed on exit.

Run your nginx with debugging log enabled (see http://nginx.org/en/docs/debugging_log.html). You should see the lines like this when stopping:

2016/04/15 09:08:10 [notice] 49031#0: exit
2016/04/15 09:08:10 [debug] 49031#0: close listening unix:/tmp/nginx-onion-80.sock #5 
Version 0, edited 4 years ago by Ruslan Ermilov (next)

comment:2 by Maxim Dounin, 4 years ago

Resolution: duplicate
Status: newclosed

Whether or not unix listening sockets are removed depends on how nginx is stopped. See ticket #753.

Note: See TracTickets for help on using tickets.