Hi,

I’m having an odd problem here. I’m trying to set up nginx with a
varnish
proxy in front of it. The box is Ubuntu 15.10, nginx 1.9.3, varnish
4.0.3.

For testing I set up varnish on port 8080, and nginx was running on port
80
and 443. I shut down both, edit the config files so that varnish is
listening on port 80 and forwarding to the nginx backend on 8080. I do a
search and replace on all the listen directives in
/etc/nginx/sites-enabled
to change listen 80 to listen 8080.

When I restart nginx, it comes up listening on port 8080 and 443 as
expected, but ALSO on port 80. This means varnish is unable to start up
as
the port is already bound.

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN
17514/nginx -g daem
tcp 0 0 0.0.0.0:8080 0.0.0.0:*
LISTEN
17514/nginx -g daem
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN
17514/nginx -g daem

I’ve checked through the nginx conf files many times. There are no other
listen 80 directives. I’ve also tried putting a server block in the main
nginx.conf with listen 8080 in it, but that doesn’t help.

I think the problem may be that this system is confused between systemd
and
init.d. I was having trouble with varnish in this respect. However I’ve
checked all the systemd files and none of them mention a port, and the
/etc/init.d/nginx file doesn’t either.

Why is nginx using port 80? And how to stop it! Any pointers gratefully
received.

Posted at Nginx Forum:

Without showing your nginx config it’s unlikely that anyone will be able
to
troubleshoot. Likely there is a stray listen directive that’s causing
this.

On Thu, Mar 31, 2016 at 9:29 PM, plutocrat [email protected]

Robert P. Wrote:

Without showing your nginx config it’s unlikely that anyone will be able
to
troubleshoot. Likely there is a stray listen directive that’s causing
this.

There are no stray listen directives. I’ve checked many times.
grep -ril listen /etc/nginx
Shows only files in sites-enabled and sites-available directories.
grep -i listen /etc/nginx/sites-enabled
Shows only port 8080
grep 80 /etc/nginx/sites-enabled
Shows only port 8080
I’ve also manually opened all files and verified just in case my
grepping
skills were failing. I’ve checked probably 10 times. This is why I can’t
figure it out and came to ask the mailing list!

Posted at Nginx Forum:

I’m sure the mailing list would be happy to help if you would provide
your
config files so that debugging doesn’t involve reading your mind

On Thu, Mar 31, 2016 at 9:42 PM, plutocrat [email protected]

So, just to be clear, these are the ones running now without varnish. Of
course the lines with listen 80 are changed to listen 8080, and when I
restart nginx, it appears on ports 80, 8080 and 443.

Posted at Nginx Forum:

OK, was trying to keep the post relevant and succinct, but here goes
with
the config. Its a newly set up server, so pretty much standard.

cat nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;

multi_accept on;

}

http {

required for letsencrypt verification

    server {

            location ~ /.well-known/acme-challenge/(.*) {
                    default_type text/plain;
            }
    }

Basic Settings

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

server_tokens off;

server_names_hash_bucket_size 64;

server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

SSL Settings

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

Logging Settings

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Gzip Settings

gzip on;
gzip_disable “msie6”;

gzip_vary on;

gzip_proxied any;

gzip_comp_level 6;

gzip_buffers 16 8k;

gzip_http_version 1.1;

gzip_types text/plain text/css application/json

application/javascript
text/xml application/xml application/xml+rss text/javascript;

Virtual Host Configs

include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/;
}

===========================
nothing at all in ./conf.d/

cat sites-enabled/default

Default server configuration

server {

handles anything going to numeric IP address.

listen 80 default_server;

root /var/www/html;

Add index.php to the list if you are using PHP

index index.html index.php index.htm index.nginx-debian.html;

server_name localhost 16.17.18.19;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

}

=======================================================
$> cat sites-enabled/domain1.com.

server {
listen 80;

    server_name www.domain1.com domain1.com;
    root /home/user/domains/domain1.com/public_html/public;
    access_log /home/user/domains/domain1.com/logs/access.log;
    error_log /home/user/domains/domain1.com/logs/error.log;

    index index.php index.html index.htm;
    error_page 404 /404.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # Pass PHP scripts to PHP-FPM
    location ~ \.php$ {
        try_files $uri =403;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm-user.sock;
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME

$document_root$fastcgi_script_name;
}

    # Enable browser cache for CSS / JS
    location ~* \.(?:css|js)$ {
        expires 2d;
        add_header Pragma "public";
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
    }

    # Enable browser cache for static files
    location ~*

.(?:ico|jpg|jpeg|gif|png|bmp|webp|tiff|svg|svgz|pdf|mp3|flac|ogg|mid|midi|wav|mp4|webm|mkv|ogv|wmv|eot|otf|woff|ttf|rss|atom|zip|7z|tgz|gz|rar|bz2|tar|exe|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)$
{
expires 5d;
add_header Pragma “public”;
add_header Cache-Control “public”;
}

    # Prevent logging of favicon and robot request errors
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { log_not_found off; access_log off; }

}

server {
listen 443;
server_name www.domain1.com domain1.com;
root /home/user/domains/domain1.com/public_html;
access_log /home/user/domains/domain1.com/logs/access.log;
error_log /home/user/domains/domain1.com/logs/error.log;

    index index.php index.html index.htm;
    error_page 404 /404.html;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
    ssl_certificate_key 

/etc/letsencrypt/live/domain1.com/privkey.pem;

    ssl_session_timeout 5m;

    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    index index.php index.html index.htm;
    error_page 404 /404.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # Pass PHP scripts to PHP-FPM
    location ~ \.php$ {
        try_files $uri =403;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm-user.sock;
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME

$document_root$fastcgi_script_name;
}

    # Enable browser cache for CSS / JS
    location ~* \.(?:css|js)$ {
        expires 2d;
        add_header Pragma "public";
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
    }

    # Enable browser cache for static files
    location ~*

.(?:ico|jpg|jpeg|gif|png|bmp|webp|tiff|svg|svgz|pdf|mp3|flac|ogg|mid|midi|wav|mp4|webm|mkv|ogv|wmv|eot|otf|woff|ttf|rss|atom|zip|7z|tgz|gz|rar|bz2|tar|exe|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)$
{
expires 5d;
add_header Pragma “public”;
add_header Cache-Control “public”;
}

    # Prevent logging of favicon and robot request errors
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { log_not_found off; access_log off; }

}

===========
There are three other domains in this directory, all created by copying
and
editing the domain1 file. So nothing extra in there. You’ll just have to
take my word for it that the listen directives are all the same.

Posted at Nginx Forum:

On Fri, Apr 01, 2016 at 12:42:57AM -0400, plutocrat wrote:

Hi there,

There are no stray listen directives. I’ve checked many times.
grep -ril listen /etc/nginx
Shows only files in sites-enabled and sites-available directories.
grep -i listen /etc/nginx/sites-enabled
Shows only port 8080
grep 80 /etc/nginx/sites-enabled
Shows only port 8080

http://nginx.org/r/listen

“Default” there means that if a server{} block does not have any listen
directive, it is equivalent to “listen *:80” (or “listen *:8080” if
running as non-root).

Your “letsencrypt” server{} block does not have any listen directive.

So add one there – and to any other similar blocks – or do not start
nginx as root (and therefore be unable to listen to any port below
1024).

f

Francis D. [email protected]

On Fri, Apr 01, 2016 at 08:12:12AM +0100, Francis D. wrote:

On Fri, Apr 01, 2016 at 12:42:57AM -0400, plutocrat wrote:

One silly typo and thinko…

Module ngx_http_core_module

“Default” there means that if a server{} block does not have any listen
directive, it is equivalent to “listen *:80” (or “listen *:8080” if

8000, not 8080.

running as non-root).

Your “letsencrypt” server{} block does not have any listen directive.

So add one there – and to any other similar blocks – or do not start
nginx as root (and therefore be unable to listen to any port below 1024).

“start as not root” would listen on 8000; and would fail to listen on
443.

So adding an explicit “listen” to every server{} block without one is
the way to go.

f

Francis D. [email protected]

Francis D. Wrote:

“Default” there means that if a server{} block does not have any
listen directive, it is equivalent to “listen *:80” (or “listen *:8080”
if
running as non-root).

Your “letsencrypt” server{} block does not have any listen directive.

Oh wow. It was that simple. Thanks. I probably should have found it, but
when you start going around in circles its hard to break out. Adding a
listen directive to the letsencrypt server {} block fixed it.

Posted at Nginx Forum: