NGINX fails to start/install/upgrade if IPv6 is completely disabled.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Debian) |
New
|
Unknown
|
|||
nginx (Ubuntu) |
Won't Fix
|
Wishlist
|
Unassigned | ||
Xenial |
Won't Fix
|
Medium
|
Unassigned | ||
Bionic |
Won't Fix
|
Medium
|
Unassigned | ||
Disco |
Won't Fix
|
Medium
|
Unassigned | ||
Eoan |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
[IMPACT]
With current default vhost listening on IPV6, nginx won't start on fully IPV6 disabled system, expecting to connect to a IPV6 socket on port 80.
# nginx -t
nginx: the configuration file /etc/nginx/
==> nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/
# cat /etc/nginx/
......
server {
listen 80 default_server;
==> listen [::]:80 default_server;
......
[TEST CASE]
* Disable ipv6
# cat /proc/cmdline
.... ipv6.disable=1
* Reboot for the kernel parameter to be taken into account.
* Fresh install of nginx:
# apt-get install nginx -y
Output:
--------
# apt-get install nginx -y
.......
Setting up nginx-core (1.14.0-0ubuntu1.6) ...
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nginx, action "start" failed.
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/
Active: failed (Result: exit-code) since Wed 2019-10-23 14:01:26 UTC; 6ms ago
Docs: man:nginx(8)
Process: 1005 ExecStartPre=
Oct 23 14:01:26 nginxbionictest1 systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 23 14:01:26 nginxbionictest1 nginx[1005]: nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
Oct 23 14:01:26 nginxbionictest1 nginx[1005]: nginx: configuration file /etc/nginx/
Oct 23 14:01:26 nginxbionictest1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 23 14:01:26 nginxbionictest1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Oct 23 14:01:26 nginxbionictest1 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
dpkg: error processing package nginx-core (--configure):
installed nginx-core package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of nginx:
nginx depends on nginx-core (<< 1.14.0-
Package nginx-core is not configured yet.
Package nginx-full is not installed.
Package nginx-light is not installed.
Package nginx-extras is not installed.
nginx depends on nginx-core (>= 1.14.0-0ubuntu1.6) | nginx-full (>= 1.14.0-0ubuntu1.6) | nginx-light (>= 1.14.0-0ubuntu1.6) | nginx-extras (>= 1.14.0-0ubuntu1.6); however:
Package nginx-core is not configured yet.
Package nginx-full is not installed.
Package nginx-light is not installed.
Package nginx-extras is not installed.
dpkg: error processing package nginx (--configure):
dependency problems - leaving unconfigured
Processing triggers for systemd (237-3ubuntu10.31) ...
No apport report written because the error message indicates its a followup error from a previous failure.
Processing triggers for ufw (0.36-0ubuntu0.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Errors were encountered while processing:
nginx-core
nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)
# dpkg -l | grep -i nginx
iU nginx 1.14.0-0ubuntu1.6 all small, powerful, scalable web/proxy server
ii nginx-common 1.14.0-0ubuntu1.6 all small, powerful, scalable web/proxy server - common files
iF nginx-core 1.14.0-0ubuntu1.6 amd64 nginx web/proxy server (standard version)
--------
[REGRESSION POTENTIAL]
LOW.
Other distributions does that (not including ipv6 listen by default) already (e.g. Centos and Upstream)
* nginx.vh.
server {
listen 80;
server_name localhost;
* Upstream nginx:
https:/
This won't introduce behaviour change for those who upgrade nginx, but it will introduce a behaviour change for those used to have ipv6 listen in the default vhost at fresh package installation.
But IMHO, the default vhost is a starting point/example, that the admin will anyway have to modify manually or via some automation tool (ansible, chef, puppet, ...)
So this will only imply that the admin will need to update their recipe to add the ipv6 listen in their vhost config (ONLY if needed).
Minus leaving the users to have to uncomment the ipv6 listen in the vhost (if needed) by themselves manually, automation recipes, ... I don't see any major blocker, I personally think it's a good compromise in order to prevent the actual package to fails and be found in a erroneous state if ipv6 is disabled.
Of course, we can debate if disabling ipv6 is a good or wrong, but I think that the package installation should succeed for both ipv4only and ipv6.
[OTHER INFORMATION]
* Debian upstream bug:
https:/
[ORIGINAL DESCRIPTION]
There is a known issue where NGINX will not properly run or install when IPv6 is fully disabled on a system.
Per Bug #1712696 which first detailed this, these are some 'relevant' log entries:
Aug 23 23:52:24 thomas-
Aug 23 23:52:24 thomas-
Aug 23 23:52:24 thomas-
Aug 23 23:52:24 thomas-
As you can see the system could not bind to Port 80 on IPv6.
While this is a **nonstandard** setup, there are some systems which are configured to not have IPv6 support. It should currently be considered whether we should test for such 'systems' to see whether IPv6 is enabled or not, and modify the configuration file accordingly during install/configure.
This issue happens regardless of the 'supported' operating system status or not, and is a core NGINX package issue, but also a core 'incompatible configuration' issue with systems which disable IPv6.
description: | updated |
summary: |
- NGINX fails to install/upgrade if IPv6 is completely disabled. + NGINX fails to start/install/upgrade if IPv6 is completely disabled. |
Changed in nginx (Debian): | |
status: | Unknown → New |
description: | updated |
description: | updated |
description: | updated |
Changed in nginx (Ubuntu Eoan): | |
assignee: | nobody → Eric Desrochers (slashd) |
Changed in nginx (Ubuntu Disco): | |
assignee: | nobody → Eric Desrochers (slashd) |
Changed in nginx (Ubuntu Bionic): | |
assignee: | nobody → Eric Desrochers (slashd) |
Changed in nginx (Ubuntu Xenial): | |
assignee: | nobody → Eric Desrochers (slashd) |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in nginx (Ubuntu): | |
status: | In Progress → Triaged |
importance: | Low → Medium |
importance: | Medium → Low |
Changed in nginx (Ubuntu Eoan): | |
status: | In Progress → Won't Fix |
Changed in nginx (Ubuntu Disco): | |
status: | In Progress → Won't Fix |
Changed in nginx (Ubuntu Bionic): | |
status: | In Progress → Won't Fix |
Changed in nginx (Ubuntu Xenial): | |
status: | New → Won't Fix |
Changed in nginx (Ubuntu Xenial): | |
assignee: | Eric Desrochers (slashd) → nobody |
Changed in nginx (Ubuntu Bionic): | |
assignee: | Eric Desrochers (slashd) → nobody |
Changed in nginx (Ubuntu Eoan): | |
assignee: | Eric Desrochers (slashd) → nobody |
Changed in nginx (Ubuntu Disco): | |
assignee: | Eric Desrochers (slashd) → nobody |
Changed in nginx (Ubuntu): | |
status: | Triaged → In Progress |
importance: | Low → Medium |
Changed in nginx (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in nginx (Ubuntu): | |
status: | Opinion → Triaged |
importance: | Medium → Wishlist |
tags: | added: server-triage-discuss |
Changed in nginx (Ubuntu): | |
assignee: | Thomas Ward (teward) → nobody |
tags: | removed: server-triage-discuss |
Debian bug discussion: /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 942817
https:/