Comment 3 for bug 1818574

Thomas Ward (teward) wrote :

Note that this type of "free binding" behavior is not desirable in MOST setups. Discussing in the Ubuntu Server IRC channel, in MOST setups, if you can't do something like bind to an IP it should error; slow-to-configure IPv6 aside, the most desirable thing would be for improper IP/bind configurations to error out in most default configurations.

------

Free binding and non-local binding behavior is, in my opinion, "Opt-In" behavior. I would not alter the SystemD file currently to use anything but network.target, as prior discussions on that matter with the Server Team have suggested that this would be improper, especially on local test systems where there is no 'networking' that would be online and in other edge cases.

------

There are several confirmed workarounds tested today by the Server Team to make sure they actually work, as well as *historically* have been suggested here already:

(1) Have nginx start up later in the cycle by overriding the SystemD unit to use network-online.target. This was suggested by Andreas, so look earlier in the bug comments for how to do this.

Execute: sudo systemctl edit nginx.service

Add this content:

[Unit]
After=network-online.target
Requires=network-online.target

------

(2) sysctl changes (Linux 4.3+ kernels)

Set net.ipv6.ip_nonlocal_bind which will implement "Free Binding" behavior like IP_FREEBIND has.

If you don't want to set this systemwide or persistently, or have a case where sysctl changes just don't persist (like in some containerization mechanisms), then...

------

(3) Set SystemD overrides for ExecStartPre for the service rather than changing your sysctl lines in the chance they don't persist.

Execute: sudo systemctl edit nginx.service

Add this content:

[Service]
ExecStartPre=-/sbin/sysctl -w net.ipv4.ip_nonlocal_bind=1
ExecStartPre=-/sbin/sysctl -w net.ipv6.ip_nonlocal_bind=1

This will do the same behavior.

------

Short of Upstream NGINX implementing IP_FREEBIND, or short of your manual insertion of overrides here, there's not much we can do to fix this bug in Ubuntu at this time...