nginx serves wrong site while config is being reloaded

Bug #1938857 reported by Johannes Rohr

This bug report will be marked for expiration in 11 days if no further activity occurs. (find out why)

This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)

Bug Description

We have a cronjob that regularly regenerates vhost configs from a template, renews certificates and reloads nginx.

Lately, we are frequently seeing an error where during a short window, nginx serves the wrong site & certificate are served by nginx. For instance, I see this error log entry:

2021/08/04 06:53:19 [error] 2296834#2296834: *618991 connect() failed (111: Connection refused) while connecting to upstream, client: 2604:a880:400:d0::1d78:1001, server: onlyoffice.*****.org, request: "GET /wp-login.php HTTP/1.1", upstream: "http://[::1]:8910/wp-login.php", host: "****.net"

The domain which is served in place of the one which was requested is NOT the default server, instead, it is one whose config hasn't been regenerated because it has a custom config that is exempt from being automatically regenerated.

Again, this erroneous behaviour seems to last only for a very short while, but this is enough to e.g. cause a Nextcloud client to complain about the wrong certificate and stop synchronizing.

Revision history for this message
Paride Legovini (paride) wrote :

Hello Johannes and thanks for your bug report. I tried to reproduce the issue you described in a simple setup, but I couldn't. Perhaps my dummy setup is too simple and the reload happens too fast. I assume you are using `systemctl reload` to make nginx reload its config.

Without steps to reproduce the problem there is little that can be done on this bug. My suggestion here, if you can't identify a minimal set of steps that reproduce the problem, is to file a bug against the upstream nginx project, as it is very unlikely that this is an Ubuntu-specific bug.

For the moment I'm marking this report as Incomplete.

Changed in nginx (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers