本文介绍了nginx 每天崩溃,error.log 什么也没显示的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 nginx 服务器设置为反向代理,它似乎每天都在崩溃.服务器以前从未出现过任何问题,但最近(大约一个月前)我开始注意到 nginx 没有运行,我必须登录服务器才能再次启动该过程.

I have an nginx server setup as a reverse proxy that seems to be crashing daily. There was never any issue with the server before but recently (a month or so ago) I started noticing that nginx wasn't running and I'd have to log into the server to start the process up again.

我在日志中找不到任何有用的东西.如果您能帮助我诊断问题,我将不胜感激.

I'm having trouble finding anything useful in the logs. I'd appreciate any help in diagnosing the issue.

nginx 版本:nginx/1.10.3 (Ubuntu)

nginx version: nginx/1.10.3 (Ubuntu)

操作系统:Ubuntu 16.04.4 LTS(在 LXC 中运行)

os: Ubuntu 16.04.4 LTS (running in an LXC)

# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Sat 2018-06-23 21:49:46 UTC; 1min 23s ago
Process: 13485 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=1/FAILURE)
Process: 13402 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 13401 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 13403 (code=exited, status=0/SUCCESS)

Jun 23 10:30:17 nginx systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 23 10:30:17 nginx systemd[1]: Started A high performance web server and a reverse proxy server.

cat/var/log/nginx/error.log

cat /var/log/nginx/error.log

2018/06/23 21:49:46 [notice] 13484#13484: signal process started

access.log 文件中没有任何可疑内容.

There was nothing suspicious in the access.log file.

如果有更多有用的信息,请告诉我

Let me know if there's any more information that would be helpful

推荐答案

我遇到了同样的问题,而且是同样的错误来源:certbot 正在关闭 nginx 服务器,并且在续订后无法再次启动它.

I had the same problem and it was the same source of error: certbot was turning off the nginx server and was not capable of starting it again after renewal.

您可以通过查看以下日志来检查是否遇到相同的问题.第一个 nginx 日志:

You can check if you encounter the same problem by checking following logs. First nginx logs:

tail -n 100/var/log/nginx/error.log

结果:

2019/02/05 12:07:37 [notice] 1629#1629: signal process started
2019/02/05 12:07:37 [error] 1629#1629: open() "/run/nginx.pid" failed (2: No such file or directory)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:80 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:443 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to [::]:443 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:444 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to [::]:444 failed (98: Address already in use)
[...]
2019/02/05 12:07:38 [emerg] 1655#1655: still could not bind()
2019/02/05 12:07:41 [alert] 1631#1631: unlink() "/run/nginx.pid" failed (2: No such file or directory)

我们看到 nginx 尝试重启失败.

We see nginx unsuccessfully trying to restart.

您也可以检查系统日志:

You can chek syslog too:

tail -n 100/var/log/syslog

并寻找相同的时间戳:

Feb  5 12:07:30 systemd[1]: Starting Certbot...
Feb  5 12:07:31 systemd[1]: Stopping A high performance web server and a reverse proxy server...
Feb  5 12:07:31 systemd[1]: Stopped A high performance web server and a reverse proxy server.
Feb  5 12:07:38 systemd[1]: Starting A high performance web server and a reverse proxy server...

我们看到 certbot 似乎导致了问题.

We see that certbot seems to cause the problem.

就我而言,我有一个旧版本的 certbot.您可以使用 certbot --version 命令检查您的版本.就我而言,我有 certbot 0.10.2...

In my case, I had an old version of certbot. You can check your version using certbot --version command. In my case I had certbot 0.10.2...

首先,升级你的 certbot 应用程序,并添加 nginx 插件:

So first of all, upgrade your certbot application, and add nginx plugin:

sudo apt-get update
sudo apt-get install certbot python-certbot-nginx

检查您的新版本:certbot --version -> certbot 0.28.0.

Check your new version: certbot --version -> certbot 0.28.0.

然后,您将不得不相应地修改更新配置文件以适应新版本,并使用 nginx 插件.更新 conf 文件位于 /etc/letsencrypt/renewal/* 目录中.请注意,certbot 文档不鼓励您手动修改它们...

Then, you will have to modify renewal configuration files accordingly to new version, and using nginx plugin. Renewal conf file are in /etc/letsencrypt/renewal/* directory. Note that the certbot documentation discourage you to manually modify them...

我修改了所有的续订配置文件:

I modify all the renewal configuration files from:

# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/yourdomain
cert = /etc/letsencrypt/live/yourdomain/cert.pem
privkey = /etc/letsencrypt/live/yourdomain/privkey.pem
chain = /etc/letsencrypt/live/yourdomain/chain.pem
fullchain = /etc/letsencrypt/live/yourdomain/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = standalone
post_hook = service nginx start
account = yourkey
pre_hook = service nginx stop
installer = nginx

致:

# renew_before_expiry = 30 days
version = 0.28.0
archive_dir = /etc/letsencrypt/archive/yourdomain
cert = /etc/letsencrypt/live/yourdomain/cert.pem
privkey = /etc/letsencrypt/live/yourdomain/privkey.pem
chain = /etc/letsencrypt/live/yourdomain/chain.pem
fullchain = /etc/letsencrypt/live/yourdomain/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = yourkey
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = nginx
installer = nginx

(注意只有versionauthenticator行被修改,server行被添加,pre_hookstrong> 和 post_hook 行已被删除).

(note that only the version and authenticator lines have been modified, server line has been added, and pre_hook and post_hook lines have been removed).

然后,您可以使用以下命令模拟续订,以检查下一次续订是否顺利进行:

Then you can check if your next renewal will run smoothly, by simulating a renewal, using the following command:

certbot renew --dry-run

您应该为每个证书获得以下内容,没有红色错误:

You should get the following for each of your certificate, with no red error:

new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/yourdomain/fullchain.pem

这篇关于nginx 每天崩溃,error.log 什么也没显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-24 05:27