Nixpkgs: nginx: Not creating stateDir on nginx systemd service unit restart

Created on 22 Apr 2020  路  5Comments  路  Source: NixOS/nixpkgs

Describe the bug
On (re)start of the Nginx systemd service the stateDir is not created if it does not exist.

We noticed this as it broke our (a bit hacky) workflow to clear the Nginx proxy cache which is basically: sudo rm -rf /var/spool/nginx/ && sudo systemctl restart nginx

This (aggressive) method was working fine in 19.03 and 19.09 ;)

I am not well versed with tmpfiles.d but assume that the tmpfiles-setup is not executed every time the service starts?

To Reproduce
Steps to reproduce the behavior:

  1. Configure nginx to use a directory inside of the stateDir as proxy cache path like this:
      appendHttpConfig = ''
        proxy_cache_path /var/spool/nginx/proxycache levels=1:2 keys_zone=mycache:20m max_size=500m use_temp_path=off;
        proxy_cache_key $scheme$host$request_uri$http_accept_language;

        fastcgi_cache_path /var/spool/nginx/fcgicache levels=1:2 keys_zone=fcgicache:20m max_size=500m use_temp_path=off;
        fastcgi_cache_key $scheme$host$request_uri;
      [...]
      };
  1. Remove the stateDir and restart the nginx service:
    sudo rm -rf /var/spool/nginx/ && sudo systemctl restart nginx
  2. See Nginx fail to start:
Apr 22 07:41:46 oi-web01 systemd[1]: Starting Nginx Web Server...
-- Subject: Unit nginx.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit nginx.service has begun starting up.
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: nginx: [alert] could not open error log file: open() "/var/spool/nginx/logs/error.log" failed (2: No such file or directory)
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [warn] 1084#1084: could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
[.. some logs removed ..]
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [warn] 1084#1084: conflicting server name "www.DOMAIN-REMOVED.de" on 0.0.0.0:80, ignored
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [warn] 1084#1084: conflicting server name "www.DOMAIN-REMOVED.de" on [::]:80, ignored
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [warn] 1084#1084: conflicting server name "www.DOMAIN-REMOVED.de" on 0.0.0.0:443, ignored
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [warn] 1084#1084: conflicting server name "www.DOMAIN-REMOVED.de" on [::]:443, ignored
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: nginx: the configuration file /nix/store/w5jj77nr901gpv3rd22jv8zjdsicw6rx-nginx.conf syntax is ok
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: 2020/04/22 07:41:46 [emerg] 1084#1084: mkdir() "/var/spool/nginx/proxycache" failed (2: No such file or directory)
Apr 22 07:41:46 oi-web01 s86gqdy00743baj5rrx1f85b6hpx9d3c-unit-script-nginx-pre-start[1083]: nginx: configuration file /nix/store/w5jj77nr901gpv3rd22jv8zjdsicw6rx-nginx.conf test failed
Apr 22 07:41:46 oi-web01 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Apr 22 07:41:46 oi-web01 systemd[1]: nginx.service: Failed with result 'exit-code'.
Apr 22 07:41:46 oi-web01 systemd[1]: Failed to start Nginx Web Server.

Expected behavior

  • Nginx starts without an error

    • (re)creation of the stateDir on (re)start when necessary

Notify maintainers

@Izorkin
@danbst

Metadata

  • system: "x86_64-linux"
  • host os: Linux 5.4.33, NixOS, 20.03.1422.1e90c46c2d9 (Markhor)
  • multi-user?: yes
  • sandbox: yes
  • version: nix-env (Nix) 2.3.4
  • channels(root): "nixos-20.03.1422.1e90c46c2d9"
  • channels(helmich): ""
  • nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: nginx
bug nixos
Source
picture fadenb

Most helpful comment

I think the long-term goal here is to move things towards StateDirectory, RuntimeDirectory, and the systemd journal /LogsDirectory - as systemd would take care of creating all these folders with the right permissons, but that's a bit more work.

picture flokli on 23 Apr 2020
👍3

All 5 comments

Option PermissionsStartOnly="true"; deprecated. The nginx service uses sytemd.tmpfiles.rules. The folder /var/spool/nginx/ will be automatically created after rebooting the system.

Izorkin picture Izorkin on 22 Apr 2020

Or run command sudo systemd-tmpfiles --create

Izorkin picture Izorkin on 22 Apr 2020

@fadenb sytemd-tmpfiles are only executed during configuration switching. I'd propose cleaning the cache-specific subfolders (/var/spool/nginx/*cache), instead of all of nginx's state.

flokli picture flokli on 23 Apr 2020

I think the long-term goal here is to move things towards StateDirectory, RuntimeDirectory, and the systemd journal /LogsDirectory - as systemd would take care of creating all these folders with the right permissons, but that's a bit more work.

flokli picture flokli on 23 Apr 2020
👍3

With https://github.com/NixOS/nixpkgs/pull/85862 merged, this can be closed.

flokli picture flokli on 15 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chris-martin picture chris-martin  路  3Comments
rzetterberg picture rzetterberg  路  3Comments
langston-barrett picture langston-barrett  路  3Comments
grahamc picture grahamc  路  3Comments
ayyess picture ayyess  路  3Comments