Forum: NGINX getgrnam("root") failed

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Close A. (Guest)
on 2009-04-21 08:33
Hi, I'm a deployment newbie and ran into an error in my nginx config
file (pasted below).  Any pointers are very much appreciated.  I am
setting up NGINX on Mac OS 10.5.6 to test before deploying a Rails app
on an AWS Ubuntu Hardy ami.  The error message is:

[emerg] 14296#0: getgrnam("root") failed in
/usr/local/nginx/conf/nginx.conf:1


My nginx.conf file looks like:

user  root root;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /usr/local/nginx/logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
$request '
                      '"$status" $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /usr/local/nginx/logs/access.log  main;

    #sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_proxied any;
  gzip_disable "MSIE [1-6].(?!.*SV1)";
  gzip_types  text/plain text/html text/css application/x-javascript
        text/xml application/xml application/xml+rss text/javascript;

  include /etc/nginx/vhosts/*.conf;
}

-------------------------------------------------------------------------------


And my /etc/nginx/vhosts/site_name.conf looks like:

 # Load balance to mongrels
upstream mongrel_cluster1 {
  server 0.0.0.0:8040;
  server 0.0.0.0:8041;
  server 0.0.0.0:8042;
  server 0.0.0.0:8043;
  server 0.0.0.0:8044;
}

# Begin virtual host configuration
server {
    listen       80;
    server_name  localhost;
  root /Users/John/rails/site_name/public;
  client_max_body_size 50M;
    access_log  /usr/local/nginx/logs/site_name.access.log  main;
    error_page   500 502 503 504  /50x.html;

  # First rewrite rule for handling maintenance page
  if (-f $document_root/system/maintenance.html) {
    rewrite ^(.*)$ /system/maintenance.html last;
    break;
  }

    location / {
        index  index.html index.htm;

    # Forward info about the client and host
    # Otherwise Rails app won't have access to it.
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host  $http_host;
    proxy_max_temp_file_size  0;

    # Directly serve static content
    location ~ ^/(images|javascripts|stylesheets)/ {
      expires 10y;
    }
    if (-f $request_filename) {
      break;
    }

    # Directly serve cached pages
    if (-f $request_filename.html) {
      rewrite (.*) $1.html break;
    }

    # Otherwise let Mongrel handle the request
    if (!-f $request_filename) {
      proxy_pass http://mongrel_cluster1;
      break;
    }
    }

}

-------------------------------------------------------------------------------

Also, if I define two mongrel clusters, can I configure with an extra
proxy_pass statement as follows?:

upstream mongrel_cluster1 {
  server 0.0.0.0:8040;
  server 0.0.0.0:8041;
  server 0.0.0.0:8042;

}
upstream mongrel_cluster2 {
  server 0.0.0.0:8050;
  server 0.0.0.0:8051;
  server 0.0.0.0:8052;

}

# Otherwise let Mongrel handle the request
    if (!-f $request_filename) {
      proxy_pass http://mongrel_cluster1;
                        proxy_pass http://mongrel_cluster2;
      break;
    }


Thank you!,
John
AMP Admin (Guest)
on 2009-04-21 09:13
(Received via mailing list)
Prolly shouldn't run this as root.

My guess would be to change user root root; to user nginx nginx; and see
what happens.
Close A. (Guest)
on 2009-04-21 09:38
AMP Admin wrote:
> Prolly shouldn't run this as root.
>
> My guess would be to change user root root; to user nginx nginx; and see
> what happens.




Thanks for the response.  It seems the problem was that on my Mac there
was no group 'root', so I put 'wheel' and nginx starts up.

> Prolly shouldn't run this as root.

Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
so all of my capistrano code checkouts happen under root, so then my
mongrels need to be run as root so they can write to log files/folders.
I guess I can customize the cap task to switch user after SSH and before
checking out the repository.

Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won't
that run it as root?

Using the same configuration, I get a 502 error when navigating to
http://localhost

The error log look like the following for each request:
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
upstream: "http://0.0.0.0:8082/", host: "localhost:80"
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
upstream: "http://0.0.0.0:8080/", host: "localhost:80"
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
upstream: "http://0.0.0.0:8081/", host: "localhost:80"
2009/04/21 01:30:21 [error] 14504#0: *20 no live upstreams while
connecting to upstream, client: 127.0.0.1, server: localhost, request:
"GET / HTTP/1.1", upstream: "http://mongrel_cluster1/", host:
"localhost:80"

I get the nginx 502 Bad Gateway page.
Close A. (Guest)
on 2009-04-21 10:07
John Mccarthy wrote:
> AMP Admin wrote:
>> Prolly shouldn't run this as root.
>>
>> My guess would be to change user root root; to user nginx nginx; and see
>> what happens.
>
>
>
>
> Thanks for the response.  It seems the problem was that on my Mac there
> was no group 'root', so I put 'wheel' and nginx starts up.
>
>> Prolly shouldn't run this as root.
>
> Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
> so all of my capistrano code checkouts happen under root, so then my
> mongrels need to be run as root so they can write to log files/folders.
> I guess I can customize the cap task to switch user after SSH and before
> checking out the repository.
>
> Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won't
> that run it as root?
>
> Using the same configuration, I get a 502 error when navigating to
> http://localhost
>
> The error log look like the following for each request:
> 2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
> connect() failed (61: Connection refused) while connecting to upstream,
> client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
> upstream: "http://0.0.0.0:8082/", host: "localhost:80"
> 2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
> connect() failed (61: Connection refused) while connecting to upstream,
> client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
> upstream: "http://0.0.0.0:8080/", host: "localhost:80"
> 2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
> connect() failed (61: Connection refused) while connecting to upstream,
> client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1",
> upstream: "http://0.0.0.0:8081/", host: "localhost:80"
> 2009/04/21 01:30:21 [error] 14504#0: *20 no live upstreams while
> connecting to upstream, client: 127.0.0.1, server: localhost, request:
> "GET / HTTP/1.1", upstream: "http://mongrel_cluster1/", host:
> "localhost:80"
>
> I get the nginx 502 Bad Gateway page.



I found the error.  In my mongrel_cluster.yml configuration file, I
specified the address as localhost, instead of 0.0.0.0.

Thanks for your help!,
John
Igor S. (Guest)
on 2009-04-21 11:25
(Received via mailing list)
On Tue, Apr 21, 2009 at 07:38:36AM +0200, John Mccarthy wrote:

>
> Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
> so all of my capistrano code checkouts happen under root, so then my
> mongrels need to be run as root so they can write to log files/folders.
> I guess I can customize the cap task to switch user after SSH and before
> checking out the repository.
>
> Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won't
> that run it as root?

No, only master process should be run as root, the workers should be run
as unprivileged user, say, nobody.
AMP Admin (Guest)
on 2009-04-21 21:42
(Received via mailing list)
I see a lot of the following in our log.  Anyone know what might be
causing this?

[info] 15399#0: *15062 client *.*.*.* closed keepalive connection (104:
Connection reset by peer)
[info] 15401#0: *15199 client *.*.*.* closed keepalive connection
[warn] 15399#0: *14910 an upstream response is buffered to a temporary
file /tmp/fastcgi/7/07/0000000077 while reading upstream, client:
*.*.*.*, request: "GET /page.php?e=29306 HTTP/1.0", upstream:
"fastcgi://127.0.0.1:9000", referrer:
"http://forum.forum.com/page2.php?g=5"
Igor S. (Guest)
on 2009-04-22 00:44
(Received via mailing list)
On Tue, Apr 21, 2009 at 12:30:57PM -0500, AMP Admin wrote:

> I see a lot of the following in our log.  Anyone know what might be causing this?
>
> [info] 15399#0: *15062 client *.*.*.* closed keepalive connection (104: Connection reset 
by peer)

MSIE has closed a keepalive connection (this is normal).

> [info] 15401#0: *15199 client *.*.*.* closed keepalive connection

A browser has closed a keepalive connection (this is normal).

> [warn] 15399#0: *14910 an upstream response is buffered to a temporary file 
/tmp/fastcgi/7/07/0000000077 while reading upstream, client: *.*.*.*, request: "GET 
/page.php?e=29306 HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", referrer: 
"http://forum.forum.com/page2.php?g=5"

Probably you need to increase

http://wiki.nginx.org/NginxHttpProxyModule#proxy_buffer_size
and
http://wiki.nginx.org/NginxHttpProxyModule#proxy_buffers
AMP Admin (Guest)
on 2009-04-22 01:08
(Received via mailing list)
Is that for multiple servers?  Nginx is the only webserver on this
box...
it's nginx, xcach, php-fmp, php, and mysql.
Igor S. (Guest)
on 2009-04-22 16:02
(Received via mailing list)
On Tue, Apr 21, 2009 at 04:00:06PM -0500, AMP Admin wrote:

> Is that for multiple servers?  Nginx is the only webserver on this box...
> it's nginx, xcach, php-fmp, php, and mysql.

I do not understand the question about multiple servers.
AMP Admin (Guest)
on 2009-04-22 18:03
(Received via mailing list)
I thought the proxy settings where for transferring requests to other
servers.  This is the only server so we don't use the proxy module.
Igor S. (Guest)
on 2009-04-22 18:09
(Received via mailing list)
On Wed, Apr 22, 2009 at 08:53:18AM -0500, AMP Admin wrote:

> I thought the proxy settings where for transferring requests to other
> servers.  This is the only server so we don't use the proxy module.

Sorry, I did not notice the line "fastcgi://127.0.0.1:9000".
Then you need to tune fastcgi_buffer_size and fastcgi_buffers.
These directives are similar to the proxy_ ones.
AMP Admin (Guest)
on 2009-04-22 18:47
(Received via mailing list)
Maybe a stupid question but how do I figure out what size they should be
set
at?

I saw this on the following on the web.  Do you think it will work for
me?

      location ~ \.php$ {
           fastcgi_buffer_size   32k;
           fastcgi_buffers       4 32k;
           ...
      }
Igor S. (Guest)
on 2009-04-22 18:58
(Received via mailing list)
On Wed, Apr 22, 2009 at 09:39:22AM -0500, AMP Admin wrote:

> Maybe a stupid question but how do I figure out what size they should be set
> at?
>
> I saw this on the following on the web.  Do you think it will work for me?
>
>       location ~ \.php$ {
>            fastcgi_buffer_size   32k;
>            fastcgi_buffers       4 32k;
>            ...
>       }

These setting means that FastCGI responses more than 32k + 4 * 32k =
160k
will buffer to temp files. See sizes of your repsonses and increase
number
of buffers accordingly, say,

             fastcgi_buffers       6 32k;
             fastcgi_buffers       8 32k;
             etc.
AMP Admin (Guest)
on 2009-04-22 19:55
(Received via mailing list)
Thanks for all of your replies!

One more question... how do I check the response sizes?
Igor S. (Guest)
on 2009-04-22 20:41
(Received via mailing list)
On Wed, Apr 22, 2009 at 10:47:50AM -0500, AMP Admin wrote:

> Thanks for all of your replies!
>
> One more question... how do I check the response sizes?

In access_log or in browser info page.
AMP Admin (Guest)
on 2009-04-23 08:28
(Received via mailing list)
Anyone else get spam or bots go after their site after sending messages
to
this list?

I'm not sure if it's related but that's what I'm trying to find out.
Jim O. (Guest)
on 2009-04-23 08:53
(Received via mailing list)
Are you getting email spam? Or spam posts at your site? Spambots have an
easy time finding vBulletin sites. Are you using Akismet or similar spam
blocking method? I find Akismet works very well at my vBulletin sites.
It put such posts in the moderation queue so they be can quickly
deleted.

Jim
AMP Admin (Guest)
on 2009-04-23 17:04
(Received via mailing list)
Yea, spam posts. Most the email address are from .ru and I've never seen
that on my site before.  I'm not saying it's from this list but since it
started right around the same time I thought I would check.

It seems like they're getting smarter too.  I created a thread to
discuss
this on vbulletin too:
http://www.vbulletin.com/forum/showthread.php?p=17...

I'll take a look at Akismet... thanks!
Nuno Magalhães (Guest)
on 2009-04-23 17:15
(Received via mailing list)
Maybe this can help you:
http://www.bad-behavior.ioerror.us/

HTH,
Nuno Magalhães
AMP Admin (Guest)
on 2009-04-24 17:55
(Received via mailing list)
Sorry for a simple question but I'm just not that good at regex and
nginx
yet.  Can someone help me convert the .htaccess rewrite to nginx?

RewriteRule ^([a-z0-9_\-]*-(f|all)[0-9]+(p[0-9]+|/index[0-9]*)?\.html)$
page.php/$1 [QSA,L]
RewriteRule ^([a-z0-9_\-]*-(t|p)[0-9]+(p[0-9]+|/index[0-9]*)?\.html)$
page.php/$1 [QSA,L]
RewriteCond %{REQUEST_URI} !(index\.php|\.css) [NC]
Igor S. (Guest)
on 2009-04-24 20:00
(Received via mailing list)
On Fri, Apr 24, 2009 at 08:44:36AM -0500, AMP Admin wrote:

>  Sorry for a simple question but I'm just not that good at regex and nginx
> yet.  Can someone help me convert the .htaccess rewrite to nginx?
>
> RewriteRule ^([a-z0-9_\-]*-(f|all)[0-9]+(p[0-9]+|/index[0-9]*)?\.html)$
> page.php/$1 [QSA,L]
> RewriteRule ^([a-z0-9_\-]*-(t|p)[0-9]+(p[0-9]+|/index[0-9]*)?\.html)$
> page.php/$1 [QSA,L]
> RewriteCond %{REQUEST_URI} !(index\.php|\.css) [NC]

It seems your rules are not complete. What is after

    RewriteCond %{REQUEST_URI} !(index\.php|\.css) [NC]

?

The first two rules:

   location / {
       rewrite  ^/([\w\-]*-(f|all)\d+(p\d+|/index\d*)?\.html)$
/page.php/$1;
       rewrite  ^/([\w\-]*-(t|p)\d+(p\d+|/index\d*)?\.html)$
/page.php/$1;

       ...
   }
AMP Admin (Guest)
on 2009-04-24 20:31
(Received via mailing list)
Sorry, I forgot a line:
RewriteCond %{REQUEST_URI} !(index\.php|\.css) [NC]
RewriteRule ^(archive|sitemap)/(.*)$ $1/index.php/$2 [QSA,L]
This topic is locked and can not be replied to.