Hi, I’m a deployment newbie and ran into an error in my nginx config
file (pasted below). Any pointers are very much appreciated. I am
setting up NGINX on Mac OS 10.5.6 to test before deploying a Rails app
on an AWS Ubuntu Hardy ami. The error message is:

[emerg] 14296#0: getgrnam(“root”) failed in
/usr/local/nginx/conf/nginx.conf:1

My nginx.conf file looks like:

user root root;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

pid /usr/local/nginx/logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]

$request ’
'"$status" $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /usr/local/nginx/logs/access.log  main;

#sendfile        on;
tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

gzip  on;

gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
gzip_types text/plain text/html text/css application/x-javascript
text/xml application/xml application/xml+rss text/javascript;

include /etc/nginx/vhosts/*.conf;
}

---

And my /etc/nginx/vhosts/site_name.conf looks like:

Load balance to mongrels

upstream mongrel_cluster1 {
server 0.0.0.0:8040;
server 0.0.0.0:8041;
server 0.0.0.0:8042;
server 0.0.0.0:8043;
server 0.0.0.0:8044;
}

Begin virtual host configuration

server {
listen 80;
server_name localhost;
root /Users/John/rails/site_name/public;
client_max_body_size 50M;
access_log /usr/local/nginx/logs/site_name.access.log main;
error_page 500 502 503 504 /50x.html;

First rewrite rule for handling maintenance page

if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}

location / {
    index  index.html index.htm;

# Forward info about the client and host
# Otherwise Rails app won't have access to it.
proxy_set_header  X-Real-IP  $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header  Host  $http_host;
proxy_max_temp_file_size  0;

# Directly serve static content
location ~ ^/(images|javascripts|stylesheets)/ {
  expires 10y;
}
if (-f $request_filename) {
  break;
}

# Directly serve cached pages
if (-f $request_filename.html) {
  rewrite (.*) $1.html break;
}

# Otherwise let Mongrel handle the request
if (!-f $request_filename) {
  proxy_pass http://mongrel_cluster1;
  break;
}
}

}

---

Also, if I define two mongrel clusters, can I configure with an extra
proxy_pass statement as follows?:

upstream mongrel_cluster1 {
server 0.0.0.0:8040;
server 0.0.0.0:8041;
server 0.0.0.0:8042;

}
upstream mongrel_cluster2 {
server 0.0.0.0:8050;
server 0.0.0.0:8051;
server 0.0.0.0:8052;

}

Otherwise let Mongrel handle the request

if (!-f $request_filename) {
  proxy_pass http://mongrel_cluster1;
                    proxy_pass http://mongrel_cluster2;
  break;
}

Thank you!,
John

Prolly shouldn’t run this as root.

My guess would be to change user root root; to user nginx nginx; and see
what happens.

AMP Admin wrote:

Prolly shouldn’t run this as root.

My guess would be to change user root root; to user nginx nginx; and see
what happens.

Thanks for the response. It seems the problem was that on my Mac there
was no group ‘root’, so I put ‘wheel’ and nginx starts up.

Prolly shouldn’t run this as root.

Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
so all of my capistrano code checkouts happen under root, so then my
mongrels need to be run as root so they can write to log files/folders.
I guess I can customize the cap task to switch user after SSH and before
checking out the repository.

Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won’t
that run it as root?

Using the same configuration, I get a 502 error when navigating to
http://localhost

The error log look like the following for each request:
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8082/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8080/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8081/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 no live upstreams while
connecting to upstream, client: 127.0.0.1, server: localhost, request:
“GET / HTTP/1.1”, upstream: “http://mongrel_cluster1/”, host:
“localhost:80”

I get the nginx 502 Bad Gateway page.

On Tue, Apr 21, 2009 at 07:38:36AM +0200, John Mccarthy wrote:

Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
so all of my capistrano code checkouts happen under root, so then my
mongrels need to be run as root so they can write to log files/folders.
I guess I can customize the cap task to switch user after SSH and before
checking out the repository.

Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won’t
that run it as root?

No, only master process should be run as root, the workers should be run
as unprivileged user, say, nobody.

John Mccarthy wrote:

AMP Admin wrote:

Prolly shouldn’t run this as root.

My guess would be to change user root root; to user nginx nginx; and see
what happens.

Thanks for the response. It seems the problem was that on my Mac there
was no group ‘root’, so I put ‘wheel’ and nginx starts up.

Prolly shouldn’t run this as root.

Yeah, It seems that AWS only lets you SSH in to an EC2 instance as root,
so all of my capistrano code checkouts happen under root, so then my
mongrels need to be run as root so they can write to log files/folders.
I guess I can customize the cap task to switch user after SSH and before
checking out the repository.

Since I need to sudo /usr/local/nginx/sbin/nginx to start nginx, won’t
that run it as root?

Using the same configuration, I get a 502 error when navigating to
http://localhost

The error log look like the following for each request:
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8082/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8080/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 kevent() reported that
connect() failed (61: Connection refused) while connecting to upstream,
client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”,
upstream: “http://0.0.0.0:8081/”, host: “localhost:80”
2009/04/21 01:30:21 [error] 14504#0: *20 no live upstreams while
connecting to upstream, client: 127.0.0.1, server: localhost, request:
“GET / HTTP/1.1”, upstream: “http://mongrel_cluster1/”, host:
“localhost:80”

I get the nginx 502 Bad Gateway page.

I found the error. In my mongrel_cluster.yml configuration file, I
specified the address as localhost, instead of 0.0.0.0.

Thanks for your help!,
John

I see a lot of the following in our log. Anyone know what might be
causing this?

[info] 15399#0: 15062 client ...* closed keepalive connection (104:
Connection reset by peer)
[info] 15401#0: 15199 client ...* closed keepalive connection
[warn] 15399#0: 14910 an upstream response is buffered to a temporary
file /tmp/fastcgi/7/07/0000000077 while reading upstream, client:
...*, request: “GET /page.php?e=29306 HTTP/1.0”, upstream:
“fastcgi://127.0.0.1:9000”, referrer:
“http://forum.forum.com/page2.php?g=5”

On Tue, Apr 21, 2009 at 12:30:57PM -0500, AMP Admin wrote:

I see a lot of the following in our log. Anyone know what might be causing this?

[info] 15399#0: 15062 client ...* closed keepalive connection (104: Connection reset by peer)

MSIE has closed a keepalive connection (this is normal).

[info] 15401#0: 15199 client ...* closed keepalive connection

A browser has closed a keepalive connection (this is normal).

[warn] 15399#0: 14910 an upstream response is buffered to a temporary file /tmp/fastcgi/7/07/0000000077 while reading upstream, client: ...*, request: “GET /page.php?e=29306 HTTP/1.0”, upstream: “fastcgi://127.0.0.1:9000”, referrer: “http://forum.forum.com/page2.php?g=5”

Probably you need to increase

http://wiki.nginx.org/NginxHttpProxyModule#proxy_buffer_size
and
http://wiki.nginx.org/NginxHttpProxyModule#proxy_buffers

On Tue, Apr 21, 2009 at 04:00:06PM -0500, AMP Admin wrote:

Is that for multiple servers? Nginx is the only webserver on this box…
it’s nginx, xcach, php-fmp, php, and mysql.

I do not understand the question about multiple servers.

Is that for multiple servers? Nginx is the only webserver on this
box…
it’s nginx, xcach, php-fmp, php, and mysql.

On Wed, Apr 22, 2009 at 08:53:18AM -0500, AMP Admin wrote:

I thought the proxy settings where for transferring requests to other
servers. This is the only server so we don’t use the proxy module.

Sorry, I did not notice the line “fastcgi://127.0.0.1:9000”.
Then you need to tune fastcgi_buffer_size and fastcgi_buffers.
These directives are similar to the proxy_ ones.

I thought the proxy settings where for transferring requests to other
servers. This is the only server so we don’t use the proxy module.

Maybe a stupid question but how do I figure out what size they should be
set
at?

I saw this on the following on the web. Do you think it will work for
me?

  location ~ \.php$ {
       fastcgi_buffer_size   32k;
       fastcgi_buffers       4 32k;
       ...
  }

On Wed, Apr 22, 2009 at 09:39:22AM -0500, AMP Admin wrote:

Maybe a stupid question but how do I figure out what size they should be set
at?

I saw this on the following on the web. Do you think it will work for me?

  location ~ \.php$ {
       fastcgi_buffer_size   32k;
       fastcgi_buffers       4 32k;
       ...
  }

These setting means that FastCGI responses more than 32k + 4 * 32k =
160k
will buffer to temp files. See sizes of your repsonses and increase
number
of buffers accordingly, say,

         fastcgi_buffers       6 32k;
         fastcgi_buffers       8 32k;
         etc.

On Wed, Apr 22, 2009 at 10:47:50AM -0500, AMP Admin wrote:

Thanks for all of your replies!

One more question… how do I check the response sizes?

In access_log or in browser info page.

Anyone else get spam or bots go after their site after sending messages
to
this list?

I’m not sure if it’s related but that’s what I’m trying to find out.

Thanks for all of your replies!

One more question… how do I check the response sizes?

Are you getting email spam? Or spam posts at your site? Spambots have an
easy time finding vBulletin sites. Are you using Akismet or similar spam
blocking method? I find Akismet works very well at my vBulletin sites.
It put such posts in the moderation queue so they be can quickly
deleted.

Jim

Maybe this can help you:
http://www.bad-behavior.ioerror.us/

HTH,
Nuno Magalhães

Yea, spam posts. Most the email address are from .ru and I’ve never seen
that on my site before. I’m not saying it’s from this list but since it
started right around the same time I thought I would check.

It seems like they’re getting smarter too. I created a thread to
discuss
this on vbulletin too:
http://www.vbulletin.com/forum/showthread.php?p=1725647#post1725647

I’ll take a look at Akismet… thanks!

Sorry for a simple question but I’m just not that good at regex and
nginx
yet. Can someone help me convert the .htaccess rewrite to nginx?

RewriteRule ^([a-z0-9_-]-(f|all)[0-9]+(p[0-9]+|/index[0-9])?.html)$
page.php/$1 [QSA,L]
RewriteRule ^([a-z0-9_-]-(t|p)[0-9]+(p[0-9]+|/index[0-9])?.html)$
page.php/$1 [QSA,L]
RewriteCond %{REQUEST_URI} !(index.php|.css) [NC]