NGINX Error: ’98: Address already in use’

KB ID 0001694

Problem

After an update, (WordPress – unrelated) yesterday, this website fell over! I rebooted the host, site was still down. I reluctantly restored to the previous evenings backup, and powered on the server. Alarmingly the site was still down!

I logged a call to my VPS provider, and attempted to troubleshoot the problem while I was waiting.

Very soon it was apparent my server appeared to be OK, but my web hosting platform (NGINX) was not running, and when I attempted to get it running this happened;

[box]

Aug 12 13:42:28 localhost nginx[2045]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Aug 12 13:42:28 localhost nginx[2045]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 12 13:42:29 localhost nginx[2045]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Aug 12 13:42:29 localhost nginx[2045]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 12 13:42:29 localhost nginx[2045]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Aug 12 13:42:29 localhost nginx[2045]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 12 13:42:30 localhost nginx[2045]: nginx: [emerg] still could not bind,()
Aug 12 13:42:30 localhost systemd[1]: nginx.service: Control process exited, code=exited status=1
Aug 12 13:42:30 localhost systemd[1]: nginx.service: Failed with result 'exit-code'.
Aug 12 13:42:30 localhost systemd[1]: Failed to start A high performance web server and a reverse proxy server.

[/box]

Solution

A Google search kept pointing me towards my config files for NGINX being improperly formatted for port 80, but a) NIGINX has been running fine since the server was built, and b) I update things regularly! But nevertheless I wasted an hour and half going down that road. THIS WAS A BLIND ALLEY, MY NGINX CONFIG FILES WERE FINE! 

Other posts were, (more correctly) telling me something is using that port (TCP 80 or HTTP). So, to find out what;

[box]

sudo netstat -plant | grep 80

[/box]

BOOM! theres my problem Apache, what’s that doing running? I’m pretty sure I (stupidly) managed to install this a while ago, when updating my PHP to the latest version. I’m guessing that this had been a ticking time bomb and my WordPress update and reboot had caused it to explode! This would also explain why a restore didn’t fix the problem!

Lets stop and disable Apache;

[box]

sudo systemctl disable apache2 && sudo systemctl stop apache2

[/box]

And then (fingers crossed) start NGINX;

[box]

service nginx start
sudo service nginx status

[/box]

Site back up and running again (lesson learnt!)

Related Articles, References, Credits, or External Links

NA

NGINX: Redirect HTTP to HTTPS

KB ID 0001617

Problem

Rather by accident I discovered this was not working on the site. I know it used to work, but when the old certificate expired last year I was on holiday in The States, and had a panic trying to disable https, (to keep the site up until I got back and bought a new cert). So I’m guessing its been broken since then.

Solution

I spent about two days looking at forums about how to do this, and every time I edited the NGINX default file, the site stopped working. In the end I found one post in the middle of a discussion about this and that was the ONLY solution that worked for me.

Paste the following WITHIN your server block.

[box]

# Force HTTP to HTTPS Redirection (Entire Site)
if ($scheme != "https") {
    rewrite ^ https://$host$uri permanent;
}

[/box]

Related Articles, References, Credits, or External Links

NA

Certificate Chain Incomplete

KB ID 0001570

Problem

The certificate here at PNL expired over the weekend, I got a new one and installed it. All appeared to be fine until I did an online check to make sure it was OK. 

The server’s certificate chain is incomplete

Solution

I had this problem once before, back then I was using Apache and CentOS7, and things were a little different, (now I’m using NGINX and Ubuntu 18.04). Essentially you see this error because you have bought a ‘cheap‘ SSL certificate. There’s nothing wrong with that per se, but they tend to be issued from an ‘Intermediate CA‘. Again there’s nothing wrong with that either, but to improve your score you need to ‘Embed‘ the intermediate certificate, into your SSL certificate, (or all the intermediates back to a Root CA Server, if you have multiple intermediate certificates!) 

Here I have ONE intermediate, (which is pretty normal.)

There a no special tools you require to be able to do this, other than a simple text editor, you open your SSL certificate and ‘Paste” the intermediate certificate on the bottom. (DO NOT ADD ANY EXTRA SPACES). Like so;

Note: As you can see, you DON’T put the Root CA certificate at the bottom, (clients should already have them!) I made this mistake then got the following error;

[box]

Jun 23 14:12:29 localhost nginx[1197]: nginx: [emerg] PEM_read_bio_X509("/etc/nginx/ssl/www_petenetlive_com.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
Jun 23 14:12:29 localhost nginx[1197]: nginx: configuration file /etc/nginx/nginx.conf test failed

[/box]

Retry your test.

Related Articles, References, Credits, or External Links

NA

Nginx Error – 413 Request Entity Too Large

KB ID 0001325 

Problem

A few weeks ago I did a series on setting up a new WordPress site, shortly after I had some problems uploading my caching plugin (wp-rocket). This was the error I got;

413 Request Entity Too Large
nginx/1.10.3 (Ubuntu)

Anyway, I fixed the error, and a few days later I got an email from someone with the same problem, so I thought this time I would document the fix.

 

Solution

Note: I’m going to raise the limits to 100Mb this might be far to large for you, 20 or 50Mb might be more sensible for most sites.

Firstly you need to make an entry in the nginx.conf file

[box]sudo nano /etc/nginx/nginx.conf[/box]

If you’re unused to working in these config files, you are looking for the http section, just before this sections ends (i.e. before the end curly bracket ‘}’), insert the following text.

[box]client_max_body_size 100M;[/box]

Exit and Save the file (ctrl+x, then ‘y’ {Enter}.

Restart nginx.

[box]sudo service nginx restart[/box]

You will also need to enter the new values in the php.ini file.

[box]sudo nano /etc/php/7.0/fpm/php.ini[/box]

Change the following values, like so;

upload_max_filesize = 100M
post_max_size = 100M

Exit and save the file, then restart PHP.

[box]sudo service php7.0-fpm restart[/box]

 

Related Articles, References, Credits, or External Links

WordPress – HTTP Error

Ubuntu: Setting Up a WordPress Website with LEMP – Part 1

KB ID 0001318 

Problem

At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).

So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.

Solution

Installing Linux

You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.

The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.

Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.

Update The Server

It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.

[box]sudo apt update[/box]

In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);

[box]sudo apt upgrade[/box]

Change the Linux SSH Port

Note: If you built the server, you may need to install openssh server.

[box]sudo apt-get install openssh-server[/box]

I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).

Edit the SSH config file;

[box]sudo nano /etc/ssh/sshd_config[/box]

Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).

Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;

Ubuntu: Allow SSH access for ‘root’ user

Don’t forget to restart the service;

[box]sudo service ssh restart[/box]

Protect Your Web Server With a Firewall

Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.

I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.

Run the following commands;

[box]

sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2223/tcp

[/box]

Then enable the firewall, and set it so that it starts when the server reboots, you can also check its status for peace of mind;

[box]

sudo ufw enable
sudo ufw status

[/box]

Install and Configure MariaDB

Like most things Linux, installing MariaDB is simple, run the following command;

[box]sudo apt install mariadb-server mariadb-client[/box]

Then make sure it’s up and running;

[box]systemctl status mysql[/box]

Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back

Set MariaDB to start when the server restarts;

[box]systemctl enable mariadb[/box]

Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;

[box]sudo mysql_secure_installation[/box]

Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.

Create Your WordPress Database

WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;

  • A database name.
  • A username to access the database.
  • A password for that user.

So in the following example I will use;

  • Database Name: PETESDATABASE
  • Username: petesuser
  • Password: P@ssword12345

Execute the following commands one by one;

[box]

sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit

[/box]

 

In Part Two, we will install nginx and PHP.

Related Articles, References, Credits, or External Links

NA