puppet-nginx icon indicating copy to clipboard operation
puppet-nginx copied to clipboard
verified publisher icon voxpupuli

Duplicate listen options when using IPv6 with www. redirect

Open linuxdaemon opened this issue 6 years ago • 5 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 4.10.10
  • Ruby: 2.1.9p490 (2016-03-30 revision 54437) [x86_64-linux]
  • Distribution: Ubuntu Server 16.04
  • Module version: 0.15.0

How to reproduce (e.g Puppet code you use)

include nginx

nginx::resource::server { 'example.com':
  ipv6_enable            => true,
  rewrite_www_to_non_www => true,
}

What are you seeing

Nginx fails to load after the puppet run due to duplicate listen options. The default option is added to the ipv6 listen directive in both the example.com server block and the www.example.com server block.

What behaviour did you expect instead

The ipv6only and default options can only be set once, including them in both server blocks will break.

Output log

Error: /Stage[main]/Nginx::Service/Service[nginx]/ensure: change from stopped to running failed: Systemd start for nginx failed!
journalctl log for nginx:
-- Logs begin at Tue 2018-12-25 23:13:37 CST, end at Wed 2018-12-26 10:09:21 CST. --
Dec 26 10:07:39 linuxdaemon-desktop systemd[1]: Starting nginx - high performance web server...
Dec 26 10:07:39 linuxdaemon-desktop nginx[5663]: nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/example.com.conf:12
Dec 26 10:07:39 linuxdaemon-desktop systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 26 10:07:39 linuxdaemon-desktop systemd[1]: Failed to start nginx - high performance web server.
Dec 26 10:07:39 linuxdaemon-desktop systemd[1]: nginx.service: Unit entered failed state.
Dec 26 10:07:39 linuxdaemon-desktop systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 26 10:08:02 linuxdaemon-desktop systemd[1]: Starting nginx - high performance web server...
Dec 26 10:08:02 linuxdaemon-desktop nginx[6296]: nginx: [emerg] a duplicate default server for [::]:80 in /etc/nginx/sites-enabled/example.com.conf:12
Dec 26 10:08:02 linuxdaemon-desktop systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 26 10:08:02 linuxdaemon-desktop systemd[1]: Failed to start nginx - high performance web server.
Dec 26 10:08:02 linuxdaemon-desktop systemd[1]: nginx.service: Unit entered failed state.
Dec 26 10:08:02 linuxdaemon-desktop systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 26 10:09:13 linuxdaemon-desktop systemd[1]: Starting nginx - high performance web server...
Dec 26 10:09:13 linuxdaemon-desktop nginx[7008]: nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/example.com.conf:12
Dec 26 10:09:13 linuxdaemon-desktop systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 26 10:09:13 linuxdaemon-desktop systemd[1]: Failed to start nginx - high performance web server.
Dec 26 10:09:13 linuxdaemon-desktop systemd[1]: nginx.service: Unit entered failed state.
Dec 26 10:09:13 linuxdaemon-desktop systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 26 10:09:21 linuxdaemon-desktop systemd[1]: Starting nginx - high performance web server...
Dec 26 10:09:21 linuxdaemon-desktop nginx[7619]: nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/example.com.conf:12
Dec 26 10:09:21 linuxdaemon-desktop systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 26 10:09:21 linuxdaemon-desktop systemd[1]: Failed to start nginx - high performance web server.
Dec 26 10:09:21 linuxdaemon-desktop systemd[1]: nginx.service: Unit entered failed state.
Dec 26 10:09:21 linuxdaemon-desktop systemd[1]: nginx.service: Failed with result 'exit-code'.

Notice: Applied catalog in 0.96 seconds

Any additional information you'd like to impart

ipv6only and default listen options can only be set once according to nginx documentation.

linuxdaemon avatar Dec 26 '18 16:12 linuxdaemon

The issue also occurs when using listen_options => 'default_server'

linuxdaemon avatar Jan 08 '19 23:01 linuxdaemon

I can confirm this issue, not sure how to fix it now.

robinbohnen avatar Mar 06 '19 13:03 robinbohnen

workarround = specify ipv6_listen_options: ' ' on second server Not clean, but it works.

veninga avatar Jun 26 '19 08:06 veninga

That does not work since you can not set ipv6_listen_options separately for the additionally created server block if you specify rewrite_www_to_non_www = true

aponert avatar Jun 13 '20 23:06 aponert

I think this is a general bug with the ipv6 setup and not a bug specific to the rewrite_www_to_non_www. Using the server-define multiple times (just following the documentation) with enable_ipv6 set true will cause more than one server instance to be set up with "default" and "ipv6_only" as listen-options, while only one server instance can have this set. Manually setting ipv6_listen_options to blank on all server instances except for one is an ugly workaround, and does not work for the cases where rewrite_www_to_non_www is set.

Suggestion for a proper solution (but it may break backward-compatibility a bit):

  • Add the global parameter nginx::ipv6_enable (make it possible to override it through nginx::resource::server::ipv6_enable)
  • Let the module control the default vhost (possibly it varies dependent on the OS/distribution/package that is installed, but such a default seems to already be set up when installing the package), and ensure it listens to ipv6 if nginx::ipv6_enable is set to true
  • Let nginx::resource::server::ipv6_listen_options be blank by default.

I cannot promise anything, but if someone can confirm that this is the way, maybe I'll have time to make a pull request.

tobixen avatar Jan 02 '21 15:01 tobixen