Huge thanks to Ganbold Tsagaankhuu who finally got to the bottom of this issue.

NginX is a great web server, and is built from the ground up for high volume, zero down time environments.

One of the most basic features of such a service is the ability to restart completely (not just child processes, which is what apache does) without missing a request.

For FreeBSD users this is available via the service nginx upgrade command, for other OSes you can send the SIGUSR2 to the master process. SIGUSR2 is documented as such:

SIGUSR2          Upgrade the nginx executable on the fly.

We’ve used this for years, however a few weeks ago we ran into an issue under FreeBSD where performing this resulted in a number of errors, an unclean shutdown and ultimately NginX not coming back up because old processes were still tying up the listen() port but not actually functioning. The nginx-errors log entries looked like this:

2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 [error] 73757#0: shutdown() failed (54: Connection reset by peer)
2016/06/27 00:18:58 
 73753#0: worker process 73757 exited on signal 11
2016/06/27 00:18:56 [emerg] 74294#0: bind() to 1.2.3.4:443 failed (48: Address already in use)
nginx: [emerg] bind() to 1.2.3.4:443 failed (48: Address already in use)
2016/06/27 00:18:56 [emerg] 74294#0: still could not bind()
nginx: [emerg] still could not bind()

After much debugging and opening a FreeBSD PR with the port maintaner we discovered it was due to OpenSSL (from FreeBSD ports) being compiled with assembler optimizations.

Once we recompiled OpenSSL without this the problem went away. Hopefully this saves someone some hair pulling 🙂

Call 1-828-376-0458 to Work With Professionals Who Truly Understand FreeBSD

A-Team Systems is a proud supporter of the FreeBSD Foundation and many of our administrators are direct project contributors.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Adam Strohl

FreeBSD & Linux Support

Get Professional Support Now

Only pay for what you need FreeBSD and Linux support services, starting at $165 an hour.