Nginx on The Gnu Pit

Upgrading to Debian 13 Trixie

Tue, 12 Aug 2025 07:12:15 -0500

Ah, the trials and tribulations of upgrading Debian 12 Bookworm to Debian 13 Trixie! I learned a valuable lesson this weekend with the update - always read the apt listchanges email. Always.

The upgrade itself went smoothly with no errors during the packages upgrading/installing. I run three main services on my server - nginx, exim, and dovecot. On reboot, all three had issues with the upgraded packages.

nginx

I received the following error in my nginx error.log:

Nginx, OCSP stapling, booting, systemd and Debian 9

Sun, 10 Dec 2017 18:26:24 -0500

Noticed these lines in journalctl when nginx didn’t start after a reboot:

Dec 10 17:43:30 mail1 nginx[3485]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/etc/letsencrypt/live/www.example.com/fullchain.pem"
Dec 10 17:43:30 mail1 nginx[3485]: nginx: [emerg] bind() to [<IPv6 address>]:80 failed (99: Cannot assign requested address)
Dec 10 17:43:30 mail1 nginx[3485]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Unit entered failed state.
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 10 17:52:35 mail1 systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Hmmm…

Let's Encypt SSL Certificates with Exim, Dovecot & NGINX

Fri, 19 May 2017 14:32:24 -0500

I ran into two issues when setting up Let’s Encrypt SSL certificates on two of my servers - permission issues for Exim and the certbot cron job supplied by the package doesn’t handle the renew very well for nginx, exim or dovecot.

Resolving Exim’s Permission Problems

1. Create a new group. I named it sslcerts. Add the exim user to that group. If you’re not using Debian, adjust the user in the command below.

Boot issue with systemd and NGINX

Mon, 08 May 2017 21:11:24 -0500

I ran into a problem with NGINX failing to start on boot/reboot on my Debian 8 (Jessie) server. After reviewing what seemed like a hundred sites to try to find a fix, I stumbled across one solution that worked, but was incredibly inelegant. This was to add:

RestartSec=30s
Restart=on-failure

to nginx.service in the [Service] section using the override.conf. It worked but didn’t fix the underlying problem.

A quick look using journalctl -u nginx showed that the service was failing because the IPv6 address hadn’t been assigned to the network adaptor yet. This caused nginx to fail because it couldn’t bind to the IPv6 port. Here are the log lines:

Script: Assemble NGINX Configuration Files

Fri, 12 Sep 2014 19:19:24 -0500

merge-ngx-conf.pl is a perl script used to assemble a set of nginx configuration files for one site. It has a number of options. See the bitbucket page or the help documentation in the script itself.

In its simplest form, it’s called by issuing this command:

merge-ngx-conf.pl /path/sites-available/filename

The output is an assembled nginx configuration file with all the includes inserted. Using nginx.conf and domain.conf (or just domain.conf depending on the options selected), the script iterates through the include directives in the files and inserts the text from the referenced file. The script handles wildcard masks and follows include directives down multiple levels (i.e. nested levels). It will also follow referenced files in directories external to the nginx configuration directory.

nginx core module: worker_rlimit_nofile

Sat, 16 Jun 2012 00:54:24 -0500

Configuration file: nginx.conf
Block: main
Value type: number
Default: none - system determined (see notes section below)
What it does: sets the value for the maximum file descriptors
 that can be opened by a single worker process
Example: worker_rlimit_nofile 1024;

NOTES:

When any program opens a file, the operating system (OS) returns a file descriptor (FD) that corresponds to that file. The program will refer to that FD in order to process the file. The limit for the maximum FDs on the server is usually set by the OS. To determine what the FD limits are on your server use the commands ‘ulimit -Hn’ and ‘ulimit -Sn’ which will give you the per user hard and soft file limits. To determine the maximum number of FDs available, use the command ‘sysctl fs.file-max’ or ‘cat /proc/sys/fs/file-max’.