Nginx exit with error code

Report a bug
I installed OnlyOffice Docs following this guide and Nginx constantly stops working.

systemctl status nginx give me this:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: failed (Result: signal) since Fri 2021-08-20 00:00:49 BST; 6h ago
       Docs: man:nginx(8)
    Process: 44897 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 44912 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 141267 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
   Main PID: 44913 (code=killed, signal=SEGV)
      Tasks: 0 (limit: 2317)
     Memory: 4.1M
     CGroup: /system.slice/nginx.service

Aug 18 10:10:07 GreenCloud.1629187004 systemd[1]: Starting A high performance web server and a reverse proxy server...
Aug 18 10:10:07 GreenCloud.1629187004 systemd[1]: Started A high performance web server and a reverse proxy server.
Aug 19 00:00:18 GreenCloud.1629187004 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Aug 19 00:00:19 GreenCloud.1629187004 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: nginx.service: Main process exited, code=killed, status=11/SEGV
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: nginx.service: Killing process 80602 (nginx) with signal SIGKILL.
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: nginx.service: Killing process 80602 (nginx) with signal SIGKILL.
Aug 20 00:00:49 GreenCloud.1629187004 systemd[1]: nginx.service: Failed with result 'signal'.

Document Server version: How do I check it?
Type of installation of the Document Server: Package
OS: Ubuntu 20.04
Browser version:

Hello kingii.

Please note that we strongly recommend to use our official guides.

For Docker: Installing ONLYOFFICE Docs for Docker on a local server - ONLYOFFICE

For package: Installing ONLYOFFICE Docs for Debian, Ubuntu, and derivatives - ONLYOFFICE

Document Server version: How do I check it?

Please run apt list --installed | grep onlyoffice and show us the result.

Also please provide us with some additional information about your installation. Are you using clean OS? I mean no other apps are installed on the server.

As for the issue in general. Please execute this command unlink /etc/nginx/modules-enabled/50-mod-http-perl.conf. After that execute service nginx restart and check if the issue is reproduced again.

Hello Alexandre

I am currently using 6.3.2-2 version.
It was a clean OS, it’s running only Docs.

I will update if problem will happen again, thanks for your help.

Hi,

I am facing the same issue as @kingii , I have followed the same guide and installed the OnlyOffice server. The server is running fine but as by him, it will stop from time to time. Sometimes it is enough to SSH to the server and run: nginx -t and it will run again… I have no idea what is the root cause for this. It was a fresh install of Ubuntu and only OnlyOffice is running there.

I have tried the “unlink” command but the server stopped responding after some time again.
onlyoffice-documentserver/squeeze,now 7.0.1-37 amd64 [installed]

Any idea what to try next?

edit: I have tried to install the document server using the official guide but the problem presist. I am running the server on a VM on Proxmox. I have checked today the logs but couldnt find anything there. Any idea on what to check would be appreciated.

thx, tomas

Hi Tomas

I would strongly recommend you to re-deploy every service using docker. Onlyoffice even has this GitHub repository and the whole process is very easy, ones you will read all files. If you need any help - feel free to ask or PM.

Hi,

thank you for the suggestion. I was upgrading Proxmox today in the morning and so far it went down just once, a new record, heh… I have no idea what could be the trigger and I am afraid that the same will happen on the Docker image since the cause could be in the Proxmox env as well, although noting in the logs.

Anyway, I took a look on the installation procedure, seems easy enough, however, what method did you used for the HTTPS, letsencrypt? like below?

sudo docker run -i -t -d -p 80:80 -p 443:443 \
    -e LETS_ENCRYPT_DOMAIN=yourdomain.com -e LETS_ENCRYPT_MAIL=email@example.com  onlyoffice/documentserver

thx, tomas

Hi,

I think the timeout or non-working onlyoffice server is due to RabbitMQ. I found this error in the log, somewhere at the time I have noticed that the server is offline.

2022-03-16 18:43:22.966 [error] <0.12619.1> closing AMQP connection <0.12619.1> (127.0.0.1:38158 -> 127.0.0.1:5672):
{handshake_timeout,handshake}

However, I have no idea what could be the root cause for this. Any idea?

tomas

Hi Tomas.

That’s the good part about docker and containers in general, they are working isolated from each other and Nginx config for onlyoffice won’t interfere with your config for nextcloud. I suggest you take a look at portainer, that’s a great web UI for managing docker containers and it will make things A LOT easier if you are learning.

Back to your question, I am using a local DNS server and self-signed certificates but you can just make valid certs with letsencrypt without using docker.

So this is my docker-compose file (stacks in portainer), just change usernames and passwords

version: '3'
services:
  app:
    container_name: app-server
    image: nextcloud:fpm
    restart: always
    expose:
      - '80'
      - '9000'
    volumes:
      - /home/docker/nextcloud/app_data:/var/www/html
      - /home/docker/nextcloud/config/php.ini:/usr/local/etc/php/conf.d/zzz-custom.ini
    environment:
      - MYSQL_PASSWORD=your_db_password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - OVERWRITEPROTOCOL=https
    networks:
      - frontend
      - backend
  db:
    image: mariadb
    container_name: nextcloud_db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
    volumes:
      - /home/docker/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=mysql_root_password
      - MYSQL_PASSWORD=your_db_password
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - backend
  
  onlyoffice-document-server:
    container_name: onlyoffice-document-server
    image: onlyoffice/documentserver:latest
    restart: always
    expose:
      - '80'
      - '443'
    volumes:
      - /home/docker/onlyoffice/document_data:/var/www/onlyoffice/Data
      - /home/docker/onlyoffice/document_log:/var/log/onlyoffice
    environment:
      - USE_UNAUTHORIZED_STORAGE=true
    networks:
      - frontend

  nginx:
    container_name: nginx-server
    image: nginx
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - /home/docker/nextcloud/config/nginx-ssl.conf:/etc/nginx/nginx.conf:ro
      - /home/docker/nextcloud/config/certs:/etc/nginx/certs:ro
      - /home/docker/nextcloud/config/common.conf:/etc/nginx/common.conf:ro
      - /home/docker/nextcloud/app_data:/var/www/html
    networks:
      - frontend
      - backend

  redis:
    image: redis:latest
    container_name: nextcloud_redis
    restart: always
    networks:
      - backend
    volumes:
      - /home/docker/nextcloud/redis:/var/lib/redis


volumes:
  document_data:
  document_log:
  app_data:
  mysql_data:
  
networks:
  frontend:
  backend:

To understand the basics of docker I would strongly recommend you youtube channel Digital Life and read the official documentation.

So basically this docker-compose file will deploy five containers. The nextcloud fpm, mariadb, onlyoffice, nginx web server, and redis.
As you can see all my volumes are stored at /home/docker/app_name/service_name and I do it like that just because I feel like it, you can store it wherever you want.
I mapped php.ini from my host system to the NC container to overwrite some settings that allow me to upload bigger files and allow PHP to use more ram.
php.ini:

upload_max_filesize=1G
post_max_size=1G
memory_limit=2G

Next, you can see a few folders/files are mapped to nginx container.
File nginx-ssl.conf is mapped to nginx container as nginx.conf and it contains the following:

user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

    upstream backend {
        server app-server:9000;
    }


    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    map $http_host $this_host {
        "" $host;
        default $http_host;
    }

    map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

    map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $this_host;
    }

    server {
        listen 80;

        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 80;
        server_name nginx-server;

        include /etc/nginx/common.conf;
    }

    server {
        listen 443 ssl;

        ssl_certificate     /etc/nginx/certs/fullchain.pem;
        ssl_certificate_key /etc/nginx/certs/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        include /etc/nginx/common.conf;
    }
}

As you noticed, SSL certificates are stored at /etc/nginx/certs/ inside the container, but at the host system they will be at /home/docker/nextcloud/config/certs

And the last one, nginx-ssl.conf is pointing to /etc/nginx/common.conf, which is also mapped to container. It contents:

# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;

gzip off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
#rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger;
#rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location / {
    rewrite ^/remote/(.*) /remote.php last;
    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
    try_files $uri $uri/ =404;
}

location ~* ^/ds-vpath/ {
    rewrite /ds-vpath/(.*) /$1  break;
    proxy_pass http://onlyoffice-document-server;
    proxy_redirect     off;

    client_max_body_size 100m;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
    proxy_set_header X-Forwarded-Proto $the_scheme;
}

location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass backend;
    fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
}

After deploying all containers you can run set_configuration.sh from the git repository mentioned above. Note that bash script requires container names to be like it docker-compose, so if you would like to rename your containers you should also make changes to the scrips.

And that’s it, you should be able to use your services after that.

Hi kingii,

thank you a lot for your answer and I am sorry for my belated one.
I do have some experience with Docker and Docker compose but your guide is outstanding and super helpful, thank you for it!

Currently I am still observing the installation I had since I am a afraid that the issues I see could be connected to the Proxmox settings, Server HW or OPNsense firewall, or combination of course of all of these. Although I cant find anything suspicious in the logs and I am running as well another VMs, it can be the cause for this. If yes, even with Docker I would see the same issues and thus identifying the issue could help me to ensure it would be working properly.

I have found another entry in a log referring to snap and certbot:

error: snap "certbot" is not available on stable but is available to install on the following channels:
edge snap install --edge certbot

After some reading it could malfunction the whole setup and thus cause my issues. I have then run the core installation of snap and apparently it wasn’t installed.

sudo snap install core

At this moment the onlyoffice is running for the longest time every without an issue but I was positive as well before so I am waiting to see if it will help or not. If yes, I would decide if to stay at the current setup or go to Docker.

As for Docker, how do you update the images? Just deleting the current image and bringing up the latest one?

thank you, Tomas

Hi Tomas,

Glad that I could help you, I expect you to help someone one day

I personally had a bad experience with snap in general and I don’t use it, so can’t help with that. To update the docker image you have to re-deploy your container and if there is a newer version - it will download it, but better check official documentation for each application. The good thing is that all dependencies are inside the container so “in theory” updates are much safer but still there can be problems, like when upgrading a major version. Good thing is that you can specify what version to use, for example on onlyoffice dockerhub there are a lot of versions and you can stick to a specific one that works for you. Also, portainer have a section for images and you can easily delete unused ones.

Also, if you are using proxmox, you can use portainer agent to connect multiple endpoints to one portainer installation and rule them all from one webui, it’s very convenient.

If you have an architecturally complicated setup then I guess the best way for you will be to deploy the second instance of nc+onlyoffice on a separated VM and check if the problem will be solved or you will get the error on both installations. That way you can define that problem was in the installation itself or proxmox or whatever.