Hi,
After installing nftables looks like i’m missing something to make it work. Can’t really understand what’s I’m missing here.
Code: Select all
oot@soekris:/var/log# cat /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state established,related accept
# activate the following line to accept common local services
#tcp dport { 22, 80, 443 } ct state new accept
# count and drop any other traffic
counter drop
}
}
Code: Select all
root@soekris:~# systemctl status nftables.service
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2021-03-20 12:13:21 CET; 30min ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 191 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE)
Main PID: 191 (code=exited, status=1/FAILURE)
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: ^^^^^^^^^^^^^^
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: flush ruleset
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: ^^^^^^^^^^^^^^
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: flush ruleset
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: ^^^^^^^^^^^^^^
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: flush ruleset
Mar 20 12:13:22 soekris.home.moua7.com nft[191]: ^^^^^^^^^^^^^^
Code: Select all
root@soekris:/var/log# nft flush ruleset
Error: Could not process rule: Address family not supported by protocol
flush ruleset
^^^^^^^^^^^^^^
Code: Select all
root@soekris:~# nft --debug=all flush ruleset
Entering state 0
Reducing stack by rule 1 (line 747):
-> $$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --accepting rule at line 284 ("flush")
Next token is token "flush" (: )
Shifting token "flush" (: )
Entering state 27
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 258 ("ruleset")
Next token is token "ruleset" (: )
Shifting token "ruleset" (: )
Entering state 126
Reading a token: --accepting rule at line 611 ("
")
Next token is token "newline" (: )
Reducing stack by rule 274 (line 2025):
-> $$ = nterm ruleset_spec (: )
Stack now 0 1 27 126
Entering state 422
Reducing stack by rule 117 (line 1277):
$1 = token "ruleset" (: )
$2 = nterm ruleset_spec (: )
-> $$ = nterm flush_cmd (: )
Stack now 0 1 27
Entering state 129
Reducing stack by rule 25 (line 866):
$1 = token "flush" (: )
$2 = nterm flush_cmd (: )
-> $$ = nterm base_cmd (: )
Stack now 0 1
Entering state 44
Next token is token "newline" (: )
Shifting token "newline" (: )
Entering state 4
Reducing stack by rule 3 (line 766):
$1 = token "newline" (: )
-> $$ = nterm stmt_separator (: )
Stack now 0 1 44
Entering state 249
Reducing stack by rule 14 (line 824):
$1 = nterm base_cmd (: )
$2 = nterm stmt_separator (: )
-> $$ = nterm line (: )
Stack now 0 1
Entering state 43
Reducing stack by rule 2 (line 748):
$1 = nterm input (: )
$2 = nterm line (: )
Evaluate flush
flush ruleset
^^^^^^^^^^^^^^
---------------- ------------------
| 0000000020 | | message length |
| 02576 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 00 | | extra header |
---------------- ------------------
-> $$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --(end of buffer or a NUL)
--EOF (start condition 0)
Now at end of input.
Shifting token "end of file" (: )
Entering state 2
Stack now 0 1 2
Cleanup: popping token "end of file" (: )
Cleanup: popping nterm input (: )
---------------- ------------------
| 0000000020 | | message length |
| 00016 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 0a 00 | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 02562 | R-A- | | type | flags |
| 0000000001 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 00 00 | | extra header |
---------------- ------------------
---------------- ------------------
| 0000000020 | | message length |
| 00017 | R--- | | type | flags |
| 0000000002 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 0a 00 | | extra header |
---------------- ------------------
Error: Could not process rule: Address family not supported by protocol
flush ruleset
^^^^^^^^^^^^^^
Code: Select all
root@soekris:~# lsmod | grep ^nf
nft_counter 12475 0
nf_conntrack_ipv6 17453 0
nf_defrag_ipv6 20950 1 nf_conntrack_ipv6
nf_conntrack_ipv4 18040 0
nf_defrag_ipv4 12443 1 nf_conntrack_ipv4
nft_ct 12674 0
nf_conntrack 73428 3 nft_ct,nf_conntrack_ipv4,nf_conntrack_ipv6
nft_meta 12613 0
nft_hash 16824 0
nft_rbtree 12679 0
nf_tables_inet 12491 0
nf_tables_ipv6 12518 1 nf_tables_inet
nf_tables_ipv4 12557 1 nf_tables_inet
nf_tables 45218 8 nf_tables_inet,nf_tables_ipv4,nf_tables_ipv6,nft_ct,nft_hash,nft_meta,nft_rbtree,nft_counter
nfnetlink 12853 1 nf_tables
Code: Select all
root@soekris:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.42 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:00:24:c8:b3:9c txqueuelen 1000 (Ethernet)
RX packets 6724 bytes 1153857 (1.1 MiB)
RX errors 0 dropped 378 overruns 0 frame 0
TX packets 4120 bytes 599379 (585.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:00:24:c8:b3:9d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:00:24:c8:b3:9e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth3: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:00:24:c8:b3:9f txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 178 bytes 18728 (18.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 178 bytes 18728 (18.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Your help is appreciated
-
- Share
On 10/10/2020 at 8:57 PM, binhex said:
testing is now over, looks like its solid enough for me to release as latest, images now built for all VPN images i produce, please remove tag ‘:test’ from the repository to pull down ‘latest’ again and ‘force update’ to ensure it is the latest image thats on disk.
If you wish to switch from openvpn to wireguard then please see Q21 from the following link:-
https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md
6 minutes ago, TexasDave said:
The switch should be easy? Just swap to the «test» repository and add in the wireguard variable? Any ideas?
Not test, no. And there’s a second setting to make in the docker parameters (see link above).
- Quote
Link to comment
-
Replies
9.7k -
Created
7 yr -
Last Reply
20 min
Top Posters In This Topic
-
1826
-
481
-
332
-
200
Posted Images
- Author
-
- Share
7 minutes ago, TexasDave said:
I (believe) I have moved over to the NextGen servers successfuly. I am in the UK so using UK based servers from PIA.
Now trying to move to wireguard support but not having any joy. I attach two log files — one with wireguard enabled and one using OpenVPN.
There are a few errors in the wireguard one with this one being worrisome?
2020-10-12 11:03:56,914 DEBG 'start-script' stdout output: [warn] PIA VPN info API currently down, skipping endpoint port forward checkThe switch should be easy? Just swap to the «test» repository and add in the wireguard variable? Any ideas?
Thanks!
OpenVPN.txt 14.33 kB · 0 downloads Wireguard.txt 11.76 kB · 1 download
firstly dont use the ‘test’ tagged version, i have now pushed the button so ‘latest’ now includes wireguard support and should be used.
the error you are seeing is actually just a warning:-
2020-10-12 11:01:52,025 DEBG 'start-script' stdout output:
[info] Port forwarding is enabled
[info] Checking endpoint 'uk-london.privacy.network' is port forward enabled...
2020-10-12 11:03:56,914 DEBG 'start-script' stdout output:
[warn] PIA VPN info API currently down, skipping endpoint port forward check
so can be ignored, pia obviously had issues at the time you ran the container, everything else looks fine in the log, can you access the web ui?.
- Quote
Link to comment
-
- Share
All sorted. I had been using the «Guinea Pig» instructions and it mentioned using «test» repo. And it looks like Q21 was added recently (I did look there late last week). All sorted and beer being sent. Thanks for all the good work!
- Quote
Link to comment
-
- Share
Hello—
Thank you Binhex for creating this.
I’m having some trouble getting my VPN connection established through Wireguard. My VPN provider is Mullvad.
First, I was getting an error stating RTNETLINK Permission denied. But, I added this to extra parameters and it seems to have solved that issue.
--sysctl net.ipv6.conf.all.disable_ipv6=0
Now, I am getting an error with resolvconf—I tried installing openresolv, but I can’t seem to do that. I also tried adding the DNS listed in my wg0.conf to the nameservers variable. I’m kinda stuck at the moment—any help would be much appreciated. My supervisord log and wireguard conf are attached.
supervisord.log
wg0.conf
- Quote
Link to comment
-
- Share
a quick question: I am in the progress of moving my VPN settings from my delugevpn to PFsense as this will resolve a few other issues I have on my network,. but I would like to ask:
will delugevpn still working, if I just turn off the VPN part ‘ VPN_ENABLED = No ‘ ?
- Quote
Link to comment
- Author
-
- Share
29 minutes ago, chris_netsmart said:
a quick question: I am in the progress of moving my VPN settings from my delugevpn to PFsense as this will resolve a few other issues I have on my network,. but I would like to ask:
will delugevpn still working, if I just turn off the VPN part ‘ VPN_ENABLED = No ‘ ?
yes
- Quote
Link to comment
- Author
-
- Share
34 minutes ago, Lucict said:
Now, I am getting an error with resolvconf—I tried installing openresolv,
try removing the line ‘DNS = 193.138.218.74’ from your wg0.conf file, save and restart the container.
- Quote
Link to comment
-
- Share
On 10/11/2020 at 11:36 PM, iLaurens said:
@binhex great work for fixing it. It all works like a charm again with PIA port forwarding. Been a big fan of this for a long time already. There is just one thing that used to work that does not work anymore; connecting to a specific IP of PIA’s VPN severs. Before next-gen, I could replace the domain name (example: de-frankfurt.privacy.network) and replace it with an IP to ensure I’d get the same public IP assigned after a restart of the container. The connection to PIA still works when I select a specific IP, but the port forwarding somehow fails. It says that the port serving page of PIA refuses the connection (http://209.222.18.222:2000/?client_id=xxxx). I have no idea why the port forwarding suddenly breaks when trying to fix the IP in the openvpn configuration file, but is this something you could still have a look at? Some torrent sites are really paranoid and require me to provide a static IP
The domain names rotate between a set of IPs for each region so you’ll almost always have a different public IP after restarting the container or if the connection resets.
The domain names rotate between a set of IPs for each region so you’ll almost always have a different public IP after restarting the container or if the connection resets.I figured out what the likely culprit is. I see from your github that the nextgen PIA servers also require a new method of obtaining a port. Hence the two functions: `get_incoming_port_nextgen` and `get_incoming_port_legacy`. The nextgen function is only chosen if the VPN_REMOTE_SERVER env variable contains `privacy.network`. However when I explicitly set an IP in my openvpn config (from the nextgen servers) it will still select the old `get_incoming_port_legacy`. Could you possibly add an optional docker environment var that forces the get_incoming_port_nextgen to be selected? Maybe make it such that:
if [[ "${VPN_REMOTE_SERVER}" == *"privacy.network"* || "${FORCE_PIA_NEXTGEN:-false}" == "true"]]; then
Notice how I set a default value for FORCE_PIA_NEXTGEN (but you can also set default in Dockerfile). So you can leave it out of your dockerman definition and people need not know it even exists. However people that know about this environment variable setting (perhaps if you put it in the FAQ) could use this to force nextgen functionality. This would help people like me that want a static VPN IP from PIA.
Edited October 12, 2020 by iLaurens
- Quote
Link to comment
-
- Share
5 hours ago, binhex said:
try removing the line ‘DNS = 193.138.218.74’ from your wg0.conf file, save and restart the container.
I’m also unable to get Mullvad wireguard to work. My log looks identical to Lucict’s. Adding «—sysctl net.ipv6.conf.all.disable_ipv6=0» to parameters got rid of «RTNETLINK Permission denied.» But I have the same resolvconf issue.
Deleting the DNS line from wg0.conf gives me this:
2020-10-12 16:54:26,444 DEBG ‘start-script’ stderr output:
Error: Rule family not supported.
2020-10-12 16:54:26,452 DEBG ‘start-script’ stderr output:
[#] ip link delete dev wg0
2020-10-12 16:54:26,501 DEBG ‘start-script’ stdout output:
[warn] WireGuard interface failed to come ‘up’, exit code is ‘1’
Edited October 12, 2020 by Herman Terds
Forgot to add that I’m using Mullvad wireguard.
- Quote
Link to comment
-
- Share
Hi,
WIreGuard also does not work for me. I tried to run wg-quick manually in the container console and I got the following error:
/usr/sbin/wg-quick: line 32: resolvconf: command not found
I can’t install the package since I can’t access the package repositories, but I think a change to the Dockerfile could maybe fix this?
- Quote
Link to comment
-
- Share
I did a little more screwing around. I really don’t know what I’m doing but from referencing this thread: https://forum.armbian.com/topic/4861-wireguard-on-armbian-tinkerboard/ , if I delete «, ::/0» from «AllowedIPs = 0.0.0.0/0» in wg0.conf, I can avoid «Error: Rule family not supported.» and get to «[info] WireGuard interface ‘up’ »
But I still get connection refused for the Deluge web interface and proxy connections.
- Quote
Link to comment
-
- Share
Anyone know of a way to connect to a specific PIA IP via Wireguard rather than a hostname? I tried putting the IP in the .conf file but that doesn’t seem to work.
- Quote
Link to comment
- Author
-
- Share
10 hours ago, iLaurens said:
The nextgen function is only chosen if the VPN_REMOTE_SERVER env variable contains `privacy.network`. However when I explicitly set an IP in my openvpn config (from the nextgen servers) it will still select the old `get_incoming_port_legacy`. Could you possibly add an optional docker environment var that forces the get_incoming_port_nextgen to be selected? Maybe make it such that:
legacy will be ripped out shortly, so there will be no checks from then on as there will only be next-gen, so this will fix your issue, no real point doing the extra work to create an env var at this late stage (pia confirmed legacy network removed on 31st of oct).
- Quote
Link to comment
- Author
-
- Share
@Herman Terds @benevo9971 can you both do the following:-
1. set privileged to on and remove any extra parameters
2. edit the wg0.conf file and change this line:-
AllowedIPs = 0.0.0.0/0,::0/0
to
AllowedIPs = 0.0.0.0/0
3. attempt a start of the container, if still no go then try removing this line from the wg0.conf:-
DNS = 193.138.218.74
4. restart container and see if it comes up.
note — im really flying blind on this as im a pia user, so i have not been able to test this with any other providers, but with some tweaking i see no reason why it wouldnt work.
- Quote
Link to comment
- Author
-
- Share
6 hours ago, AD24 said:
Anyone know of a way to connect to a specific PIA IP via Wireguard rather than a hostname? I tried putting the IP in the .conf file but that doesn’t seem to work.
this is not possible at this time due to the way pia has implemented wireguard, it uses multiple api calls to generate the wireguard config file, and the lookup must be a hostname not an ip address.
Link to comment
-
- Share
[info] Attempting to bring WireGuard interface 'up'...
2020-10-13 12:07:41,369 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible
2020-10-13 12:07:41,376 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard
2020-10-13 12:07:41,378 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63
2020-10-13 12:07:41,397 DEBG 'start-script' stderr output:
[#] ip -4 address add 100.66.110.13/32 dev wg0
2020-10-13 12:07:41,403 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0
2020-10-13 12:07:41,421 DEBG 'start-script' stderr output:
[#] resolvconf -a wg0 -m 0 -x
2020-10-13 12:07:41,421 DEBG 'start-script' stderr output:
/usr/sbin/wg-quick: line 32: resolvconf: command not found
2020-10-13 12:07:41,423 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0
still get the resolvconf error
- Quote
Link to comment
- Author
-
- Share
8 minutes ago, benevo9971 said:
still get the resolvconf error
ok thats with the DNS line removed yes?
- Quote
Link to comment
-
- Share
20 minutes ago, binhex said:
ok thats with the DNS line removed yes?
Yes
- Quote
Link to comment
- Author
-
- Share
1 minute ago, benevo9971 said:
Yes
ok can you exec into the container and do this:-
pacman -S openresolv --noconfirm
then restart the container.
- Quote
Link to comment
-
- Share
7 minutes ago, binhex said:
ok can you exec into the container and do this:-
pacman -S openresolv --noconfirmthen restart the container.
Had to docker cp the package into it because I had no internet access in it.
[#] ip -4 rule add table main suppress_prefixlength 0
2020-10-13 12:47:09,722 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
2020-10-13 12:47:09,723 DEBG 'start-script' stderr output:
sysctl: permission denied on key "net.ipv4.conf.all.src_valid_mark"
2020-10-13 12:47:09,724 DEBG 'start-script' stderr output:
[#] resolvconf -d wg0 -f
2020-10-13 12:47:09,763 DEBG 'start-script' stderr output:
[#] ip -4 rule delete table 51820
I’m running Manjaro so kernel version should not be an issue
- Quote
Link to comment
- Author
-
- Share
6 minutes ago, benevo9971 said:
sysctl: permission denied on key «net.ipv4.conf.all.src_valid_mark»
i dont think you are running with —privileged=true are you?
Edited October 13, 2020 by binhex
- Quote
Link to comment
-
- Share
3 minutes ago, binhex said:
i dont think you are running with —privileged=true are you?
I am
[server ~]# docker inspect delugevpn | grep Privileged
"Privileged": true,
- Quote
Link to comment
- Author
-
- Share
3 minutes ago, benevo9971 said:
I am
[server ~]# docker inspect delugevpn | grep Privileged "Privileged": true,
ok try adding this flag to your docker run command:-
--sysctl="net.ipv4.conf.all.src_valid_mark=1"
- Quote
Link to comment
-
- Share
18 minutes ago, binhex said:
ok try adding this flag to your docker run command:-
--sysctl="net.ipv4.conf.all.src_valid_mark=1"
It’s stuck at
2020-10-13 13:18:03,274 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
2020-10-13 13:18:03,276 DEBG 'start-script' stderr output:
[#] iptables-restore -n
2020-10-13 13:18:03,304 DEBG 'start-script' stdout output:
[info] WireGuard interface 'up'
- Quote
Link to comment
- Author
-
- Share
5 minutes ago, benevo9971 said:
It’s stuck at
2020-10-13 13:18:03,274 DEBG 'start-script' stderr output: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 2020-10-13 13:18:03,276 DEBG 'start-script' stderr output: [#] iptables-restore -n 2020-10-13 13:18:03,304 DEBG 'start-script' stdout output: [info] WireGuard interface 'up'
ok i need a full log to debug any further, do this:-
https://github.com/binhex/documentation/blob/master/docker/faq/help.md
- Quote
Link to comment
wg0 fwmark <PORT>
[#] ip -6 route add ::/0 dev wg0 table <PORT>
[#] ip -6 rule add not fwmark <PORT> table <PORT>
Error: Rule family not supported.
…
В wg0.conf ничего сверхестественного:
[Interface]
Address = <IPv4>/32, <IPv6>/128
PrivateKey = <…>
DNS = <IPv4>
[Peer]
PublicKey = <…>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <IPv4>:<PORT>
PersistentKeepalive = 20
Это я что-то делаю не так?
russian
programming
software
it
linux
4
ответов
чё-то там у тебя в модулях ядра не хватает, видимо, dmesg смотрел?
а ты уверен что у тебя ipv6 по совету васянов не выключен в ядре/таблицах?
mva Misbakh-Soloviov
а ты уверен что у тебя ipv6 по совету васянов не в…
Наверное так и есть, я СCЗБ. CONFIG_IP6_NF_FILTER=y
Clown Zeppeli
Наверное так и есть, я СCЗБ. CONFIG_IP6_NF_FILTER=…
во-перавых, если =y, то всё норм
во-вторых, у тебя не нетфильтр ругается, а iproute2.
Значит надо смотреть не там
Добрый день. Имеется docker-compose.yml (php-nginx-postgresql) прекрасно работающие на другой машине. Но при переносе на другой комп при запуске контейнеров nginx и php после запуска выключаются. Не могу понять в чем дело.
После запуска контейнеров docker-compose up -d просмотр работающий контейнеров выдает:
33209d22bb23 nginx "nginx -g 'daemon of…" 22 minutes ago Restarting (1) 3 seconds ago soap_web_1
d6cded121c54 soap_php "docker-php-entrypoi…" 22 minutes ago Restarting (78) 5 seconds ago soap_php_1
f3ee2daaff83 postgres:10.1 "docker-entrypoint.s…" 22 minutes ago Up 22 minutes 0.0.0.0:5432->5432/tcp soap_db_1docker-compose.yml
version: '3'
services:
web:
image: nginx
volumes:
- ./.docker/conf/nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./www:/var/www/html
ports:
- 80:80
restart: always
depends_on:
- php
- db
php:
build: .docker
restart: always
volumes:
- ./.docker/conf/php/php.ini:/usr/local/etc/php/conf.d/php.ini
- ./.docker/conf/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini
- ./www:/var/www/html
composer:
image: composer
volumes:
- .:/app
command: install
db:
image: postgres:10.1
restart: always
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASSWORD}
ports:
- 5432:5432
volumes:
- ./.docker/conf/postgres/:/docker-entrypoint-initdb.d/Dockerfile
FROM php:7.1-fpm
RUN apt-get update && apt-get install -y libxml2-dev
&& pear install -a SOAP-0.13.0
&& docker-php-ext-install soap;
MAINTAINER Descamps Antoine <antoine.descamps@ineat-conseil.fr>
RUN apt-get update && apt-get install -y
libfreetype6-dev
libjpeg62-turbo-dev
libmcrypt-dev
libpng-dev
libicu-dev
libpq-dev
libxpm-dev
libvpx-dev
&& pecl install xdebug
&& docker-php-ext-enable xdebug
&& docker-php-ext-install -j$(nproc) mcrypt
&& docker-php-ext-install -j$(nproc) gd
&& docker-php-ext-install -j$(nproc) intl
&& docker-php-ext-install -j$(nproc) zip
&& docker-php-ext-install -j$(nproc) pgsql
&& docker-php-ext-install -j$(nproc) pdo_pgsql
&& docker-php-ext-install -j$(nproc) exif
&& docker-php-ext-configure gd
--with-freetype-dir=/usr/include/
--with-jpeg-dir=/usr/include/
--with-xpm-dir=/usr/lib/x86_64-linux-gnu/
--with-vpx-dir=/usr/lib/x86_64-linux-gnu/ nginx default.conf
# Nginx configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /var/www/html;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
#location ~ ^/index.php(/|$) {
location ~ ^/[^/]+.php(/|$) {
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
# optionally set the value of the environment variables used in the application
# fastcgi_param APP_ENV prod;
# fastcgi_param APP_SECRET <app-secret-id>;
# fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
#internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ .php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}я сегодня первый раз поставил nginx по статье: https://help.ubuntu.ru/wiki/nginx-phpfpm
добавил настройки сайта, дошел до текста:
Сохраняем все изменённые файлы.
Теперь можно перезапустить демоны
sudo service nginx restart
sudo service php5-fpm restart
и вот что мне выдала команда запуска nginx:
$ sudo service nginx restart
* Restarting nginx nginx [fail]
хотя если писать просто start — то вообще ничего не пишет но в процессах не появляется.
проверяю процессы так:
ps -aux | grep nginx
и он не находит таких процессов, значит и впрямь не запущен.
тогда я выясняю причину ошибки:
cat /var/log/syslog |grep nginx
нету ничего
cat /var/log/nginx/error.log
а тут есть такие ошибки:
эти ошибки лично мне ни о чем не говорят, зато я научился еще так смотреть причины не запуска.
Почему не запускается Nginx Ubuntu — проверить так
sudo nginx -t
он выдает такие сообщения:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
подскажите что делать. как правильно настроить nginx сразу после установки? или это я неправильную конфигурацию сайта сделал по предложенной статье? там например было непонятно про ssl?
не может ли такое быть из-за большого размера файлов загрузки я поставил 200M?
Пользователь решил продолжить мысль [time]24 Сентябрь 2015, 22:58:49[/time]:
мне помог ответ тут http://www.lowendtalk.com/discussion/423/got-a-problem-with-nginx
got this problem just recently. just delete /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default as they enable ipv6 to On.
но я не стал удалять /etc/nginx/sites-available/default я просто закомментировал строчку, поставил # в этом файле перед ней
#listen [::]:80 default_server ipv6only=on;
Причина ошибки — отсутствие сервиса IPv6 в системе.
надо просто удалить строки, содержащие [::]:80 во всех файлах или установить ipv6 в системе.
так как это мой настольный комп я просто удалил строки.
поиск эти строк делается так
grep -rl «[::]» /etc/nginx/sites-available
теперь запустился nginx !