Issue
I am attempting to serve a simple html page with django, gunicorn and nginx. There is something wrong because very often my domain is showing the domain provider's ad, not my page. It works for brief periods before it seems to stop working by itself. While I was writing this post, I changed nothing on my server and it began serving my page then immediately stopped again. I am accessing the domain with browser caching disabled and private windows. Sometimes, the www server will show correctly and the non-www will not, and vice versa.
Here is my nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Here is my sites-available:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /root/example/project/staticfiles;
}
location / {
include proxy_params;
proxy_pass http://unix:/var/sockets/gunicorn.sock;
}
}
sudo cat /var/log/nginx/error.log returns no errors.
sudo nginx -t shows configuration file is OK and test is successful.
I have enabled nginx in systemctl. systemctl status nginx returns
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Mon 2023-12-11 22:21:27 EST; 5min ago
gunicorn systemctl service is likewise running.
If I modify sites-available/example.com to
server {
server_name example.com www.example.com;
return 200 "it works";
}
then systemctl restart nginx, nothing changes, I'm still looking at the domain provider's ad page.
cat /var/log/gunicorn/error.log returns a normal log, no errors. Restarting gunicorn with systemctl did nothing.
SSL_certs were made using certbot. They are correct, as the page works normally for brief moments.
netstat -tulpen | grep 80 shows listening on 80 and same with port 443
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 20990 718/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 0 20991 718/nginx: master p
lsof -i -n | fgrep nginx returns
nginx 718 root 5u IPv4 20990 0t0 TCP *:http (LISTEN)
nginx 718 root 6u IPv6 20991 0t0 TCP *:http (LISTEN)
nginx 718 root 7u IPv4 20992 0t0 TCP *:https (LISTEN)
nginx 718 root 8u IPv6 20993 0t0 TCP *:https (LISTEN)
nginx 720 www-data 5u IPv4 20990 0t0 TCP *:http (LISTEN)
nginx 720 www-data 6u IPv6 20991 0t0 TCP *:http (LISTEN)
nginx 720 www-data 7u IPv4 20992 0t0 TCP *:https (LISTEN)
nginx 720 www-data 8u IPv6 20993 0t0 TCP *:https (LISTEN)
nginx 720 www-data 13u IPv4 74558 0t0 TCP 138.197.26.3:http->65.154.226.169:7976 (ESTABLISHED)
nginx 721 www-data 5u IPv4 20990 0t0 TCP *:http (LISTEN)
nginx 721 www-data 6u IPv6 20991 0t0 TCP *:http (LISTEN)
nginx 721 www-data 7u IPv4 20992 0t0 TCP *:https (LISTEN)
nginx 721 www-data 8u IPv6 20993 0t0 TCP *:https (LISTEN)
curl -I https://example.com shows
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Tue, 12 Dec 2023 03:45:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 147
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=3600; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
curl -I http://www.example.com shows as expected the redirect
HTTP/1.1 301 Moved Permanently
Server: nginx/1.24.0 (Ubuntu)
Date: Tue, 12 Dec 2023 03:46:56 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://example.com/
ufw status is
Status: inactive
Restarting the VM did nothing. It is a digital ocean VPS. Ubuntu 23.10. Please help me understand what I can check or log to understand why the nginx server seems to be flickering.
Solution
Since nslookup shows multiple IP addresses, you basically have DNS load balancing in effect, whether intentionally or not. It is probably a misconfiguration. You need to talk to whoever set up your DNS record, as only they can fix it.
(I believe the reason why your IP is responding with an unconfigured nging page when you use the bare IP is, your nginx is configured with server_name example.com, so contacting it with bare IP does not trigger the server configuration you want. You would need to list your IP in server_name to get the desired response to an IP URL. See server_name docs, in particular the "Miscellaneous names" section.)
Answered By - Amadan Answer Checked By - Timothy Miller (WPSolving Admin)
