为什么我收到 nginx web 服务器关闭或忙碌的错误？

Question

突然，我的 Django 网站停止了互联网服务。 我不知道发生了什么变化。

所以，当我在浏览器中启动网站时，我收到一堆错误消息（附截图）。 该错误抱怨托管我的网站的网络服务器（nginx）。

我的环境：

Ubuntu 18 独角兽 Nginx

托管在 AWS 上的网站。 （附入站/出站规则截图）

我检查了sudo journalctl -u nginx.service

Aug 15 04:15:39 primarySNS.schoolnskill.com systemd[1]: Starting A high performance web server and a reverse proxy server...
Aug 15 04:15:39 primarySNS.schoolnskill.com systemd[1]: Started A high performance web server and a reverse proxy server.
Aug 15 04:18:53 primarySNS.schoolnskill.com systemd[1]: Stopping A high performance web server and a reverse proxy server...
Aug 15 04:18:53 primarySNS.schoolnskill.com systemd[1]: Stopped A high performance web server and a reverse proxy server.
Aug 15 04:18:53 primarySNS.schoolnskill.com systemd[1]: Starting A high performance web server and a reverse proxy server...
Aug 15 04:18:53 primarySNS.schoolnskill.com systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Aug 15 04:18:53 primarySNS.schoolnskill.com systemd[1]: Started A high performance web server and a reverse proxy server.

我可以看到一些“无效参数”行。 不知道这是否与我的情况有关。

我还检查了 nginx 错误日志。 它的 0 字节

-rw-r----- 1 xxx yyy 0 Aug 15 06:25 /var/log/nginx/error.log

syslog 死了有一些有趣的日志：

Aug 15 06:25:01 primarySNS rsyslogd:  [origin software="rsyslogd" swVersion="8.32.0" x-pid="920" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Aug 15 06:26:07 primarySNS systemd-timesyncd[600]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Aug 15 06:26:50 primarySNS systemd-networkd[771]: eth0: Configured
Aug 15 06:26:50 primarySNS systemd-timesyncd[600]: Network configuration changed, trying to establish connection.
Aug 15 06:26:50 primarySNS systemd-timesyncd[600]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Aug 15 06:35:01 primarySNS CRON[2678]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 06:45:01 primarySNS CRON[2693]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 06:50:54 primarySNS gunicorn[1432]: Not Found: /robots.txt
Aug 15 06:53:30 primarySNS gunicorn[1432]: Not Found: /profile1/
Aug 15 06:55:01 primarySNS CRON[2718]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 06:56:50 primarySNS systemd-networkd[771]: eth0: Configured
Aug 15 06:56:50 primarySNS systemd-timesyncd[600]: Network configuration changed, trying to establish connection.
Aug 15 06:56:50 primarySNS systemd-timesyncd[600]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Aug 15 07:05:01 primarySNS CRON[2734]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 07:15:01 primarySNS CRON[2750]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 07:17:01 primarySNS CRON[2756]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 15 07:25:01 primarySNS CRON[2769]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 07:26:50 primarySNS systemd-networkd[771]: eth0: Configured
Aug 15 07:26:50 primarySNS systemd-timesyncd[600]: Network configuration changed, trying to establish connection.
Aug 15 07:26:50 primarySNS systemd-timesyncd[600]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
Aug 15 07:35:01 primarySNS CRON[2802]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 07:41:11 primarySNS systemd-resolved[784]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Aug 15 07:41:11 primarySNS systemd-resolved[784]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Aug 15 07:45:01 primarySNS CRON[2852]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: 2020-08-15 07:50:43 INFO Backing off health check to every 3600 seconds for 10800 seconds.
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: 2020-08-15 07:50:43 ERROR Health ping failed with error - EC2RoleRequestError: no EC2 instance role found
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: caused by: EC2MetadataError: failed to make EC2Metadata request
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: #011status code: 404, request id:
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: caused by: <?xml version="1.0" encoding="iso-8859-1"?>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: #011"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:  <head>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:   <title>404 - Not Found</title>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:  </head>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:  <body>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:   <h1>404 - Not Found</h1>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]:  </body>
Aug 15 07:50:43 primarySNS amazon-ssm-agent.amazon-ssm-agent[898]: </html>
Aug 15 07:52:26 primarySNS systemd-resolved[784]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Aug 15 07:52:26 primarySNS systemd-resolved[784]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Aug 15 07:55:01 primarySNS CRON[2870]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)

跟进问题及其答案：

您是否使用 route53 作为 DNS 解析器？

是的

您的 EC2 是否已停止并再次启动，如果是，您是否检查过 ip 地址是否仍然相同？

是的，但我已确保在我的 Route 53 中更新了新的 IP

您的 ec2 在公共子网中吗？ 你能从命令行上到达 google.com 或 8.8.8.8 吗？

ping google.com
PING google.com (172.217.2.110) 56(84) bytes of data.
64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=1 ttl=112 time=1.31 ms
64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=2 ttl=112 time=1.29 ms
64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=3 ttl=112 time=1.33 ms
64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=4 ttl=112 time=1.33 ms
64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=5 ttl=112 time=1.34 ms

nginx 实际上在监听 ec2 吗？ 如果你给它 ssh 和 curl -vvvv http://localhost/ 你真的得到回应吗？

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Sat, 15 Aug 2020 13:56:06 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Fri, 10 Jul 2020 11:16:00 GMT
< Connection: keep-alive
< ETag: "5f084df0-264"
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host localhost left intact

当您运行 curl -vvvv http://(ec2.public.ip.address)/ 时会发生什么？

* Rebuilt URL to: http://<public_ip>/
*   Trying <public_ip>...
* TCP_NODELAY set
* Connected to <public_ip> (<public_ip>) port 80 (#0)
> GET / HTTP/1.1
> Host: <public_ip>
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Sat, 15 Aug 2020 13:57:13 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Fri, 10 Jul 2020 11:16:00 GMT
< Connection: keep-alive
< ETag: "5f084df0-264"
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host <public_ip> left intact

您的站点是否在您认为的路径或虚拟域上运行？ 你的 nginx 配置可能改变了吗？

我没有对我的 nginx 配置进行任何更改。

如果你运行 curl http://169.254.169.254/latest/meta-data会发生什么 - 你得到回应了吗？

curl http://169.254.169.254/latest/meta-data
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hibernation/
hostname
identity-credentials/
instance-action
instance-id
instance-life-cycle
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups

Answer 1

根据评论。

我去了 OP 的网站 url 并且该网站一直在运行。 因此，EC2 及其设置似乎没有任何问题。

应该注意的是，该站点仅适用于HTTP ，不适用于HTTPS 。 因此，尝试使用https://访问它会失败。 这可能解释了为什么最初测试时无法访问它。

Answer 2

没有更多信息，这很难调试。 检查事项：

1. 您是否使用 route53 作为 DNS 解析器？ 您的 EC2 是否已停止并再次启动，如果是，您是否检查过 ip 地址是否仍然相同？

2. 您的 ec2 在公共子网中吗？ 你能从命令行上到达 google.com 或 8.8.8.8 吗？

3. nginx 实际上在监听 ec2 吗？ 如果你给它 ssh 和curl -vvvv http://localhost/你真的得到回应吗？

4. 当你运行curl -vvvv http://(ec2.public.ip.address)/时会发生什么？

5. 如上所述， curl -k -vvvv https://ec2.public.ip.address)/会发生什么？

6. 您的站点是否在您认为的路径或虚拟域上运行？ 你的 nginx 配置可能改变了吗？

7. 如果你运行curl http://169.254.169.254/latest/meta-data会发生什么 - 你得到回应了吗？

ssm 代理超时很奇怪。

顺便说一句，您的安全组出口规则过于复杂。 您可以删除 http、https 和 ssh 规则，因为无论如何您的all traffic覆盖它们。