unknown directive "passenger_root"
john-999 opened this issue · comments
After running this Role, Nginx fails to start (rebooting the machine results in the same situation):
The error message is: unknown directive "passenger_root" in /etc/nginx/nginx.conf:65
If I comment this line out, then the same error message comes up for passenger_ruby.
Operating system: Ubuntu 18.04.1 LTS (bionic)
$ which passenger
/usr/bin/passenger
$ passenger --version
Phusion Passenger 5.3.4
Closing this, as I had assumed this Role would install Nginx as well, which seems to be untrue.
I am having the same problem on Ubuntu 18.04.1, and even when installing nginx beforehand I get the same problem. How have you solved this?
I ended up rolling my own, it's not hard, plus you know and control exactly what's going on.
Assuming you're on Ubuntu, you can copy/paste the below:
It is based on the sources mentioned and it installs: 1) Nginx, and then 2) Passenger
- hosts: web
remote_user: "{{ remote_user }}"
tasks:
# As root:
# Install & configure: Nginx, Passenger & the Nginx module.
#
# Sources:
# - Installation:
# - https://www.phusionpassenger.com/library/install/nginx/install/oss
# - https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#prebuilt_ubuntu
#
# - Configuration:
# - https://docs.nginx.com/nginx/admin-guide/web-server/web-server
# - https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_env_var
# - https://www.acunetix.com/blog/articles/nginx-server-security-hardening-configuration-1
#
- name: "Install & configure : Nginx, Passenger & the Nginx module."
block:
# 1. Install & configure: Nginx.
#
- name: "Install & configure: Nginx."
apt:
name: nginx
state: present
update_cache: yes
# 2. Harden Nginx configuration: Remove any old parameters.
#
- name: "Harden Nginx configuration: Remove any old parameters."
lineinfile:
path: /etc/nginx/nginx.conf
regexp: "{{ item.regexp }}"
state: absent
with_items:
- { regexp: 'server_tokens' }
- { regexp: 'client_body_buffer_size' }
- { regexp: 'client_header_buffer_size' }
- { regexp: 'client_max_body_size' }
- { regexp: 'large_client_header_buffers' }
# 3. Harden Nginx configuration: Add new parameters.
#
- name: "Harden Nginx configuration: Add new parameters."
blockinfile:
path: /etc/nginx/nginx.conf
insertafter: 'default_type application/octet-stream;'
block: |2 # This inserts the number of spaces following the first 2 spaces.
# Hide version number leak
server_tokens off;
# Control buffer overflow attacks
client_body_buffer_size 1k; # default is: 8k
client_header_buffer_size 1k; # default is: 1k
client_max_body_size 1m; # default is: 1m (reducing this may be problematic for file uploads)
large_client_header_buffers 2 1k; # default is: 4 8k
# 4. Upload virtual host file by rendering the template on the server.
#
- name: "Configure virtual hosts: Nginx."
template:
src: nginx/vhost_config.j2
dest: "/etc/nginx/sites-available/{{ name_domain }}"
owner: root
group: root
mode: 0400
backup: yes
# validate: "nginx -c %s -t" # is currently done at the end (by restarting)
vars:
ip_address_v4: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
# 5. Enable the website by creating a symlink to the virtual host file.
#
- name: "Enable the website: create symlink."
file:
src: "/etc/nginx/sites-available/{{ name_domain }}"
dest: "/etc/nginx/sites-enabled/{{ name_domain }}"
state: link
owner: root
group: root
mode: 0400 # b/c the source file contains secret environment variables!
# 6. Install Phusion's PGP key and add HTTPS support for APT.
#
# - sudo apt-get install -y dirmngr gnupg
- name: "Install packages: dirmngr, gnupg."
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- dirmngr
- gnupg
# - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
- name: "Install the PGP key."
apt_key:
keyserver: keyserver.ubuntu.com
id: 561F9B9CAC40B2F7
# - sudo apt-get install -y apt-transport-https ca-certificates
- name: "Install packages: apt-transport-https, ca-certificates."
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- apt-transport-https
- ca-certificates
# 7. Add Phusion's APT repository
#
# - sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger bionic main > /etc/apt/sources.list.d/passenger.list'
- name: "Add repository: Phusion Passenger."
apt_repository:
repo: "deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ ansible_distribution_release }} main"
state: present
filename: passenger.list
update_cache: yes
# 8. Install Passenger & the Nginx module
#
# - sudo apt-get install -y libnginx-mod-http-passenger
- name: "Install package: libnginx-mod-http-passenger."
apt:
name: libnginx-mod-http-passenger
state: present
# 9. Ensure that Passenger & the Nginx module are enabled and restart Nginx
#
# - if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ];
# then sudo ln -s /usr/share/nginx/modules-available/mod-http-passenger.load /etc/nginx/modules-enabled/50-mod-http-passenger.conf;
# fi
- name: "Ensure that Passenger & the Nginx module are enabled."
shell: "if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ] ; then ln -s /usr/share/nginx/modules-available/mod-http-passenger.load /etc/nginx/modules-enabled/50-mod-http-passenger.conf ; fi"
# - sudo service nginx restart
- name: "Restart service Nginx."
service:
name: nginx
state: restarted
# 10. Check whether Nginx has started the Passenger core processes (you should see Nginx processes as well as Passenger processes)
#
# - sudo /usr/bin/passenger-config validate-install
- name: "Check whether Nginx has started the Passenger core processes."
command: "/usr/sbin/passenger-memory-stats"
register: passenger_memory_stats
- debug:
msg: "{{ passenger_memory_stats.stdout_lines }}"
# NOTE : THIS COMMAND MUST BE RUN MANUALLY, B/C IT IS INTERACTIVE!
#
# # Check the installation to ensure everything is set up correctly
# #
# # - sudo /usr/bin/passenger-config validate-install
# - name: "Check the installation: Passenger."
# command: "/usr/bin/passenger-config validate-install"
become: yes
become_method: su
become_user: root