Upgrading passenger to 5.1.11 makes all my requests fail with HTTP status code 403, downgrading to 5.1.10 works. I run nginx as root and all my rails applications reside in my non-root user's home directory. passenger and nginx-extras were installed from passenger apt repos as decribed here. There is no error in nginx or rails application logs other than the 403 status in access logs.
I have verified that all the rails application directories and their parent directories have read and executable permissions enabled for all users in the system.
I think this has something to do with https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/. What should I do to fix it?
OS: Ubuntu 17.04
Nginx: 1.10.3
Edit: you mentioned your OS is 17.04 and not 17.10. Phusion's instructions for 17.04 tell you to remove nginx-extras, not to install it (as you say you've done).
So, for 17.04, try removing nginx-extras, then installing nginx and libnginx-mod-http-passenger.
--
You list your OS as Ubuntu 17.10 Artful, but the instructions you linked are for Ubuntu 17.04 Zesty, so that's not going to work.
Ubuntu 17.10 was released yesterday, there are no Passenger packages for it yet (usually available when the next Passenger version is released).
You can either wait for those packages or install Passenger via gem or tarball (Option Other: www.phusionpassenger.com/library/install/nginx/install/oss/).
Related
I have a ROR app (version 6.1.4.1) with Ruby 2.7.4 on a Raspberry Pi 4 with 4 GB RAM and a 32 GB SD card. I installed Passenger 6.0.12 using the tarball installation and am running it with nginx. passenger start in the app directory works successfully, but when I try running it as with nginx (/opt/nginx/sbin/nginx) on port 80, I get the above error when visiting the site.
I'm accessing the app via IP address, which is configured in the nginx.conf and the app is installed in /home/pi/src/bogie_can. There is a .bundle directory with a config file in the app directory, and that's where the gems are installed. I'm running the app in "development" mode, which is configured in the server section of the nginx.conf file using passenger_app_env.
The specific error is that the app cannot find racc-1.5.2. The Bundler info is #<struct Bundler::Settings::Path explicit_path="/home/pi/src/bogie_can/.bundle", system_path=false, default_install_uses_path=false>.. So, we note that the .bundle path is correct and in the .bundle/ruby/2.7.0/gems/ directory, racc-1.5.2 is indeed installed and owned by the user "pi".
I've cleared out old bundle installations and tried switching the app user from pi to root (which was nobody) and back. Also, I'm using rbenv, so I also ran rbenv rehash after the fresh bundle install. I've also carefully reviewed the "Detailed diagnostics" from the Passenger error page (which is super helpful!) and do not see anything that is obviously wrong.
Using the Passenger error page as a guide, it seems that:
The gems are indeed installed as needed
The user, either root or pi, have permissions to access the gems
pi is a reasonable user to run the app
The passenger_root and passenger_ruby are coming from the passenger-config about subcommands and are verified as well.
At this point, there must be some configuration I've overlooked or gotten wrong and I would greatly appreciate some questions and pointers.
I found the root cause of the problem.
I had set passenger_ruby to the result of passenger-command about ruby-command, which gave me:
passenger-config was invoked through the following Ruby interpreter:
Command: /usr/bin/ruby2.7
Version: ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [arm-linux-gnueabihf]
To use in Apache: PassengerRuby /usr/bin/ruby2.7
To use in Nginx : passenger_ruby /usr/bin/ruby2.7
To use with Standalone: /usr/bin/ruby2.7 /usr/src/passenger-6.0.12/bin/passenger start
The following Ruby interpreter was found first in $PATH:
Command: /home/pi/.rbenv/shims/ruby
Version: ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [arm-linux-gnueabihf]
To use in Apache: PassengerRuby /home/pi/.rbenv/shims/ruby
To use in Nginx : passenger_ruby /home/pi/.rbenv/shims/ruby
To use with Standalone: /home/pi/.rbenv/shims/ruby /usr/src/passenger-6.0.12/bin/passenger start
I was using /usr/bin/ruby2.7 and having the problem with racc not being found. I switched it to use the rbenv shim and Passenger was able to correctly find all the gems in the [APP_ROOT]/.bundle/ directory
I also cleared out the default nginx installation, which was still trying to be started with nginx.service and then added my own /etc/init.d/nginx script and added it to the init.d database so that it now starts with the OS.
Deploying a Rails app using Capistrano to an Ubuntu VM running Apache with Passenger enabled.
I followed this tutorial: https://www.phusionpassenger.com/library/install/apache/install/oss/trusty/ with a few changes given that I'm on 17.04, not 14.04 LTS.
passenger-config validate-install says everything looks fine with both Passenger and Apache. passenger-memory-stats shows both Passenger and Apache processes.
I have sudo apache2ctl restarted several times, with no warnings. But passenger-status, and therefore the passenger-config restart-app that Capistrano runs, reports that Passenger "doesn't seem to be running." So my deploy stops.
There's only one Ruby on the machine, ruby-2.4.1 installed using ruby-install. I have apt-get update and upgraded in case of version mismatches.
Apache logs don't show any errors, certainly none related to Passenger.
Why would Passenger internally disagree, saying that it's both configured properly and there are processes running, but then later saying that it's not running?
I needed to customize the instance registry directory, as suggested by Tony Vincent:
/etc/apache2/mods-enabled/passenger.conf on the server:
PassengerInstanceRegistryDir /home/MYUSER/passenger_temp
config/deploy/production.rb in the Rails app:
set :default_env, { 'PASSENGER_INSTANCE_REGISTRY_DIR' => '/home/MYUSER/passenger_temp' }
Sorry to harp on this but did you run passenger-config validate-install on the ubuntu server (not osx)? Same for passenger-memory-stats and sudo apache2ctl restart.
Based on /tmp not having a passenger.randomstring dir, it sounds like you are confusing local and remote commands. /tmp is the default location for PassengerInstanceRegistryDirs on Ubuntu so if Passenger is running there should be a dir in /tmp that starts with passenger..
I am trying to install passenger server for my rails application using this guide http://www.modrails.com/documentation/Users%20guide%20Apache.html The problem occurs in step passenger-install-apache2-module.
When I run this command I get this -
WARNING: Apache doesn't seem to be compiled with the 'prefork', 'worker' or 'event' MPM
How can I solve this? My OS is Ubuntu 13.10 and I have already installed all necessary packages: apache2-bin apache2-data apache2-mpm-worker libapache2-mod-passenger
As Brad Werth said, https://serverfault.com/questions/546924/installing-phusion-passenger-4-0-20-on-ubuntu-13-10 provides a solution.
This problem is caused by a bug in Phusion Passenger's passenger-install-apache2-module program. Ubuntu 13.10 changed the way the httpd -V command works, so passenger-install-apache2-module was unable to correctly detect the MPM for your Apache, resulting in an incorrect warning message. You can safely ignore this warning.
I've fixed the problem in Phusion Passenger now. The fix will be included in version 4.0.34: https://github.com/phusion/passenger/commit/6f5af46de7cb80dd88ef3b35c7c5c4bfbfa0cfd3
Is it possible to upgrade Phusion Passenger to a newer version when it is already running (with Nginx in my case)?
I installed Passenger 4.0.0.rc6 using passenger-install-nginx-module. My Nginx config now contains
passenger_root /usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.rc6;
passenger_ruby /usr/local/bin/ruby;
Now I want to upgrade to Passenger 4.0.2. I can install the gem, but when I run passenger-install-nginx-module again, it tries to recompile and reinstall Nginx. (I thought it would be so clever to notice there is already a installed Nginx in the location I specify using --prefix)
I tried to manually change passenger_root to the new Passenger gem location but the I get the following error in the Nginx error log:
2013/05/12 12:30:13 [alert] 14298#0: Unable to start the Phusion Passenger watchdog because its executable (/usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.2/agents/PassengerWatchdog) does not exist. This probably means that your Phusion Passenger installation is broken or incomplete, or that your 'passenger_root' directive is set to the wrong value. Please reinstall Phusion Passenger or fix your 'passenger_root' directive, whichever is applicable. (-1: Unknown error)
Apparently the PassengerWatchdog is built when running passenger-install-nginx-module. I don't want to copy over PassengerWatchdog from the old gem because something might have changed.
So... what is the proper way to upgrade Passenger without recompiling and reinstalling Nginx (or Apache)?
#Wukerplank's comment put me on the right track. I checked the output when running passenger-install-nginx-module again and it says:
Nginx doesn't support loadable modules such as some other web servers do,
so in order to install Nginx with Passenger support, it must be recompiled.
Do you want this installer to download, compile and install Nginx for you?
1. Yes: download, compile and install Nginx for me. (recommended)
The easiest way to get started. A stock Nginx 1.4.1 with Passenger
support, but with no other additional third party modules, will be
installed for you to a directory of your choice.
2. No: I want to customize my Nginx installation. (for advanced users)
Choose this if you want to compile Nginx with more third party modules
besides Passenger, or if you need to pass additional options to Nginx's
'configure' script. This installer will 1) ask you for the location of
the Nginx source code, 2) run the 'configure' script according to your
instructions, and 3) run 'make install'.
Whichever you choose, if you already have an existing Nginx configuration file,
then it will be preserved.
The important part being that Nginx has to be recompiled to work with Passenger and that existing Nginx configurations are preserved.
So the right way to upgrade Passenger is to
install the new Passenger gem
execute passenger-install-nginx-module with exactly the same parameters as the first time (so the same Nginx version and modules are compiled, it's installed in the same directory etc.)
before installing, check that it says "Welcome to the Phusion Passenger Nginx module installer, v4.0.2." with the new version on top (4.0.2 in my case)
after Nginx is installed, change the passenger_root in your existing Nginx conf (path/to/nginx/conf/nginx.conf) to point to the new gem version (just replace the old version number with the new)
Restart Nginx
Profit
You cannot upgrade without recompiling Nginx. Full upgrade instructions can be found in the Phusion Passenger for Nginx manual. From the manual:
Nginx is a different from other web servers in that it does not support loadable modules. The only way to extend Nginx is to recompile it entirely from source. Since Phusion Passenger consists of some external executables plus an Nginx module, you must recompile Nginx when first installing Phusion Passenger, but also when upgrading Nginx itself or when upgrading the Phusion Passenger version.
Recompiling Nginx and the Phusion Passenger executables is what we will do in this step. The good news is that Phusion Passenger provides a tool to make this easy for you.
If you’ve already installed Nginx before, but without Phusion Passenger support, then you should uninstall it first. You don’t have to, because you can also install another Nginx with Phusion Passenger support, in parallel to the existing Nginx. We merely recommend uninstalling the existing in order to avoid user confusion, but the choice is yours.
If you had previously installed Nginx with Phusion Passenger support, and you are upgrading, then you don’t have to uninstall your existing Nginx first. Instead we’ll overwrite it this step. But it is important that you recompile Nginx with the configure parameters that you used last time.
I had nginx installed with yum. But I needed to install Phusion Passenger. I followed the guide on Passenger website and the command that installs nginx support actually compiled and installed another copy of nginx on my system with Passenger support. The default "service nginx start" for Fedora works with the initial yum installed nginx. If I need Passenger support I have to start nginx manually from /opt/nginx/sbin/nginx and it also uses a config file of its own. I would like to know if there was a cleaner or more proper way to get nginx and Phusion Passenger working on Fedora.
I've done this on Ubuntu Server and I wound up uninstalled the nginx package and letting Passenger install nginx it for me.
From what I understand of nginx, it doesn't support modules like Apache does. So there's no way to install just a passenger module. It has to be baked into a special patched version of nginx.