Bug#610290: marked as done (nginx isn't upgraded properly)

Wed, 19 Jan 2011 00:48:18 -0800 

Your message dated Wed, 19 Jan 2011 02:45:01 -0600
with message-id <[email protected]>
and subject line nginx isn't upgraded properly
has caused the Debian Bug report #610290,
regarding nginx isn't upgraded properly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
610290: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610290
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: nginx-full
Version: 0.8.54-3
Severity: important


I watched the bug on two my servers.

If You install nginx/stable|testing, then upgrade it upto sid You can
stumble over such problem: upgrade process will recreate
/etc/nginx/sites-enabled/default file. Default nginx site listens
0.0.0.0:80 that can conflict with Your sites.

Often nginx is used as frontend: it listens to external ip:80 and
backend listens to localhost:80. So If 'default' is recreated then
such config would be broken.
-- 
... mpd is off

. ''`.                               Dmitry E. Oboukhov
: :’  :   email: [email protected] jabber://[email protected]
`. `~’              GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
I'm closing this bug because it is invalid.

I've never heard of anyone using port 80 for an internal listener. Most other
httpd's have a default configuration that listens on port 80 both internally
and externally. Nginx is also not just a proxy; it is a complete httpd. I do
not see any reason that it should function any different.

In addition to this; if you are having a cgi process listen on a tcp port, you
should know that this is bad practice as unix sockets are significantly more
efficient, easier to maintain, and more secure.

If the case is that you have Apache listening internally only on port 80, you
really should consider picking an internal port. This will also help with
iptables rules later.

--- End Message ---

Reply via email to