This should really get critical importance. 20+ servers down after an
unattended upgrade.
Here's an ansible role that disables the directives (and also
uploadprogress since this crashes for me too); disclaimer: generated
with a LLM
```yml
---
- name: Mitigate Nginx Signal 11 Crashes
hosts: ubuntu
become: true
gather_facts: false
tasks:
# -------------------------------------------------------------------------
# STEP 1: COLLECT AND RESOLVE DOWNSTREAM CONFS (REMOTE SYSTEM AWARE)
# -------------------------------------------------------------------------
- name: Gather all virtual host and site configuration files (including
symlinks)
ansible.builtin.find:
paths:
- /etc/nginx/sites-enabled/
- /etc/nginx/conf.d/
recurse: true
file_type: any
register: nginx_configs
- name: Resolve symbolic links natively on the remote Ubuntu host
ansible.builtin.command: "readlink -f {{ item.path }}"
loop: "{{ nginx_configs.files }}"
register: remote_realpaths
changed_when: false
failed_when: false
- name: Construct clean list of unique physical paths from remote output
ansible.builtin.set_fact:
all_config_files: "{{ [ '/etc/nginx/nginx.conf' ] +
(remote_realpaths.results | map(attribute='stdout') | select('defined') |
reject('equalto', '') | list | unique) }}"
# -------------------------------------------------------------------------
# STEP 2: COMMENT OUT DIRECTIVES
# -------------------------------------------------------------------------
- name: Comment out more_ directives across the config hierarchy
ansible.builtin.replace:
path: "{{ item }}"
regexp: '^(\s*)(more_[a-z_]+\s+.*;)$'
replace: '\1# \2'
loop: "{{ all_config_files }}"
- name: Comment out upload_progress tracking directives across hierarchy
ansible.builtin.replace:
path: "{{ item }}"
regexp: '^(\s*)((upload_progress|track_uploads)\s+.*;)$'
replace: '\1# \2'
loop: "{{ all_config_files }}"
# -------------------------------------------------------------------------
# STEP 3: SAFELY DISABLE DYNAMIC MODULE GLOBAL CALLS LAST
# -------------------------------------------------------------------------
- name: Comment out module loading directives in main nginx.conf
ansible.builtin.replace:
path: /etc/nginx/nginx.conf
regexp:
'^(\s*)(load_module\s+modules/ngx_http_(headers_more_filter|uploadprogress)_module\.so;)$'
replace: '\1# \2'
- name: Find individual dynamic module files or symlinks
ansible.builtin.find:
paths: /etc/nginx/modules-enabled/
patterns:
- "*headers-more*"
- "*uploadprogress*"
file_type: any
register: broken_modules
- name: Comment out load_module directives inside modules-enabled files
ansible.builtin.replace:
path: "{{ item.path }}"
regexp: '^(\s*)(load_module\s+.*;)$'
replace: '\1# \2'
loop: "{{ broken_modules.files }}"
failed_when: false
# -------------------------------------------------------------------------
# STEP 4: GLOBAL VALIDATION AND RELOAD
# -------------------------------------------------------------------------
- name: Validate entire global Nginx configuration layout
ansible.builtin.command: nginx -t
changed_when: false
- name: Reload Nginx service to apply changes safely
ansible.builtin.systemd:
name: nginx
state: reloaded
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2155992
Title:
headers-more dynamic module crash
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2155992/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
