Nginx ignore loaded config and search in "/etc/nginx/html/index.html"

Roberto Pezzali asked:

I update nginx to 1.16 and my website stop to work.
It look for file in “/etc/nginx/html/index.html”

Here is the log

2019/05/10 18:16:24 [error] 125559#125559: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 37.117.29.208, server: next.dday.it, request: "GET / HTTP/2.0", host: "next.dday.it"
2019/05/10 18:16:25 [error] 125559#125559: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 37.117.29.208, server: next.dday.it, request: "GET / HTTP/2.0", host: "next.dday.it"
2019/05/10 18:21:14 [error] 125700#125700: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 37.117.29.208, server: next.dday.it, request: "GET / HTTP/2.0", host: "next.dday.it"

This is my nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

        # SSL Settings
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        ssl_ecdh_curve prime256v1:secp384r1;

        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options DENY; # change to SAMEORIGIN for iframes
# Optimize session cache
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;

        # Enable session tickets
        ssl_session_tickets on;

        # OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
        resolver_timeout 2s;

        ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 32 16k;
        gzip_http_version 1.1;
        gzip_min_length 250;
        gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;

        # Brotli Settings
brotli on;
        brotli_comp_level 4;
        brotli_buffers 32 8k;
        brotli_min_length 100;
        brotli_static on;
    brotli_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/sites-enabled/*.*;

And If I try with NGINX -T my config under sites-enabled is loaded!

upstream puma_next.dday.it {
  server unix:/home/scriptamanent/apps/dday.it/shared/tmp/sockets/dday.it-puma.sock fail_timeout=0;
}
server {
  listen 80;
  listen [::]:80;
  server_name next.dday.it;
  return 301 https://next.dday.it$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name next.dday.it;
}


server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  ssl_certificate /etc/letsencrypt/live/next.dday.it/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/next.dday.it/privkey.pem;
  root /home/scriptamanent/apps/dday.it/current/public;
  try_files $uri/index.html $uri @puma_next.dday.it;

  client_max_body_size 4G;
  keepalive_timeout 10;

  error_page 500 502 504 /500.html;
  error_page 503 @503;

  location @puma_next.dday.it {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
ssi on;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass http://puma_next.dday.it;
    # limit_req zone=one;
    access_log /home/scriptamanent/apps/dday.it/shared/log/nginx.access.log;
    error_log /home/scriptamanent/apps/dday.it/shared/log/nginx.error.log;
  }

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  location ^~ /packs/ {
    gzip_static on;
    expires max;
  }

  location = /50x.html {
    root html;
  }

  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }

  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  if (-f $document_root/system/maintenance.html) {
    return 503;
 }
}

And this is my configuration in sites-enabled.
As I told you if I try Nginx -T the config is loaded.

Why???

My answer:


You have a complete server block for next.dday.it which serves nothing but static files:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2; 
    server_name next.dday.it;
}

It has no document root, so the default is used: /etc/nginx/html.

My guess is that you should instead have the server_name in the next server block, which doesn’t have one, but which does have the SSL certificate configured for next.dday.it.

I would move the server_name to that next server block, and then delete the remains of this one.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.