Resolving Phusion Passenger Log Location Issues with Nginx

When deploying Ruby on Rails applications using Phusion Passenger with Nginx, you might encounter an issue where Passenger logs are not saved in the expected /tmp directory, making them difficult to locate for debugging.

The Problem

Recently, while troubleshooting a Rails application, I encountered an error message displayed in the browser:

We're sorry, but something went wrong.
The issue has been logged for investigation. Please try again later.

Technical details for the administrator of this website
This website is powered by Phusion Passenger®, the smart application server built by Phusion®.

In the Nginx error log, I found the following unhelpful information:

[ E 2024-07-07 19:02:16.4482 29523/Tl age/Cor/Con/CheckoutSession.cpp:283 ]: [Client 7-23] Cannot checkout session because a spawning error occurred. The identifier of the error is 2fbf7274. Please see earlier logs for details about the error.
[ E 2024-07-07 19:03:13.2500 29523/Tiq age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /home/system/Projects/steinbachinn.ca: The application process exited prematurely.
  Error ID: fadbe54e
  Error details saved to: /tmp/passenger-error-DXYeho.html

However, the file /tmp/passenger-error-DXYeho.html was missing. Instead, it was located at /tmp/systemd-private-730c91ca377d401d86eaae3328dfa7d0-nginx.service-PtlMnI/tmp/passenger-error-DXYeho.html.

The Cause

This issue arises because Nginx is running with PrivateTmp=true under systemd. This setting provides Nginx with its own isolated /tmp and /var/tmp directories, which are not shared with other services. While this enhances security, it complicates log file management for troubleshooting.

The Solution

To resolve this issue, you need to disable the PrivateTmp setting for the Nginx service. Here’s how:

  1. Create/Edit the Override File for Nginx:

    Use the following command to open an editor for creating or editing an override file for the Nginx service:

     sudo systemctl edit nginx
    
    💡
    If the editor is empty, that’s expected. We will add the necessary configuration in the next step.
  2. Add the Override Configuration:

    In the editor that opens, add the following lines:

     [Service]
     PrivateTmp=false
    

    This configuration ensures that Nginx uses the shared /tmp directory instead of a private one.

  3. Reload Systemd and Restart Nginx:

    Apply the changes by reloading the systemd configuration and restarting Nginx:

     sudo systemctl daemon-reload
     sudo systemctl restart nginx
    
  4. Verify the Changes:

    Check the effective configuration to ensure the override was applied correctly:

     sudo systemctl show nginx | grep PrivateTmp
    

    This command should return PrivateTmp=false.

  5. Check Logs:

    After restarting Nginx, verify that the Passenger logs are being written to the shared /tmp directory as expected:

     sudo tail -f /var/log/nginx/error.log
    

Conclusion

By disabling the PrivateTmp setting for the Nginx service, you can ensure that Passenger logs are saved in the shared /tmp directory, making them easier to locate and debug. This simple configuration change can save time and reduce frustration when troubleshooting issues in your Rails application.