How to dump nginx sites-enabled configuration

Find an article
Jun 3
Published by in · Leave your thoughts
( words)
Warning! There was an error loading some of the images for this post.

I was recently a fool and¬†accidentally deleted my nginx sites-enabled configurations. After endless mopping, I stumbled across this. If you add the below to file such as “find_nginx_config.sh”:

 # Set pid of nginx master process here
 pid=8192

 # generate gdb commands from the process's memory mappings using awk
 cat /proc/$pid/maps | awk '$6 !~ "^/" {split ($1,addrs,"-"); print "dump memory mem_" addrs[1] " 0x" addrs[1] " 0x" addrs[2] ;}END{print "quit"}' > gdb-commands

 # use gdb with the -x option to dump these memory regions to mem_* files
 gdb -p $pid -x gdb-commands

 # look for some (any) nginx.conf text
 grep worker_connections mem_*
 grep server_name mem_*

Then:

chmod +x find_nginx_config.sh
./find_nginx_config.sh

If you’re in luck it will tell you which file potentially holds the key to your woes. Sadly, in my case the memory had been overwritten in various places however after 20minutes of manually pulling bits from the binary file I managed to reconstruct the original configuration files. It should be fairly obvious where the configuration starts if you search the file for terms such as “location” or “server” and then manually scroll through.

Best of luck.

Leave a Reply

Your email address will not be published.