Hello everybody, I’m on 6.1 and trying to configure NGINX. I’m posting this issue here because it may be peculiar to OpenBSD but I know it could be more appropriate to post it on an NGINX specific mailing list. Please let me know if I’m in topic.
I successfully installed NGINX (`$ doas pkg_add nginx`) and managed to setup a pure static vhost: /etc/nginx/nginx.conf: ``` # ... server { listen 80; server_name myapp.com; access_log /var/www/apps/my_app/logs/access.log; error_log /var/www/apps/my_app/logs/error.log; root /var/www/apps/my_app/current; } # ... ``` And it works just fine. Then I tried to implement a reverse proxy with the `proxy_pass` directive toward a local Ruby-based application server (Puma, booting a Ruby app). If I define a proxy_pass toward a TCP port then the requests correctly reach the application server but when I try to migrate the setup into a unix socket binding, then I get an error due to NGINX being chrooted. /etc/nginx/nginx.conf: ``` # ... server { server_name myapp.com; access_log /var/www/apps/my_app/logs/access.log; error_log /var/www/apps/my_app/logs/error.log; root /var/www/apps/my_app/current; location / { proxy_pass http://unix:/var/www/apps/my_app/application.socket; } } # ... ``` /var/log/nginx/error.log: ``` 2017/08/05 23:17:34 [crit] 58554#0: *5 connect() to unix:/var/www/apps/my_app/application.socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.3, server: myapp.com, request: "GET / HTTP/1.1", upstream: "http://unix:/var/www/apps/my_app/application.socket:/", host: “myapp.com" ``` ``` $ ls -al /var/www drwxr-xr-x 4 olistik olistik 512 Aug 3 18:17 apps drwxr-xr-x 3 www www 512 Jul 16 22:48 htdocs drwxr-xr-x 2 root daemon 512 Apr 1 21:38 run drwx------ 2 www www 512 Jul 15 20:51 tmp ``` This is how I start the application server: ``` $ bundle exec puma --debug -v -e production -b unix:///var/www/apps/my_app/application.socket -v Puma starting in single mode... * Version 3.9.1 (ruby 2.4.1-p111), codename: Private Caller * Min threads: 0, max threads: 16 * Environment: production * Listening on unix:///var/www/apps/my_app/application.socket Use Ctrl-C to stop ``` The only way I found to work around this issue is to disable NGINX chroot: ``` $ doas rcctl enable nginx $ doas rcctl set nginx flags -u $ doas rcctl restart nginx ``` But it’s not ideal to lose the isolation chroot gives. Do you have any suggestions on how to implement a unix socket connection with NGINX chroot enabled? Thank in advance, olistik