Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Wed, 26 Sep 2018 13:43:12 -0700

Hi,

it got quite late, so I'll try to keep it short and simple.

My question is the outcome on my discussion on reddit- one single user per web server (and delete default Web server user) - possible and consequences?.
I have a Synology NAS what runs a nginx as default web server to run all their apps. I would like to extend it to meet the following.
I have 1 nginx server running as root (in my understanding it is a reverse proxy), listening on port 80/443. this is your master nginx server. have each user account that needs a website run their own nginx server, they're not allowed to serve port 80/443 directly, let them serve a unix socket, that means the config looks something like shown in my previous email.
The purposes is that  if the useraccount webapp1 is compromised, it will only affect webaoos1's web server.. and repeat this for all accounts/websites/whatever you want to keep separated. this approach use some more ram than having a single nginx instance do everything directly.

Besides the question for the optimal setup to realize this, I'm wondering how I can call the web server locally, within my LAN if I call them by the NAS's IP.

Hope that makes it clearer.

Thank you

Stefan



On 26.09.2018 13:03, Stefan Mueller wrote:
I've just entered office :(. I will try to give you more details later this day.

Le mer. 26 sept. 2018 à 12:52, Reinis Rozitis <r...@roze.lv> a écrit :
> I added include for the location config files may it makes it better readable but still no clue hoiw to reach UNIX socket proxied webserver in LAN.

It's a bit unclear what is the problem or what you want to achieve?

The nginx can't connect/proxy_pass to the socket files (what's the error)?


Also I'm not sure how LAN goes together with unix socket files which are ment for local process communication (IPC) inside a single server instance.
Is there a single server just with nginx and some other services (node/python etc) which create those socket files (/home/app1; /home/app2 ..) or you are trying to proxy some other applications which reside on other devices/servers inside LAN (to expose to WAN)?


rr



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to