> how do I do it eaxtly regardless if it is cumbersome?.
Well you configure each individual nginx to listen (
https://nginx.org/en/docs/http/ngx_http_core_module.html#listen ) on a unix
socket:
Config on nginx1:
..
events { }
http {
server {
listen unix:/some/path/user1.sock;
..
}
}
Config on nginx2:
..
server {
listen unix:/some/path/user2.sock;
...
}
And then on the main server you configure the per-user virtualhosts to be
proxied to particular socket:
server {
listen 80;
server_name user1.domain;
location / {
proxy_pass http://unix:/some/path/user1.sock;
}
}
server {
listen 80;
server_name user2.domain;
location / {
proxy_pass http://unix:/some/path/user2.sock;
}
}
(obviously it's just a mockup and you need to add everything else like http {}
blocks, root paths, SSL certificates (if available) etc)
> So far I assuemd that the worker start the backend application the access to
> php is configured in the server block (my reference is What is the easiest
> way to enable PHP on nginx? and Serve PHP with PHP-FPM and NGINX). My
> googling tells my that the PHP process usually runs with the permissions of
> the webserver.
Not exactly.
php-fpm which is the typical way of running php under nginx are different
processes/daemons each having their own configuration and communicate via
FastCGI (http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html ) via tcp
or unix socket and both can run under different system users (php-fpm can
manage even multiple pools each under own user and different settings) .
The guide you linked on linode.com isn't fully correct "The listen.owner and
listen.group variables are set to www-data by default, but they need to match
the user and group NGINX is running as."
The users don't need to match but the nginx user needs read/write permissions
on the socket file (setting the same user just makes the guide simpler and less
error prone).
You can always put the nginx and php-fpm user in a group and make the socket
file group writable (via listen.mode = 0660 in php-fpm.conf)
> Unfortunettely, my NAS does not support it
While the Synologies are Linux-based maybe running somewhat complicated setups
(user/app isolation) and exposing to WAN are not the best option.
Also it beats the whole idea of DSM being userfriendly centralized GUI tool. A
regular pc/server with some native linux distribution (Ubuntu, Debian, Fedora,
Opensuse etc) might be a better choice (and imho easier to experiment on) and
you can always attach the NAS to the linux box (via NFS, samba/cifs, webdav
etc).
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
