> This allows permission management via user accounts but it can can get bulky
> as soon as you set up user accounts for permission management of each backend
> application, as they pose a higher risk, as indicated in the previous email
Well you asked how to proxy unix sockets...
> that is all put in the same http{} block.
If you put everything (both the user unix sockets and also the parent proxy
server) under the same http{} block then it makes no sense since a single
instance of nginx always runs under the same user (and beats the whole user/app
isolation).
It's more simple then just to make virtualhosts without the sockets and without
the proxy.
> Nginx just starts php-fpm
No.
Depending on distribution there might be some init and/or systemd scripts which
start both daemons but on its own nginx doesn’t do that.
> 4. (new) how to debug
> In /etc/nginx/nginx.conf as there is:
> access_log
> syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
> error_log
> syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;
> so I assume Debug Logging is available although $ nginx -V 2>&1 | grep --
> '--with-debug' does not return anything.
It means that nginx is logging to syslog (which then usually writes somewhere
under /var/log). You can change/point both logs also directly to a file.
--with-debug is only present when nginx is compiled in debug mode to log
internal things and provide more detailed information in case of bugs. I doubt
it will give any benefit in this case.
In general you are mixing a lot of things together, like asking about a BSD
firewall, NATs, Bind and then trying to implement it on a specific linux-based
ARM blackbox.
I would suggest to start experimenting/researching different technologies one
by one rather than trying to achieve everything at once.
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
