|
This allows permission management via user accounts but it can can get bulky as soon as you set up user accounts for permission management of each backend application, as they pose a higher risk, as indicated in the previous email
Well you asked how to proxy unix sockets...
and that is the explantation why you could/should to do instead of
TCP sockets or did I miss something?
If you put everything (both the user unix sockets and also the parent proxy server) under the same http{} block
so all goes in the same nginx.conf but in different http{}
block or do I need one nginx.conf for each, the
user unix sockets and also the parent proxy server?
It's more simple then just to make virtualhosts without the sockets and without the proxy.
server {
listen ...
}
a server block is the counterpart of a virtualhost in Apache
isn't it?
You suggesting to setup virtualhosts what listen to a port whereto
traffic is forwarded from the router. I don't to have multiple
ports open at the router, so I would like to stick with UNIX
Sockets and proxy.
In general you are mixing a lot of things together,
No worries, those things get solved elsewhere. I mentioned them as
they interfere with the proxy/virtualhost setup.
On 02.10.2018 18:41, Reinis Rozitis
wrote:
This allows permission management via user accounts but it can can get bulky as soon as you set up user accounts for permission management of each backend application, as they pose a higher risk, as indicated in the previous email
Well you asked how to proxy unix sockets...
that is all put in the same http{} block.
If you put everything (both the user unix sockets and also the parent proxy server) under the same http{} block then it makes no sense since a single instance of nginx always runs under the same user (and beats the whole user/app isolation).
It's more simple then just to make virtualhosts without the sockets and without the proxy.
Nginx just starts php-fpm
No.
Depending on distribution there might be some init and/or systemd scripts which start both daemons but on its own nginx doesn’t do that.
4. (new) how to debug
In /etc/nginx/nginx.conf as there is:
access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;
so I assume Debug Logging is available although $ nginx -V 2>&1 | grep -- '--with-debug' does not return anything.
It means that nginx is logging to syslog (which then usually writes somewhere under /var/log). You can change/point both logs also directly to a file.
--with-debug is only present when nginx is compiled in debug mode to log internal things and provide more detailed information in case of bugs. I doubt it will give any benefit in this case.
In general you are mixing a lot of things together, like asking about a BSD firewall, NATs, Bind and then trying to implement it on a specific linux-based ARM blackbox.
I would suggest to start experimenting/researching different technologies one by one rather than trying to achieve everything at once.
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
|
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
