Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

[Stefan Müller]

Good morning Francis,

thank you coming back on this.

In the very beginning Reinis wrote:


    Well you configure each individual nginx to listen 
(https://nginx.org/en/docs/http/ngx_http_core_module.html#listen  ) on a unix 
socket:

    Config on nginx1:
    ..
    events { }
    http {
       server {
          listen unix:/some/path/user1.sock;
          ..
      }
    }

    Config on nginx2:
    ..
    server {
         listen unix:/some/path/user2.sock;
        ...
    }


    And then on the main server you configure the per-user virtualhosts to be 
proxied to particular socket:

    server {
        listen 80;
        server_name     user1.domain;
        location / {
                proxy_passhttp://unix:/some/path/user1.sock;
        }
    }
    server {
        listen 80;
        server_name     user2.domain;
        location / {
                proxy_passhttp://unix:/some/path/user2.sock;
        }
    }


so I asked


    that is all put in the same http{} block.


and he answered


    If you put everything (both the user unix sockets and also the
    parent proxy server) under the same http{} block then it makes no
    sense since a single instance of nginx always runs under the same
    user (and beats the whole user/app isolation).

so I wonder, if I need to work with multiple .conf files or shall I put 
multiple http{} blocks in the general configuration of nginx 
/etc/nginx/nginx.conf? I assume that Reinis told me indirectly to run 
multiple instances of nginx, but I haven't understood yet how. There is 
the master process, properly taking care about the proxy server but how 
to I start the instance (if I need to work with instances) per /virtual 
host/?


Stefan



On 15.10.2018 22:23, Francis Daly wrote:
On Fri, Oct 12, 2018 at 11:59:48PM +0200, Stefan Müller wrote:

Hi there,

I've read over this mail thread, and I confess that I'm quite confused
as to what your remaining specific nginx question is.

If it's not too awkward, could you repeat just exactly what you now wish
to know?

It may make it easier for others to give a useful direct response.

4. *nginx*
    this is the only one remaining. How can I isolate the servers?
I'm not sure what you mean by "isolate the servers", that was not
already answered.

("already answered" was approximately: for each server, run one nginx as
user this-server-user, listening on a unix domain socket. Then run one
nginx initially as user root, which does proxy_pass to the appropriate
unix-domain-socket-server.)

Have I missed something; or are you asking how to do it; or are you
asking why to do it?

Thanks,

        f
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx