Running Nginx as non root user

前端未结

关注

 3  777

I installed Nginx using Ansible. To install on Centos7 I used the yum package so it by default was run as root user. I want it to start and run as a different user

相关标签:

3条回答

梦谈多话

2020-12-24 09:21

Just in case it helps someone stumbling over this question in 2020, here is my minimal nginx.conf for running a web server on port 8088, works for a non-root user. No modding of file permissions necessary! (Tested on Centos 7.4 with nginx 1.16.1)

    error_log /tmp/error.log;
    pid       /tmp/nginx.pid;
    
    events {
      # No special events for this simple setup
    }
    http {
      server {
        listen       8088;
        server_name  localhost;
    
        # Set a number of log, temp and cache file options that will otherwise
        # default to restricted locations accessible only to root.
        access_log /tmp/nginx_host.access.log;
        client_body_temp_path /tmp/client_body;
        fastcgi_temp_path /tmp/fastcgi_temp;
        proxy_temp_path /tmp/proxy_temp;
        scgi_temp_path /tmp/scgi_temp;
        uwsgi_temp_path /tmp/uwsgi_temp;
    
        # Serve local files
        location / {
          root /home/<your_user>/web;
          index  index.html index.htm;
          try_files $uri $uri/ /index.html;
        }
      }
    }

0 讨论(0)

星月不相逢

2020-12-24 09:24
Add/Change the following in your /etc/nginx/nginx.conf:
```
user nginx;
```
You should create the user and grant permissions on the webroot directories recursively.

This way only master process runs as root. Because: Only root processes can listen to ports below 1024. A webserver typically runs at port 80 and/or 443. That means it needs to be started as root.

To run master process as non root user:

Change the ownership of the following:
- error_log
- access_log
- pid
- client_body_temp_path
- fastcgi_temp_path
- proxy_temp_path
- scgi_temp_path
- uwsgi_temp_path
Change the listen directives to ports above 1024, log in as desired user and run nginx by nginx -c /path/to/nginx.conf
0 讨论(0)
发布评论:

提交评论
- 加载中...

感动是毒

2020-12-24 09:30

Just in case it helps, for testing/debugging purpose, I sometimes run an nginx instance as a non privileged user on my Debian (stretch) laptop.

I use a minimal config file like this:

worker_processes 1;
error_log stderr;
daemon off;
pid nginx.pid;

events {
  worker_connections  1024;
}

http {
  include             /etc/nginx/mime.types;
  default_type        application/octet-stream;

  sendfile on;

  keepalive_timeout   65;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
  ssl_prefer_server_ciphers on;
  access_log access.log;
  server {
    listen            8080;
    server_name       localhost;

    location / {
      include /etc/nginx/uwsgi_params;
      uwsgi_pass localhost:8081;
    }
  }
}

and I start the process with:

/usr/sbin/nginx -c nginx.conf -p $PWD

0 讨论(0)