Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Francis Daly francis at daoine.org
Tue Oct 16 07:56:22 UTC 2018


On Tue, Oct 16, 2018 at 09:20:33AM +0200, Stefan Müller wrote:

Hi there,

> so I wonder, if I need to work with multiple .conf files or shall I put
> multiple http{} blocks in the general configuration of nginx
> /etc/nginx/nginx.conf? I assume that Reinis told me indirectly to run
> multiple instances of nginx, but I haven't understood yet how. There is the
> master process, properly taking care about the proxy server but how to I
> start the instance (if I need to work with instances) per /virtual host/?

In this design, you run multiple instances of nginx. That is: multiple
individual system processes that are totally independent of each other.

So: nginx-user1.conf includes something like

  http {
    server {
      listen unix:/some/path/user1.sock;
    }
  }

and refers to log files and tmp files and a pid file that user1 can write,
and to a document root that user1 can read (if necessary), and you run
the command "/usr/sbin/nginx -c nginx-user1.conf" as system user user1.

And then you do the same for user2, user3, etc.

And then you have one other "nginx-main.conf" which includes "listen 443
ssl" and includes proxy_pass to the individual unix:/some/path/userN.sock
"backend" servers; and you run the command "/usr/sbin/nginx -c
nginx-main.conf" as user root.


Note: the actual file names involved are irrelevant. All that matters
is that when the nginx binary is run with a "-c" option, it can read
the named file which contains the config that this instance will use.

If the nginx process starts as user root, it will change itself to run as
the other configured user-id as soon as it can; if it starts as non-root,
it will not. In the above design, all of the user-specific backend nginx
servers run as non-root.


And - the term "virtual host" usually refers to different server{} blocks
within the configuration of a single nginx instance. You (generally) don't
care about those -- the nginx binary will start the appropriate child
system-level processes to deal with the configuration that it was given.

If you are running multiple nginx system-level processes, each one has
its own idea of the virtual hosts from its configuration. With the above
design, all of the "user" nginx instances have just one server{} block,
while the "root" nginx instance probably has multiple server{} blocks.


Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list