<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><tt>Hi,</tt></p>
<p><tt>it got quite late, so I'll try to keep it short and simple.</tt></p>
<p><tt>My question is the outcome on my discussion on <a
moz-do-not-send="true"
href="https://www.reddit.com/r/servers/comments/9aj7fz/one_single_user_per_web_server_and_delete_default/">reddit-
one single user per web server (and delete default Web server
user) - possible and consequences?</a></tt>.<br>
I have a Synology NAS what runs a nginx as default web server to
run all their apps. I would like to extend it to meet the
following. <br>
I have 1 nginx server running as root (in my understanding it is a
reverse proxy), listening on port 80/443. this is your <code
class="yklcuq-7 iRRQrr">master</code> nginx server. have each
user account that needs a website run their own nginx server,
they're not allowed to serve port 80/443 directly, let them serve
a <code class="yklcuq-7 iRRQrr">unix socket</code>, that means
the config looks something like shown in my previous email. <br>
The purposes is that if the useraccount webapp1 is compromised,
it will only affect webaoos1's web server.. and repeat this for
all accounts/websites/whatever you want to keep separated. this
approach use some more ram than having a single nginx instance do
everything directly.<br>
</p>
<p>Besides the question for the optimal setup to realize this, I'm
wondering how I can call the web server locally, within my LAN if
I call them by the NAS's IP.</p>
<p>Hope that makes it clearer.</p>
<p>Thank you</p>
<p>Stefan<br>
</p>
<p> <br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 26.09.2018 13:03, Stefan Mueller
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAB3_rgnkJDNVdXC3n9jyuWNrFhRTuZah6k5=E6WVU1DLQ6cEMQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">I've just entered office :(. I will try to give you
more details later this day.</div>
<br>
<div class="gmail_quote">
<div dir="ltr">Le mer. 26 sept. 2018 à 12:52, Reinis Rozitis
<<a href="mailto:r@roze.lv" moz-do-not-send="true">r@roze.lv</a>>
a écrit :<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">> I added
include for the location config files may it makes it better
readable but still no clue hoiw to reach UNIX socket proxied
webserver in LAN.<br>
<br>
It's a bit unclear what is the problem or what you want to
achieve?<br>
<br>
The nginx can't connect/proxy_pass to the socket files (what's
the error)?<br>
<br>
<br>
Also I'm not sure how LAN goes together with unix socket files
which are ment for local process communication (IPC) inside a
single server instance. <br>
Is there a single server just with nginx and some other
services (node/python etc) which create those socket files
(/home/app1; /home/app2 ..) or you are trying to proxy some
other applications which reside on other devices/servers
inside LAN (to expose to WAN)?<br>
<br>
<br>
rr<br>
<br>
<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank"
moz-do-not-send="true">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote>
</div>
</blockquote>
</body>
</html>