<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hallo Francis,<br>
thank you for the liberating response :).</p>
<p>Unfortunately that rise some questions:</p>
<ol>
<li>documentation <br>
Is there any additional document for the -c command. I find
only:<br>
<ol>
<li><a class="moz-txt-link-freetext" href="http://nginx.org/en/docs/switches.html">http://nginx.org/en/docs/switches.html</a></li>
<li><a class="moz-txt-link-freetext" href="https://stackoverflow.com/questions/19910042/locate-the-nginx-conf-file-my-nginx-is-actually-using">https://stackoverflow.com/questions/19910042/locate-the-nginx-conf-file-my-nginx-is-actually-using</a></li>
</ol>
but none of them says that it will start an independent
instances of nginx. <br>
<br>
</li>
<li>command line <br>
I assume, that the command line parameters refer to a single
instance environment. How do I use the command line parameters
for a specific instance? Is it like this <font
face="Courier
 New,
 Courier, monospace">nginx -V "pid
/var/run/nginx-user1.pid"</font>? <br>
<br>
</li>
<li>root and non-root<br>
only the master / proxy server instance need root access in
order to bind to ports <1024 and change its user-id to the
one defined in the<font face="Courier New, Courier, monospace">
<code><a
href="https://nginx.org/en/docs/ngx_core_module.html#user">user</a></code>
</font> directive in the main context of its <font
face="Courier New, Courier, monospace">.conf</font> file.<br>
The other / backend instances don't have to be started as root
as they don't need to bind to ports, they communicate via UNIX
sockets so all permission are managed by the user account
management. <br>
That is the same, what you said, isn't it?<br>
<br>
</li>
<li>all in all there two layers of isolation</li>
<ol>
<li>dynamic content provide such as PHP<br>
each "virtual host" / <font face="Courier New, Courier,
monospace">server{} </font>blocks has its own PHP pool. So
the user for pool <font face="Courier New, Courier,
monospace">server{}</font><font face="Courier New, Courier,
monospace"><i>user1</i> </font>cannot see the pool <font
face="Courier New, Courier, monospace">server{}</font><font
face="Courier New, Courier, monospace"><i>user2</i></font>.
If <i>user1</i> gets hacked, the hacker won't get immidate
acceass to <i>user2</i> or the nginx master process,
correct?<br>
</li>
<li>independent instances of nginx.<br>
In case the master process is breach for what ever reason, the
hacker cannot see the other serves as long as he won't get
root privileges of the machine and there is the same exploit
in the other servers, correct?</li>
</ol>
</ol>
<p>Stefan<br>
</p>
<ol>
</ol>
On 16.10.2018 09:56, Francis Daly wrote:<br>
<blockquote type="cite"
cite="mid:20181016075622.tr245ocpe3cuypgd@daoine.org">
<pre class="moz-quote-pre" wrap="">On Tue, Oct 16, 2018 at 09:20:33AM +0200, Stefan Müller wrote:
Hi there,
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">so I wonder, if I need to work with multiple .conf files or shall I put
multiple http{} blocks in the general configuration of nginx
/etc/nginx/nginx.conf? I assume that Reinis told me indirectly to run
multiple instances of nginx, but I haven't understood yet how. There is the
master process, properly taking care about the proxy server but how to I
start the instance (if I need to work with instances) per /virtual host/?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">In this design, you run multiple instances of nginx. That is: multiple
individual system processes that are totally independent of each other.
So: nginx-user1.conf includes something like
http {
server {
listen unix:/some/path/user1.sock;
}
}
and refers to log files and tmp files and a pid file that user1 can write,
and to a document root that user1 can read (if necessary), and you run
the command "/usr/sbin/nginx -c nginx-user1.conf" as system user user1.
And then you do the same for user2, user3, etc.
And then you have one other "nginx-main.conf" which includes "listen 443
ssl" and includes proxy_pass to the individual unix:/some/path/userN.sock
"backend" servers; and you run the command "/usr/sbin/nginx -c
nginx-main.conf" as user root.
Note: the actual file names involved are irrelevant. All that matters
is that when the nginx binary is run with a "-c" option, it can read
the named file which contains the config that this instance will use.
If the nginx process starts as user root, it will change itself to run as
the other configured user-id as soon as it can; if it starts as non-root,
it will not. In the above design, all of the user-specific backend nginx
servers run as non-root.
And - the term "virtual host" usually refers to different server{} blocks
within the configuration of a single nginx instance. You (generally) don't
care about those -- the nginx binary will start the appropriate child
system-level processes to deal with the configuration that it was given.
If you are running multiple nginx system-level processes, each one has
its own idea of the virtual hosts from its configuration. With the above
design, all of the "user" nginx instances have just one server{} block,
while the "root" nginx instance probably has multiple server{} blocks.
Good luck with it,
f
</pre>
</blockquote>
</body>
</html>