<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Good morning Francis,</p>
<p>thank you coming back on this.</p>
<p><br>
</p>
<p>In the very beginning Reinis wrote:</p>
<blockquote>
<p><br>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Well you configure each individual nginx to listen ( <a class="moz-txt-link-freetext" href="https://nginx.org/en/docs/http/ngx_http_core_module.html#listen">https://nginx.org/en/docs/http/ngx_http_core_module.html#listen</a> ) on a unix socket:
Config on nginx1:
..
events { }
http {
server {
listen unix:/some/path/user1.sock;
..
}
}
Config on nginx2:
..
server {
listen unix:/some/path/user2.sock;
...
}
And then on the main server you configure the per-user virtualhosts to be proxied to particular socket:
server {
listen 80;
server_name user1.domain;
location / {
proxy_pass <a class="moz-txt-link-freetext" href="http://unix:/some/path/user1.sock">http://unix:/some/path/user1.sock</a>;
}
}
server {
listen 80;
server_name user2.domain;
location / {
proxy_pass <a class="moz-txt-link-freetext" href="http://unix:/some/path/user2.sock">http://unix:/some/path/user2.sock</a>;
}
}
</pre>
</blockquote>
</p>
</blockquote>
<p><br>
</p>
<p>so I asked</p>
<blockquote>
<blockquote>
<p><br>
</p>
</blockquote>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">that is all put in the same http{} block.</pre>
</blockquote>
</blockquote>
<p><br>
</p>
<p>and he answered</p>
<blockquote>
<p><br>
<blockquote type="cite">If you put everything (both the user
unix sockets and also the parent proxy server) under the same
http{} block then it makes no sense since a single instance of
nginx always runs under the same user (and beats the whole
user/app isolation).</blockquote>
<br>
</p>
</blockquote>
<p>so I wonder, if I need to work with multiple <font face="Courier
New, Courier, monospace">.conf </font>files or shall I put
multiple <font face="Courier New, Courier, monospace">http{}</font>
blocks in the general configuration of nginx <tt>/etc/nginx/nginx.conf</tt>?
I assume that Reinis told me indirectly to run multiple instances
of nginx, but I haven't understood yet how. There is the master
process, properly taking care about the proxy server but how to I
start the instance (if I need to work with instances) per <i>virtual
host</i>?</p>
<p><br>
</p>
<p>Stefan<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 15.10.2018 22:23, Francis Daly
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20181015202359.afvumr777zbbeokb@daoine.org">
<pre class="moz-quote-pre" wrap="">On Fri, Oct 12, 2018 at 11:59:48PM +0200, Stefan Müller wrote:
Hi there,
I've read over this mail thread, and I confess that I'm quite confused
as to what your remaining specific nginx question is.
If it's not too awkward, could you repeat just exactly what you now wish
to know?
It may make it easier for others to give a useful direct response.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">4. *nginx*
this is the only one remaining. How can I isolate the servers?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
I'm not sure what you mean by "isolate the servers", that was not
already answered.
("already answered" was approximately: for each server, run one nginx as
user this-server-user, listening on a unix domain socket. Then run one
nginx initially as user root, which does proxy_pass to the appropriate
unix-domain-socket-server.)
Have I missed something; or are you asking how to do it; or are you
asking why to do it?
Thanks,
f
</pre>
</blockquote>
</body>
</html>