<div dir="ltr">Thank you... I wrapped it. A little bash magic goes a long way.<div><br></div><div>The NGINX Unit eBook states on page 3: "The NGINX Unit control process is advertised through an API. The API can be configured to be served through a Unix or TCP socket. I didn't see a unitd option to create the control socket on a TCP listener. Right now I am fronting Unit with another NGINX instance and have route to the unix socket. Is that a typo in the eBook or did I just miss something?</div><div><br></div><div>Thanks again.. loving things so far!</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 22, 2019 at 3:06 PM Valentin V. Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wednesday, 21 August 2019 21:47:21 MSK John Gruber wrote:<br>
> I'm attempting to proxy_pass secured access to the unit control socket from<br>
> an nginx instance running as my distro default nginx user. The unit control<br>
> socket is owned and restricted to 'root' access. Therefore I get a 502<br>
> error from my requests to the nginx listener. If I chmod the control socket<br>
> to nginx:nginx (the same user I run unitd and nginx), my proxy_pass secured<br>
> access works.<br>
> <br>
> Can anyone tell me how to get unitd to create the control socket as its<br>
> configured user and group?<br>
> <br>
> For example:<br>
> <br>
> unitd --user nginx --group nginx<br>
> <br>
> would then create my control socket owned by nginx:nginx?<br>
[..]<br>
<br>
These options specify user and group for unprivileged processes<br>
and don't affect control socket, which is for security purposes<br>
managed by root.<br>
<br>
<br>
> <br>
> I would really rather not wrap a shell script around my instance so that I<br>
> run chown every time unitd runs.<br>
> <br>
<br>
That's a known problem. Adding options for changing control socket<br>
permissions is in our TODO list.<br>
<br>
wbr, Valentin V. Bartenev<br>
<br>
<br>
<br>
_______________________________________________<br>
unit mailing list<br>
<a href="mailto:unit@nginx.org" target="_blank">unit@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/unit" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/unit</a><br>
</blockquote></div>