I'm attempting to proxy_pass secured access to the unit control socket from
an nginx instance running as my distro default nginx user. The unit control
socket is owned and restricted to 'root' access. Therefore I get a 502
error from my requests to the nginx listener. If I chmod the control socket
to nginx:nginx (the same user I run unitd and nginx), my proxy_pass secured
access works.
Can anyone tell me how to get unitd to create the control socket as its
configured user and group?
For example:
unitd --user nginx --group nginx
would then create my control socket owned by nginx:nginx?
I would really rather not wrap a shell script around my instance so that I
run chown every time unitd runs.
Hi,
I'm glad to announce a new release of NGINX Unit.
This release includes a number of improvements in various language modules
and, finally, basic handling of incoming WebSocket connections, currently
only for Node.js. Next in line to obtain WebSocket support is the Java
module; it's almost ready but requires some polishing.
To handle WebSocket connections in your Node.js app via Unit, use the
server object from the 'unit-http' module instead of the default one:
var webSocketServer = require('unit-http/websocket').server;
Another interesting and long-awaited feature in this release is the splitting
of PATH_INFO in the PHP module. Now, Unit can properly handle requests like
/app.php/some/path?some=args, which are often used to implement "user-friendly"
URLs in PHP applications.
Changes with Unit 1.10.0 22 Aug 2019
*) Change: matching of cookies in routes made case sensitive.
*) Change: decreased log level of common errors when clients close
connections.
*) Change: removed the Perl module's "--include=" ./configure option.
*) Feature: built-in WebSocket server implementation for Node.js module.
*) Feature: splitting PATH_INFO from request URI in PHP module.
*) Feature: request routing by scheme (HTTP or HTTPS).
*) Feature: support for multipart requests body in Java module.
*) Feature: improved API compatibility with Node.js 11.10 or later.
*) Bugfix: reconfiguration failed if "listeners" or "applications"
objects were missing.
*) Bugfix: applying a large configuration might have failed.
Please welcome our new junior developer, Axel Duch. For this release, he
implemented scheme matching in request routing; now, he works to further extend
the request routing capabilities with source and destination address matching.
In parallel, Tiago Natel de Moura, who also joined the development recently,
has achieved significant progress in the effort to add various process
isolation features to Unit. You can follow his recent work on Linux
namespaces support in the following pull request:
- https://github.com/nginx/unit/pull/289
See also his email about the feature:
- https://mailman.nginx.org/pipermail/nginx/2019-August/058321.html
In the meantime, we are about to finish the first round of adding basic
support for serving static media assets and proxying in Unit.
Stay tuned!
wbr, Valentin V. Bartenev