Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Reinis Rozitis r at
Tue Oct 2 16:41:45 UTC 2018

> This allows permission management via user accounts but it can can get bulky as soon as you set up user accounts for permission management of each backend application, as they  pose a higher risk, as indicated in the previous email

Well you asked how to proxy unix sockets...

> that is all put in the same http{} block.

If you put everything (both the user unix sockets and also the parent proxy server) under the same http{} block then it makes no sense since a single instance of nginx always runs under the same user (and beats the whole user/app isolation). 
It's more simple then just to make virtualhosts without the sockets and without the proxy.

> Nginx just starts php-fpm

Depending on distribution there might be some init and/or systemd scripts which start both daemons but on its own nginx doesn’t do that.

> 4.	(new) how to debug
> In /etc/nginx/nginx.conf  as there is:
> access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
> error_log   syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;
> so I assume Debug Logging is available although $ nginx -V 2>&1 | grep -- '--with-debug' does not return anything.

It means that nginx is logging to syslog (which then usually writes somewhere under /var/log). You can change/point both logs also directly to a file.

--with-debug is only present when nginx is compiled in debug mode to log internal things and provide more detailed information in case of bugs. I doubt it will give any benefit in this case.

In general you are mixing a lot of things together, like asking about a BSD firewall, NATs, Bind and then trying to implement it on a specific linux-based ARM blackbox.
I would suggest to start experimenting/researching different technologies one by one rather than trying to achieve everything at once.


More information about the nginx mailing list