Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN
Stefan Müller
stefan.mueller.83 at gmail.com
Tue Oct 16 07:20:33 UTC 2018
Good morning Francis,
thank you coming back on this.
In the very beginning Reinis wrote:
> Well you configure each individual nginx to listen (https://nginx.org/en/docs/http/ngx_http_core_module.html#listen ) on a unix socket:
>
> Config on nginx1:
> ..
> events { }
> http {
> server {
> listen unix:/some/path/user1.sock;
> ..
> }
> }
>
> Config on nginx2:
> ..
> server {
> listen unix:/some/path/user2.sock;
> ...
> }
>
>
> And then on the main server you configure the per-user virtualhosts to be proxied to particular socket:
>
> server {
> listen 80;
> server_name user1.domain;
> location / {
> proxy_passhttp://unix:/some/path/user1.sock;
> }
> }
> server {
> listen 80;
> server_name user2.domain;
> location / {
> proxy_passhttp://unix:/some/path/user2.sock;
> }
> }
so I asked
> that is all put in the same http{} block.
and he answered
> If you put everything (both the user unix sockets and also the
> parent proxy server) under the same http{} block then it makes no
> sense since a single instance of nginx always runs under the same
> user (and beats the whole user/app isolation).
so I wonder, if I need to work with multiple .conf files or shall I put
multiple http{} blocks in the general configuration of nginx
/etc/nginx/nginx.conf? I assume that Reinis told me indirectly to run
multiple instances of nginx, but I haven't understood yet how. There is
the master process, properly taking care about the proxy server but how
to I start the instance (if I need to work with instances) per /virtual
host/?
Stefan
On 15.10.2018 22:23, Francis Daly wrote:
> On Fri, Oct 12, 2018 at 11:59:48PM +0200, Stefan Müller wrote:
>
> Hi there,
>
> I've read over this mail thread, and I confess that I'm quite confused
> as to what your remaining specific nginx question is.
>
> If it's not too awkward, could you repeat just exactly what you now wish
> to know?
>
> It may make it easier for others to give a useful direct response.
>
>> 4. *nginx*
>> this is the only one remaining. How can I isolate the servers?
> I'm not sure what you mean by "isolate the servers", that was not
> already answered.
>
> ("already answered" was approximately: for each server, run one nginx as
> user this-server-user, listening on a unix domain socket. Then run one
> nginx initially as user root, which does proxy_pass to the appropriate
> unix-domain-socket-server.)
>
> Have I missed something; or are you asking how to do it; or are you
> asking why to do it?
>
> Thanks,
>
> f
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20181016/ab4459fe/attachment-0001.html>
More information about the nginx
mailing list