Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Tue Oct 16 07:20:33 UTC 2018

Good morning Francis,

thank you coming back on this.

In the very beginning Reinis wrote:

>     Well you configure each individual nginx to listen (https://nginx.org/en/docs/http/ngx_http_core_module.html#listen  ) on a unix socket:
>
>     Config on nginx1:
>     ..
>     events { }
>     http {
>        server {
>           listen unix:/some/path/user1.sock;
>           ..
>       }
>     }
>
>     Config on nginx2:
>     ..
>     server {
>          listen unix:/some/path/user2.sock;
>         ...
>     }
>
>
>     And then on the main server you configure the per-user virtualhosts to be proxied to particular socket:
>
>     server {
>     	listen 80;
>     	server_name     user1.domain;
>     	location / {
>     		proxy_passhttp://unix:/some/path/user1.sock;
>     	}
>     }
>     server {
>     	listen 80;
>     	server_name     user2.domain;
>     	location / {
>     		proxy_passhttp://unix:/some/path/user2.sock;
>     	}
>     }

so I asked

>     that is all put in the same http{} block.

and he answered

>     If you put everything (both the user unix sockets and also the
>     parent proxy server) under the same http{} block then it makes no
>     sense since a single instance of nginx always runs under the same
>     user (and beats the whole user/app isolation).

so I wonder, if I need to work with multiple .conf files or shall I put 
multiple http{} blocks in the general configuration of nginx 
/etc/nginx/nginx.conf? I assume that Reinis told me indirectly to run 
multiple instances of nginx, but I haven't understood yet how. There is 
the master process, properly taking care about the proxy server but how 
to I start the instance (if I need to work with instances) per /virtual 
host/?

Stefan

On 15.10.2018 22:23, Francis Daly wrote:
> On Fri, Oct 12, 2018 at 11:59:48PM +0200, Stefan Müller wrote:
>
> Hi there,
>
> I've read over this mail thread, and I confess that I'm quite confused
> as to what your remaining specific nginx question is.
>
> If it's not too awkward, could you repeat just exactly what you now wish
> to know?
>
> It may make it easier for others to give a useful direct response.
>
>> 4. *nginx*
>>     this is the only one remaining. How can I isolate the servers?
> I'm not sure what you mean by "isolate the servers", that was not
> already answered.
>
> ("already answered" was approximately: for each server, run one nginx as
> user this-server-user, listening on a unix domain socket. Then run one
> nginx initially as user root, which does proxy_pass to the appropriate
> unix-domain-socket-server.)
>
> Have I missed something; or are you asking how to do it; or are you
> asking why to do it?
>
> Thanks,
>
> 	f
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20181016/ab4459fe/attachment-0001.html>