Skip to content
This repository has been archived by the owner on Jun 21, 2018. It is now read-only.

nginx: Add reverse http(s) proxy for users #155

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

mayli
Copy link

@mayli mayli commented Apr 19, 2017

This patch will

  • add and pin nginx from nginx.org
  • add nginx http(s) reverse to /var/run/nginx/$user-http(s).sock

An additional patch is required to create link for $user-http(s).sock in user's home dir. @KellerFuchs said they will do it via pam_exec

@KellerFuchs KellerFuchs changed the title nginx: add reverse http(s) proxy for user UDS nginx: Add reverse http(s) proxy for users Apr 19, 2017
@KellerFuchs KellerFuchs requested a review from lrvick April 19, 2017 16:50
Copy link
Member

@lrvick lrvick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks solid. From the docs those configs -should- work.

Currently hosting does not work at all so this won't make it worse than nothing!

I vote let's deploy. We are also due for some updates anyway.

for proto in http https; do
SOCKET_LINK="${NGINX_SOCK_DIR}/${USER}-${proto}.sock"
[ -L "${SOCKET_LINK}" ] || \
ln -s "${XDG_RUNTIME_DIR}/${proto}.sock" "${SOCKET_LINK}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are the permissions on the socket going to be?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, 0700 + the following ACL: g:nginx:rwx, and the default daemon should do that, but users can implement whatever they want.
Truthfully, arbitrary users being able to send stuff to it wouldn't seem like a big deal, given that the socket is (by nature) exposed to the whole Internet anyhow.

/var/log/nginx/*.log {
daily
missingok
rotate 52
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we really need 52 days of logs?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will (probably) be the default in debian: I doubt this was selected by @mayli

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's default from debian

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand it's the default, but I'm still asking the question- do we as hashbang need that many days?

qalc install
qemu-slof install
qemu-system-common install
qemu-user install
qemu-user-binfmt install
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

flagging this as it seems unrelated to nginx

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it was added when i run apt install nginx, not sure why it gets installed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably a new dependency brought it by updates.
We should run an apt upgrade and commit the result to master.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, what should i do to fix this PR?

tmux install
toilet install
toilet-fonts install
topgit install
tor install
tor-arm install
tor-geoipdb install
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

flagging this as it seems unrelated to nginx

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are tons of changes in the packages.txt, i really don't know why apt install nginx changed this file so much

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably due to package updates that haven't happened in shell-etc yet.
I haven't had time to do so yet, but I'm going to perform those upgrades (and merge the result back in shell-etc, then do apt install nginx then rebase your branch on top of that, so that should go away (and all the Debian boilerplate will be signed by an admin)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants