-
Notifications
You must be signed in to change notification settings - Fork 18
nginx: Add reverse http(s) proxy for users #155
base: master
Are you sure you want to change the base?
Conversation
Package changes: +nginx 1.12.0-1~jessie
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks solid. From the docs those configs -should- work.
Currently hosting does not work at all so this won't make it worse than nothing!
I vote let's deploy. We are also due for some updates anyway.
for proto in http https; do | ||
SOCKET_LINK="${NGINX_SOCK_DIR}/${USER}-${proto}.sock" | ||
[ -L "${SOCKET_LINK}" ] || \ | ||
ln -s "${XDG_RUNTIME_DIR}/${proto}.sock" "${SOCKET_LINK}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are the permissions on the socket going to be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, 0700 + the following ACL: g:nginx:rwx
, and the default daemon should do that, but users can implement whatever they want.
Truthfully, arbitrary users being able to send stuff to it wouldn't seem like a big deal, given that the socket is (by nature) exposed to the whole Internet anyhow.
/var/log/nginx/*.log { | ||
daily | ||
missingok | ||
rotate 52 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we really need 52 days of logs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will (probably) be the default in debian: I doubt this was selected by @mayli
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's default from debian
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand it's the default, but I'm still asking the question- do we as hashbang need that many days?
qalc install | ||
qemu-slof install | ||
qemu-system-common install | ||
qemu-user install | ||
qemu-user-binfmt install |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flagging this as it seems unrelated to nginx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it was added when i run apt install nginx
, not sure why it gets installed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably a new dependency brought it by updates.
We should run an apt upgrade
and commit the result to master.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so, what should i do to fix this PR?
tmux install | ||
toilet install | ||
toilet-fonts install | ||
topgit install | ||
tor install | ||
tor-arm install | ||
tor-geoipdb install |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flagging this as it seems unrelated to nginx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are tons of changes in the packages.txt, i really don't know why apt install nginx
changed this file so much
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably due to package updates that haven't happened in shell-etc
yet.
I haven't had time to do so yet, but I'm going to perform those upgrades (and merge the result back in shell-etc
, then do apt install nginx
then rebase your branch on top of that, so that should go away (and all the Debian boilerplate will be signed by an admin)
This patch will
An additional patch is required to create link for $user-http(s).sock in user's home dir. @KellerFuchs said they will do it viapam_exec