nginx: Add reverse http(s) proxy for users#155
nginx: Add reverse http(s) proxy for users#155mayli wants to merge 6 commits intohashbang:masterfrom
Conversation
Package changes: +nginx 1.12.0-1~jessie
KellerFuchs
changed the title
| for proto in http https; do | ||
| SOCKET_LINK="${NGINX_SOCK_DIR}/${USER}-${proto}.sock" | ||
| [ -L "${SOCKET_LINK}" ] || \ | ||
| ln -s "${XDG_RUNTIME_DIR}/${proto}.sock" "${SOCKET_LINK}" |
There was a problem hiding this comment.
What are the permissions on the socket going to be?
There was a problem hiding this comment.
Ideally, 0700 + the following ACL: g:nginx:rwx, and the default daemon should do that, but users can implement whatever they want.
Truthfully, arbitrary users being able to send stuff to it wouldn't seem like a big deal, given that the socket is (by nature) exposed to the whole Internet anyhow.
| /var/log/nginx/*.log { | ||
| daily | ||
| missingok | ||
| rotate 52 |
There was a problem hiding this comment.
do we really need 52 days of logs?
There was a problem hiding this comment.
This will (probably) be the default in debian: I doubt this was selected by @mayli
There was a problem hiding this comment.
I understand it's the default, but I'm still asking the question- do we as hashbang need that many days?
| qemu-slof install | ||
| qemu-system-common install | ||
| qemu-user install | ||
| qemu-user-binfmt install |
There was a problem hiding this comment.
flagging this as it seems unrelated to nginx
There was a problem hiding this comment.
it was added when i run apt install nginx, not sure why it gets installed.
There was a problem hiding this comment.
Probably a new dependency brought it by updates.
We should run an apt upgrade and commit the result to master.
There was a problem hiding this comment.
so, what should i do to fix this PR?
| topgit install | ||
| tor install | ||
| tor-arm install | ||
| tor-geoipdb install |
There was a problem hiding this comment.
flagging this as it seems unrelated to nginx
There was a problem hiding this comment.
there are tons of changes in the packages.txt, i really don't know why apt install nginx changed this file so much
There was a problem hiding this comment.
Probably due to package updates that haven't happened in shell-etc yet.
I haven't had time to do so yet, but I'm going to perform those upgrades (and merge the result back in shell-etc, then do apt install nginx then rebase your branch on top of that, so that should go away (and all the Debian boilerplate will be signed by an admin)
5 participants
This patch will
An additional patch is required to create link for $user-http(s).sock in user's home dir. @KellerFuchs said they will do it viapam_exec