mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-01 18:12:46 +00:00
Merge pull request #84960 from nh2/issue-84391-nginx-as-root-changelog
release notes: Explain how to run nginx master as root
This commit is contained in:
commit
f54a63920c
|
@ -809,7 +809,8 @@ auth required pam_succeed_if.so uid >= 1000 quiet
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The nginx web server previously started its master process as root
|
The nginx web server previously started its master process as root
|
||||||
privileged, then ran worker processes as a less privileged identity user.
|
privileged, then ran worker processes as a less privileged identity user
|
||||||
|
(the <literal>nginx</literal> user).
|
||||||
This was changed to start all of nginx as a less privileged user (defined by
|
This was changed to start all of nginx as a less privileged user (defined by
|
||||||
<literal>services.nginx.user</literal> and
|
<literal>services.nginx.user</literal> and
|
||||||
<literal>services.nginx.group</literal>). As a consequence, all files that
|
<literal>services.nginx.group</literal>). As a consequence, all files that
|
||||||
|
@ -817,6 +818,13 @@ auth required pam_succeed_if.so uid >= 1000 quiet
|
||||||
certificates and keys, etc.) must now be readable by this less privileged
|
certificates and keys, etc.) must now be readable by this less privileged
|
||||||
user/group.
|
user/group.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
To continue to use the old approach, you can configure:
|
||||||
|
<programlisting>
|
||||||
|
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
|
||||||
|
systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
|
|
Loading…
Reference in a new issue