1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-01 18:12:46 +00:00

Merge pull request #84960 from nh2/issue-84391-nginx-as-root-changelog

release notes: Explain how to run nginx master as root
This commit is contained in:
Niklas Hambüchen 2020-04-11 03:33:25 +02:00 committed by GitHub
commit f54a63920c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -809,7 +809,8 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<listitem> <listitem>
<para> <para>
The nginx web server previously started its master process as root The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user. privileged, then ran worker processes as a less privileged identity user
(the <literal>nginx</literal> user).
This was changed to start all of nginx as a less privileged user (defined by This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and <literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that <literal>services.nginx.group</literal>). As a consequence, all files that
@ -817,6 +818,13 @@ auth required pam_succeed_if.so uid >= 1000 quiet
certificates and keys, etc.) must now be readable by this less privileged certificates and keys, etc.) must now be readable by this less privileged
user/group. user/group.
</para> </para>
<para>
To continue to use the old approach, you can configure:
<programlisting>
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
</programlisting>
</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>