Welcome! Log In Create A New Profile

Advanced

Re: nginx as nonroot - setsockopt not permitted

Maxim Dounin
September 14, 2018 08:00AM
Hello!

On Fri, Sep 14, 2018 at 03:52:03AM -0400, orsolya.magos wrote:

> we use nginx which load-balances toward our snmptrapd. Everything is working
> fine if we start nginx with root. We would like to change it so nginx
> (workers) would start with nginx user. I couldn't make it work, do you have
> any idea what additional thing can I set/check?
>
> nginx -V
> nginx version: nginx/1.12.2
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)

Update to nginx 1.13.8+, it should be able to use transparent
proxying on Linux without workers being run as root:

*) Feature: now nginx automatically preserves the CAP_NET_RAW capability
in worker processes when using the "transparent" parameter of the
"proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
"uwsgi_bind" directives.

Alternatively, consider not using "proxy_bind ... transparent".
See docs here for additional details:

http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx as nonroot - setsockopt not permitted

orsolya.magos September 14, 2018 03:52AM

Re: nginx as nonroot - setsockopt not permitted

Maxim Dounin September 14, 2018 08:00AM

Re: nginx as nonroot - setsockopt not permitted

orsolya.magos September 14, 2018 09:13AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 131
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready