How to run nginx using the nginx user - linux

I have installed nginx on ec2, and when I star it, I see it runs using the ec2-user.
My impression is that it is not advisable to run the webserver with ec2-user but another user.
When I look at the default configuation at /etc/nginx/nginx.conf i see user nginx; showing that a user nginx could be used.
Question now is, how do I use the nginx user to run nginx. I currently can control nginx by using sudo. If I do not, I get the following error:
systemctl stop nginx
Failed to stop nginx.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and 'systemctl status nginx.service' for details.
How do I get to be able to control nginx like this, but with the ngin user?
when I try to switch to the user, I get the following message:
sudo -iu nginx
This account is currently not available.
But when I try to add the nginx user, I get the following message:
sudo useradd nginx
useradd: user 'nginx' already exists
SO I am not sure the correct way of dealing with this.

Related

Reposting - Error: Ident authentication failed for user

I feel like the foot traffic is slow on Unix&Linux, so I'm also posting this question here:
I have a Postgres installed in CentOS, along with Node and React with NGINX. I've left alone my Unix postgres account to be without a password as recommended here. I've also written migrations with postgrator, which creates a table as blog_user in the blog_database.
My blog_user has LOGIN attribute with encrypted password, and the database blog_database is owned by postgres.
When I run my migrations in CentOS, I get this message
[joseph#vultr backend]$ yarn run migrate
yarn run v1.17.3
$ postgrator --config postgrator-config.js
[2:41:39 AM] table schemaversion does not exist - creating it.
[2:41:39 AM] version of database is: 0
[2:41:39 AM] migrating up to 2
Error: Ident authentication failed for user "blog_user"
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
When attempting to change peer to md5 for all, I am required to put in a password for postgres
-bash-4.2$ vim /var/lib/pgsql/11/data/pg_hba.conf
-bash-4.2$ sudo systemctl restart postgresql.service
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for postgres:
Sorry, try again.
Executing the restart command as root leads to this message
[root#vultr ~]# vim /var/lib/pgsql/11/data/pg_hba.conf
[root#vultr ~]# systemctl restart postgresql.service
Failed to restart postgresql.service: Unit not found.
I'm not sure what I need to do to solve this.
Use trust authentication for local connections unless you have untrusted operating system users on the machine.
The PostgreSQL service probably has a different name. Try
systemctl status | grep postgres

How to open port 80 for a node.js application without deploy.sh file on gcloud?

I have a node application which runs fine if I manually putty into the gcloud computeVM and run it.
Here are the complications (all realted to unix) :
1.) I have a domain name. So I added the dns zone record to point to the above VM.
2.) For the compute VM to respond, there should be process listening on 80
3.) If we follow the https://cloud.google.com/nodejs/getting-started/run-on-compute-engine#download_app , it specifies to run the app on 8080.
4.) For ports < 1024, it requires root privileges to open up ports.
5.) So from npm start, I changed the start up script to use "sudo npm start"
6.) Then it gave the following error : my-app-instance supervisord: nodeapp sudo: no tty present and no askpass program specified
7.) If I have to "sudo visudo" everytime and add the "username ALL = NOPASSWD:" everytime I restart the instance after deployment , its something which I would least prefer.
I have included the relevant portion of the stratup-script for more info :
# Install app dependencies
cd /myrepo/opt/app/servers
sudo npm install
# Create a nodeapp user. The application will run as this user.
useradd -m -d /home/nodeapp nodeapp
chown -R nodeapp:nodeapp /myrepo/opt/app/servers
# Configure supervisor to run the node app.
cat >/etc/supervisor/conf.d/node-app.conf << EOF
[program:nodeapp]
directory=/myrepo/opt/app/servers
command=sudo npm start
autostart=true
autorestart=true
user=nodeapp
environment=HOME="/home/nodeapp",USER="nodeapp",NODE_ENV="production"
stdout_logfile=syslog
stderr_logfile=syslog
EOF
A.) My requirement is simple : My google domain points to the above compute VM now. whenever the user types www.domainname.com, it should take him to the website without any port numbers in the url. How to open port 80 with a simple modification of start-up script(preferred) ?
B.) And also if I have to go with deploy.sh specified in the tutorial, will it get executed automatically ? Or if I have to execute it automatically , whats the procedure.
Note : I am not unix expert. Any help would be appreciated.
Look into using a reverse proxy. This allows you to run your app without root privileges on a port like 8080, and have a privileged HTTP server (like Apache or Nginx) running on port 80 and proxying traffic to your app. This is common practice, and much more secure than running your app with root privileges.

Grant sudo permissions for nrpe to run the check as root

When I run service httpd status like root user I get httpd (pid 2932) is running... which is like expected.
Now, when I su nrpe and run the same cmd service httpd status I get httpd dead but subsys locked.
I'm kind of new to the Linux world but to me this smells like nrpe doesn't have the permissions to run this cmd so it gives mentioned output.
How can I grant sudo permissions to nrpe so it can run chis cmd as root?
I have a nagios plugin that checks httpd status and it gives httpd dead but subsys locked which is not what I need.
Thanks
You should be able to edit your sudo file by typing visudo as the root user.
To allow your nrpe user to run service without needing a password you first need to comment out the following lines if they exist:
#Defaults targetpw
#ALL ALL=(ALL) ALL
Then add the following line:
nrpe ALL=NOPASSWD: /usr/sbin/service
Now the nrpe user should be able to run "sudo service httpd status" without it asking for a password.
You should note though that this will give the nrpe user control to every service. If you're using Apache, you might want to try something like this instead:
nrpe ALL=NOPASSWD: /usr/sbin/apache2ctl

Proftpd directory listing error on Docker container

I have been using proftpd on Ubuntu inside a Docker container. It logs in successfully but failed to get directory listing.
Here is the screenshot of Filezilla
And screenshot of Proftpd log file
Any help?
The problem is the proftpd advertises the internal ip address 172.... so the client cannot connect to it.
You can solve this by setting (in the proftpd.conf)
MasqueradeAddress externalIP
or by running the conatiner using:
docker run --net=host .....
This option uses the host ip network so the passive mode will work fine.
make sure to expose configured passive ports (e.g. PassivePorts 60000 65534) on the running container to allow incoming connections
Looks like the ftpd is having permissions problem changing the running user of some sort.
Try setting the ftpd to run as the user you are logging in with using dockers USER userftp (https://docs.docker.com/reference/builder/#user) in your Dockerfile.
Remember that you can make it listen on a port > 1024 and use -p 21:2121 when starting the container to make it run on port 21 out to the world.
It would be helpful if you posted the Dockerfile and configuration you are using so we can test out this ourself.

apache2 cannot be restarted :Action 'start' failed

I have a linux server that contains many websites under vhosts, once I deleted an alt site the apache2 coud not be restarted indecating this message in the error log:
#eror log
(2)No such file or directory: apache2: could not open error log file /var/www/vhosts/deleted_Site/logs/error.log.
Unable to open logs
How can I stop that so I can start my apache2
You should modify your apache configuration, for instance in conf.d/, all configuration related to your old website, especially for error logs (look for access logs and errors logs directives specification, somewhere in your conf files, apache2.conf, httpd.conf, sites-enabled, mods or what/wherever it is).
To resolve this error, you need to stop other process using same port. In some of cases it is nginx. you can stop it
sudo /etc/init.d/nginx stop
Turn off any servers using the same port. For example to turn off nginx try this:
sudo systemctl stop nginx

Resources