I want Install a Script, company Owner of this script told in my NGINX
disable_symlinks if_not_owner from=$document_root;
is enabled,
How i should Disable it? cause i opened /etc/nginx/nginx.conf and i not Found it,
In which file i can found it?
Related
The below is my nginx configuration file located in /etc/nginx/nginx.conf
user Foo;
worker_processes 1;
error_log /home/Foo/log/nginx/error.log;
pid /home/Foo/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
access_log /home/Foo/log/nginx/access.log;
server {
listen 80;
location = / {
proxy_pass http://192.168.0.16:9999;
}
}
}
As you can see I change log, pid files location into home directory.
When I re-start Linux it seems to work, Nginx records error logs in the file I set and pid file also.
However, when it tries nginx -s reload or the other, It tries to open other error log file.
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2015/12/14 11:23:54 [warn] 3356#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2015/12/14 11:23:54 [emerg] 3356#0: open() "/home/Foo/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed
I know, I can solve permission error with sudo but the main issue in here is a error log file(/var/log/nginx/error.log) Nginx tries to open.
Why does it try to access another error log file?
This is old... but I went through the same pain and here is my solution.
As you can see the log is an alert, not a blocking error:
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
It shouldn't be a problem :) Nginx just likes to check that file on startup...
Just use -p option. Something like this to launch Nginx locally works for me:
nginx -c /etc/nginx/nginx.conf -g 'daemon off;' -p /home/Foo/log/nginx
You might need to fire it with sudo
sudo nginx -t
The alert comes from the nginx initialization procedure, when it checks that it can write to the error log path that has been compiled in with the --error-log-path configure flag. This happens before nginx even looks at your configuration file, so it doesn't matter what you write in it.
Recently (2020-11-19), an -e option was added to nginx, allowing you to override the error log path that has been compiled in. You can use that option to point nginx to a user-writeable file (or maybe stderr).
See https://trac.nginx.org/nginx/changeset/f18db38a9826a9239feea43c95515bac4e343c59/nginx
Yes, Nginx just likes to check that file on startup. I copy the nginx installed directory to another place, I start it, and the pid of the new Nginx still in old place. So I suggest you to delete old directory.
You will get this alert because your user doesn't have permission to modify the log file. I just assign the permission to the Nginx log file and it worked as expected.
just use this command.
sudo chmod 766 /var/log/nginx/error.log
This simple answer is to use sudo.
So when I used sudo nginx -t
Everything turned out fine.
BTW, this had error precipitated for me when I was increasing the file upload limits in PHP.INI on Ubuntu 18.04, and I had restarted my PHP and my NGINX and thats when I tested:
2020/10/19 20:27:43 [warn] 1317#1317: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2020/10/19 20:27:43 [emerg] 1317#1317: BIO_new_file("/etc/letsencrypt/live/websitename.com/fullchain.pem") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/websitename.com/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Check the permissions on the directory /home/Foo/log/nginx/. It must be writable by nginx. Set permissions like so:
sudo chmod 766 /home/Foo/log/nginx
Alternatively reload nginx with sudo
sudo nginx -s reload
I know the risks about running php-fpm as root.
However there are situations where one would need to do it, like appliances,
accessing operating system resources or even for testing purposes.
I have tried to change the user and group of php-fpm.d/www.conf to root
when I restart the php-fpm process it raise an error:
Starting php-fpm: [26-Jun-2014 00:39:07] ERROR: [pool www] please specify user and group other than root
[26-Jun-2014 00:39:07] ERROR: FPM initialization failed
[FAILED]
What should I do. Anyone help?
See:
# php-fpm --help
...
-R, --allow-to-run-as-root
Allow pool to run as root (disabled by default)
Just adding -R (like this ans. suggests) to your command may not work. It depends how your running the command to start php-fpm.
If you're using service php-fpm restart and it's using /etc/init.d instead of systemctl (see here), then you'll have to add -R to the DAEMON_ARGS variable located in the /etc/php/<phpversion>/fpm/php-fpm.conf script. (This variable is used in the do_start() function. See here).
If it's using systemctl then you'll have to edit the script used by systemctl which should be located in /lib/systemd/system/<phpversion>-fpm.service. Append -R to the ExcecStart variable. Then run systemctl daemon-reload and systemctl start php<version>-fpm (See here)
I used the following questions/answers/resources to help me compile this solution.
https://serverfault.com/a/189961
https://serverfault.com/q/788669
https://stackoverflow.com/a/52919706/9530790
https://serverfault.com/a/867334
https://www.geeksforgeeks.org/what-is-init-d-in-linux-service-management/
These 3 steps will fix the error.
Locate php-fpm.service. For me it's /usr/lib/systemd/system/php-fpm.service. If you're not sure where it is, type find / -name php-fpm.service.
Append -R to the ExecStart variable. Eg ExecStart=/usr/sbin/php-fpm --nodaemonize -R.
Restart php-fpm. If systemctl restart php-fpm throws an error, run systemctl daemon-reload.
To anyone else wondering how to make php run as root, you also need to modify /etc/php-fpm.d/www.conf or modify a copy of it. Both user and group need to be changed to root. If you've made a copy of www.conf, you'll also need to modify this line listen = /run/php-fpm/www.sock.
By default, php-fpm is shipped with a "www.conf" that contains, among others, the default www-data user configuration:
[www]
user = www-data
group = www-data
So, you need to create another file, loaded after www.conf, that will overwrite that default config. For example, create a file docker.conf in the same path as your php-fpm's Dockerfile and containing the following:
[www]
user = root
group = root
Then, in your Dockerfile, inject that file in your container with a name that will be loaded after the default www.conf:
COPY ./docker.conf /usr/local/etc/php-fpm.d/zzz-docker.conf
Update 2018
Running it within a container is a possible valid reason to run php-fpm as root. It can be done by passing the -R command line argument to it
Original answer:
However there are situations where one would need to do it, like appliances, accessing operating system resources
You never need to do it. That's it. If you are managing system resources, grant permissions for the php-fpm user to that resources rather than running the whole process as root. If your question would be more specific I could show how to do that in a certain situation.
Im trying to use a script ,thats started by apache through the server, to change the ifcfg-eth0 file in network-scripts.
I have SELinux disabled so thats not the issue. Also I changed the whole /etc/ group and user to apache, yet it still did not work.
The script does work if I put the file in /var/www/cgi-bin.
I also get a permission denied error in the apache log file.
I can't bring myself to help you make Apache write to files in /etc/sysconfig/network-scripts/. But there is another option: create a symlink from /etc/sysconfig/network-scripts/ifcfg-eth0 to a file that Apache can write to, for example:
mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
ln -s /var/www/cgi-bin/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0
This way, your (ahem, dangerous) CGI script can rewrite the file in /var/www/cgi-bin, and the system can get the network settings from it.
I have set up ubuntu server on an old pc with webmin as well. I am not sure what was going on but i restarted the server and when it boots it now get this when Apache tries to start.
* Starting web server apache2
apache2: Syntax error on line 237 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/sites-enabled/000-default: No such file or directory
Action 'start' failed.
The Apache error log may have more information.
I have checked this file on this line and it looks like this:
# Include the virtual host configurations:
Include sites-enabled/
I have removed Apache and re installed it but not sure why it still fails.
As also answered by Qben, the issue was an invalid symlink in the sites-enabled folder. Removing the broken symlink and adding a valid one will fix the issue.
You do not have a default site enabled:
/etc/apache2/sites-enabled/000-default: No such file or directory
site-enabled should contain symlinks to files in site-available and I guess your 000-default symlink does not link to a real file in site-available.
I guess this Ubuntu guide might be of interest for you.
One of the reason may be that you might have some site that is not enabled.To check that
Go to /etc/apache2/sites-enabled
Out of many/some [sitename].conf files , one/some may be crossed
Delete those found crossed
Restart apache server
sudo service apache2 restart.
Hope this has helped you , but may be some other reason too. Thank you.
I tried to install and setup a svn server using apache2,
I followed instructions on internet but while i tried to restart apache2 it shows the following error:
apache2: Syntax error on line 204 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/authz_svn.load: Cannot load /usr/lib/apache2/modules/mod_authz_svn.so into server: libsvn_repos-1.so.0: cannot open shared object file: No such file or directory
Action 'configtest' failed.
i checked the path but the file do exist,im not sure what is happening.
need some help thanks~
Based on your pathes, it looks like you are playing debian or ubuntu config. if I remember well, this module *mod_authz_svn.so* is available with libapache2-svn, so you need first to apt-get this module as root, and then to enable it (being in the directory /etc/apache2, *a2enmod my_module*) and reload your apache config (or restart apache).
The other way around is to load the module as a DSO. Then it's a different process.