Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9099f3063628
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fd7ac7e607b0
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Apr 11, 2020

  1. release notes: Explain how to run nginx master as root. Fixes #84391 

    (cherry picked from commit ba50a7a)
    @nh2
    nh2 committed Apr 11, 2020

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    0e79744 View commit details

  2. Merge pull request #84963 from nh2/issue-84391-nginx-as-root-changelo… 

    …g-20.03

[20.03] release notes: Explain how to run nginx master as root
    @nh2
    nh2 authored Apr 11, 2020

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    fd7ac7e View commit details
Showing with 9 additions and 1 deletion.
  1. +9 −1 nixos/doc/manual/release-notes/rl-2003.xml
10 changes: 9 additions & 1 deletion nixos/doc/manual/release-notes/rl-2003.xml
View file
Original file line number Diff line number Diff line change
@@ -1059,14 +1059,22 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<listitem>
<para>
The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user.
privileged, then ran worker processes as a less privileged identity user
(the <literal>nginx</literal> user).
This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that
are needed for nginx to run (included configuration fragments, SSL
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
<para>
To continue to use the old approach, you can configure:
<programlisting>
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
</programlisting>
</para>
</listitem>
<listitem>
<para>