I'm working on a project for deploying pentest lab with terraform & ansible. All is working good except that last problem.
In my lab I have a nginx server running on a Windows server. Nginx with php works when I start them as Administrator with ansible but i need them to run with a non admin local account.
For the php i've made a wrapper using this tools : https://github.com/antonioCoco/RunasCs
But it doesn't work with nginx cause of a working directory problem :
Here is the error :
PS C:\Users\Administrator> .\RunAsCs.exe nginx ***** C:\Web\nginx-1.19.6\nginx.exe
[*] Warning: GetUserProfileDirectory failed with error code: 2
[*] Warning: Unable to obtain environment for user 'nginx'.
[*] Warning: Environment of created process might be incorrect.
nginx: [alert] could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
2021/03/06 10:18:33 [emerg] 5556#6124: CreateFile() "C:\Windows\system32/conf/nginx.conf" failed (3: The system cannot find the path specified)
And that's normal because as you can see my wrapper start in Windows/System32
I would like to know if there is a solution either with nginx.conf or with ansible to start this exe as the "nginx" user.
This is a working code for starting nginx as Administrator
- name: Starting web server
win_shell: .\nginx.exe
args:
chdir: C:\Web\nginx-1.19.6
async: 180
poll: 0
I know that there is a psexec module in ansible but psexec will work only for Local Admin account and the goal of that is that my nginx don't run as Local Admin.
Thanks for the help !
Related
I've moved my .NET Core WebAPI to an AWS EB Instance. This works fine, however my file upload has now broken due to the Nginx 'client_max_body_size' configuration.
I've looked up how to override this, however I cannot get this to work. Here is my current set-up:
Within this file I have added:
client_max_body_size 0;
This file has no hidden characters (Notepad++ with show all chars on):
When my EB environment is updated I get the following eb-engine log:
2022/05/17 07:15:57.025994 [ERROR] An error occurred during execution of command [app-deploy] - [FlipProxyForDotNetCore]. Stop running the command. Error: copy proxy conf from staging failed with error validate nginx configuration failed with error Command /bin/sh -c /usr/sbin/nginx -t -c /var/proxy/staging/nginx/nginx.conf failed with error exit status 1. Stderr:nginx: [emerg] unknown directive "client_max_body_size" in /var/proxy/staging/nginx/conf.d/myConf.conf:1
nginx: configuration file /var/proxy/staging/nginx/nginx.conf test failed
My EB instance is running Amazon Linux 2/2.3.1.
What am I doing wrong?
The error msg
"client_max_body_size"
indicates that you have some non-ASCII characters () in your myConf.conf. Please open the file in a regular text editor and verify that it has only ASCII characters.
I upload a dag file to the web page and when I click 'Graph View' -> ${my_dag} -> 'View Log', it shows:
*** Log file isn't local.
*** Fetching here: http://:8793/log/demo_dag/hello_task/2018-11-14T15:06:00
*** Failed to fetch log file from worker.
*** Reading remote logs...
*** Unsupported remote log location.
I have checked the airflow.cfg and find these config info:
worker_log_server_port = 8793
base_log_folder = /root/airflow/logs
My question is:
How to setup IP address for log service (Only port is setup)?
I have setup directory for log service, why does it still go to /log/.. ?
Any help is appreciated.
This can happen when the task status was manually changed (likely through the "Mark Success" option) and the task never receives a hostname value on the record.
The webserver is attempting to reach out to a server, with no name, to get logs for a task that never ran.
PS: Be careful running processes as the root user.
I've been getting this error, fix it by correcting the socket volume path:
WARNING - OSError while attempting to symlink the latest log directory
In windows the volume will go with a double bar like this:
volumes:
- //var/run/docker.sock:/var/run/docker.sock
Bind to docker socket on Windows
Setting up Airflow to run with Docker Swarm’s orchestration
I've a error when I run docker-compose up nginx with my host path :
ERROR: for nginx Cannot start service nginx: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/d/Sites/lfdwveille/app/config/docker/nginx.conf\\" to rootfs \\"/mnt/sda1/var/lib/docker/aufs/mnt/fce42187ef3ff6bcc0d5acf53a77d2218348a432063e2d5fe00b8ac945578f63\\" at \\"/mnt/sda1/var/lib/docker/aufs/mnt/fce42187ef3ff6bcc0d5acf53a77d2218348a432063e2d5fe00b8ac945578f63/etc/nginx/nginx.conf\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
[31mERROR[0m: Encountered errors while bringing up the project.
The folder url is correct :( I don't know why nginx don't want mount folder and I've no problem with PHP and MySQL.
My setup :
Windows
docker-compose v1.9.0
docker 1.12
Error log :
container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/d/Sites/lfdwveille/app/config/docker/nginx.conf\\" to rootfs \\"/mnt/sda1/var/lib/docker/aufs/mnt/fce42187ef3ff6bcc0d5acf53a77d2218348a432063e2d5fe00b8ac945578f63\\" at \\"/mnt/sda1/var/lib/docker/aufs/mnt/fce42187ef3ff6bcc0d5acf53a77d2218348a432063e2d5fe00b8ac945578f63/etc/nginx/nginx.conf\\" caused \\"not a directory\\"\""
Anyone have idea ?
Thank you !
If you are using Docker Machine on Windows, docker has limited access to your Windows filesystem. By default Docker Machine tries to auto-share your C:\Users (Windows) directory.
Docker compose - share volume Nginx
I have OSX El Capitan. I installed Nginx-Full via homebrew. I am supposed to be able to start and stop services with
brew services Nginx-Full Start
I run that command and it seems to start no problem. I check the running services with
brew services list
That indicates that the Nginx-Full services is running. When i run
htop
to look at everything that is running Nginx does not show up and the server is not handling requests.
nginx is failing to launch because of an error, but brew-services is not communicating that to you.
Running it with sudo, as other users have suggested, is just masking the problem. If you just run nginx directly, you may see that there is actually a configuration or permissions issue that is causing nginx to abort. In my case, it was because it couldn't write to the error log:
nginx: [alert] could not open error log file: open() "/usr/local/var/log/nginx/error.log" failed (13: Permission denied)
2020/04/02 13:11:53 [warn] 19989#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /usr/local/etc/nginx/nginx.conf:2
2020/04/02 13:11:53 [emerg] 19989#0: open() "/usr/local/var/log/nginx/error.log" failed (13: Permission denied)
The last error is causing nginx to fail to launch. You can make yourself the owner of the logs with:
sudo chown -R $(whoami) /usr/local/var/log/nginx/
This should cause subsequent config errors to be written to the error log, even if homebrew services is not reporting them in stderr/stdout for now.
I've opened an issue about this: https://github.com/Homebrew/homebrew-services/issues/215
The log path may not the same for everyone. You can check the path to log file by checking the config file /usr/local/etc/nginx/nginx.conf. You can find a line like:
error_log /Users/myusername/somepath/nginx.log;. Change the chown command above accordingly. If even this didn't solve the problem, you may have to do the same for any other log files specified in the server blocks in your nginx configuration
Try launching it with "sudo", even if the formula say
The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.
sudo brew services Nginx-Full start
this worked for me:
sudo brew services start nginx
Running sudo nginx worked for me, it initially gave some error stating certain file in certain directory is missing, creating that file, and then another file is asked for to be created and then it runs properly.
I had similar problem, running it brew services start nginx used to show nginx running.
but brew services list used to show error.
running with sudo nginx solved my issue
I try use HHVM with nginx in server CentOS 6.5 64bits but it's not working
hhvm --mode server -vServer.Type=fastcgi -vServer.Port=9000 -user nginx
Quote from HHVM's log:
Failed to initialize central HHBC repository: Failed to open /var/log/hhvm/.hhvm.hhbc: 14 - unable to open database file
Failed to open /var/www/.hhvm.hhbc: 14 - unable to open database file
Does someone know what to do in this situation ?
Two things here :
You're mentionning /var/log/hhvm/.hhvm.hhbc and /var/www/hhvm/.hhvm.hhbc .. is this a typo ? Can you give us the content of your server.hdf and config.hdf files ?
The folder /var/log/hhvm must be writeable by the account being used to run the webserver (ie nginx)
(On a side note, I guess it's --userand not -user)