Changing the nginx user when provisioning a Vagrant box with PuPHPet - nginx

I'm using Vagrant in order to produce a reusable development server and I'm using Puppet to provision it with a configuration generated with PuPHPet. It's a basic LEMP stack.
Everything is working fine however the nginx user is running as www-data and the synced folders are owned by the vagrant user. Because of this nginx can't write data to the /var/www directory which is causing my Laravel application to throw an exception.
I can manually change the ownership using chown however I'd like to just run nginx as the vagrant user and have that change in my configuration file.
What changes to the Puppet configuration do I need to make to make that happen?

PuPHPet is using the puppetlabs-nginx module which has an nginx::params class in it which in it's turn defines certain nginx config variables including $nx_daemon_user. That said it looks like in your PuPHPet generated manifest you'd want to replace
include nginx::params
with
class {'nginx::params':
nx_daemon_user => 'vagrant',
}

Related

Nginx - Custom configuration files location

I use Nginx with many domains. Some of these domains have custom configurations. I'm including these files inside the server blocks in the Nginx configurations.
For example:
server {
... some configurations things here...
include /var/somewhere/custom.conf;
etc.. etc..
}
The configuration files of Nginx are inside: /etc/nginx
To try and keep everything in one place and not have my custom configuration files all over the place I would like to place my custom configuration files inside /etc/nginx/some_directory
Can I create a sub directory inside /etc/nginx without it causing any issues with Nginx itself? I want to create /etc/nginx/some_directory/ and place my many custom configuration files inside it and include them.
I'm specifically asking this question because I don't want to break something on my production server.
If nginx doesn't know about a directory, it'll not touch it. You can verify that by greping against such pattern in nginx's codebase.
However, messing with a foreign folder structure might cause problems with permissions and ownership of the files, therefore either just use a pre-defined folders nginx prepared for you (/etc/nginx/sites-enabled and /etc/nginx/sites-available) which you can use with symlinks such as nginx itself does
# ls /etc/nginx/sites-enabled
default -> /etc/nginx/sites-available/default
# ls /etc/nginx/sites-available
default
otherwise you're getting into a situation what C/C++ programmers call an undefined behavior and there's no guarantee that what works now will work in the future / nginx doesn't change as well as the distro maintainers might mess with the folder structure and permissions for the packages in distro package manager.
Example:
Nginx might verify the full /etc/nginx tree's permissions and owners - if your folders/files don't match it might cause a warning or crash even. If it's installed by a package manager, it might cause issues when removing the package itself e.g. if the package manager attempts to remove only a known list of folders + afterwards the parent i.e. /etc/nginx by rmdir or similar. Situations you don't really want to get into and debug when you can use allowed folders or symlinks or your own folders that are not bound to an application or behavior except the one you define.

Configuring Web Server in Google Cloud Compute Engine

I have a dash application in a compute engine instance that I'm looking to view in my browser. HTTP and HTTPS traffic is enabled and the instance has a static IP address. The apache server works and when I first ran an application, the default index page located at /var/www/html showed up at the browser address http://EXTENAL_IP_OF_VM_INSTANCE
From what I've seen elsewhere, web application files tend to be stored in the /var/www directory and the index.html file is present as the default page. However I have a single app.py file that I want to run which is located in the /home/user directory, so not in any particular web directory.
I run the app by entering python3 app.py and it does run:
Running on http://127.0.0.1:8050/ (Press CTRL+C to quit)
However, going to the instance's external IP address (34.89.0.xx) in my browser doesn't show the app, instead it shows text from an old 'hello world' application I made previously, that I thought I had deleted but is still showing up.
Part of the server configuration file apache2.conf is below:
The sites-available folder contains two files, 000-default.conf and default-ssl.conf, both with /var/www/html as the DocumentRoot. 000-default.conf is also in the sites-available folder, and is the only file there.
I tried changing the DocumentRoot in these files to /home/user where the app.py file is which didn't work, then I tried moving the file to the web directory /var/www which didn't work either.
Does anyone have any suggestions on how to fix this so that I can see my application in the browser?

Nginx fails to create directories on Windows 10 with error: nginx: CreateFile()...failed

I need to find a way/setting to allow Nginx to run a .bat file that will create directories and files via a WINDOWS service; my OS is Windows 10.
Currently, our windows service fails to create directories and files with the following:
CreateFile()
"C:\someForlderName\build\distribution.\nginx/logs/error.log" failed
(3: The system cannot find the path specified)
Somehow Nginx doesn't have enough permissions to perform write-access operations like creating directories such as /logs/ and /temp/ within the /Nginx/ directory.
Anybody ran into this problem before?
I was facing the same problem, sharing the thing that worked for me.
Nginx is showing this error because... nginx didn't find the error.log file..
For that,
Go to you nginx folder where other folders like conf, docs, html etc are their as.
Create folder name logs, and in that folder create a file name error.logas.
see the right way in picture..
If your Nginx is at D:\nginx\nginx.exe, execute this to start nginx
D:\nginx\nginx.exe -c D:\nginx\conf\nginx.conf -p D:\nginx\
For Nginx on Windows, you need to execute nginx server related command from respective home directory where nginx configuration file is located.

Symfony2 "Assetic:dump -env-prod" Permission denied Exception

Before i executed an update (composer.phare update) with the root user, every thing works fine, but now when i tries to run "Assetic:dump -env-prod" i get a "Permission denied" error
[Assetic\Exception\FilterException]
An error occurred while running:
'' '-jar' '/home/symfony/www/app/Resources/java/yuicompressor.jar' '--ch
arset' 'UTF-8' '-o' '/tmp/YUI-OUT-vbRlyu' '--type' 'css' '/tmp/YUI-IN-OoRVH
Q'
Error Output:
sh: 1: : Permission denied
Input:
meta.foundation-version{ ...
I tried all the solutions in this post Fontawesome fonts fail after assets:install and assetic:dump
clear the cache, chown, chgrp and chmod nothing worked always the same problem
One way to deal with file permissions when you are running a web based application which requires either auto deployment or constant manual updates like using bin/console from symfony2, its to make sure that the files belongs to the user under which your application runs.
As you did not provide environment settings, I will be making a few assumptions and provide you with a generic setup scenario, hopefully this will help guide you to the the best solution for your specific case.
Environment Assumptions:
OS: linux flavor;
Web server: nginx will be running as www-data;
PHP: php-fpm will running as testapp and using a socket connection for this application;
Generic set-up steps:
In the /etc/nginx/nginx.conf file, make sure that the user/group are set to www-data;
In the /etc/php5/fpm/pool.d/apptest.conf file, make sure that the user & group are set to testapp;
TIP: The file above might need to be created, if that's the case you should just copy the content of the www.conf file located in the same folder.
In the /etc/php5/fpm/pool.d/apptest.conf file, make sure listen.owner & listen.group are set to www-data;
Make sure that you have a line like the one below in this file /etc/php5/fpm/pool.d/apptest.conf:
listen = /var/run/php5-fpm.apptest.sock.
NOTE: the fpm.apptest.sock portion of that line above, its the name of a file that does not exist yet but will be created when you restart php. The benefit is that you will have an isolated php process for this application;
a) In the case on nginx and if you are using socket connections, make sure to add this line in your apptest conf file:
unix:/var/run/php5-fpm.apptest.sock;
b) If you are using apache add this line in that conf file:
-socket /var/run/php5-fpm.apptest.sock;
If you are on a linux box, create user with no password and it should be called, apptest.
Note: apptest is the name of your application, it will also be the user under which php will be running and it should also be the application files/folders owner.
Restart php and nginx/apache.
Tip: to change to a user in linux which has no password, you should have root privileges and run:
sudo -u apptest -i.
After this, you should perform all your commands as the apptest user previously created, including running the symfony2 bin/console.
These are very generic steps, so if you need any clarification, let me know.
I do not recommend to use root for updating. In my opinion the way to go is to have /app/logs /app/cache writable for the server and the src and vendor folder only readable for the server.
So lets say your user and group is: coolman, than try this:
# everything is yours
chown coolman:coolman -R .
# all and group can access folders and read files, you as user can additionally write them
chmod ag=rX,u=rwX -R .
# full access to logs and cache for everyone (also the server)
chmod a+rwX -R app/logs app/cache
You make your composer update with your coolman user.
There is only one small problem, too. The logs might be www-data:www-data rw-r--r-- so you cannot delete them. So just add a line to your app.php and your app/console file:
\umask(0000);
I think this line is commented out as default. This says, that if no explicit rights are set within PHP, than every file which is created will get 0777 - mask = 0777 so you can delete logs and cache then.

How to place certain files in the root directory of the Grails server?

I am using a grails application as backend for a Flex frontend. To be able to easily develop and debug my applications I would need to place a crossdomain.xml file into the root of the server, i.e. it must be accessible via http://localhost:8080/crossdomain.xml. Similar use cases might be the deployment of a favicon.ico or a robots.txt, however this can be done in the production environment through a tomcat server with a default root web application.
In my case however I need to have the crossdomain.xml available after running grails run-app. I know that I can move the entire application to the root (http://ca.rroll.net/2009/03/27/configuring-the-grails-root-application-context/) however this is also not what I want, since the grails application should still reside below its default application context.
Does somebody know, how I can do this? Will I have to reconfigure the jetty servlet container of my grails installation somehow?
I think I found the answer. I haven't tried this yet, so YMMV.
In this article, Colin Harrington discusses making a crossdomain.xml file available at the root of the server by deploying an additional Jetty context.
His technique was first proposed in this blog entry, where the author also discusses using the Static Resources Plugin as another alternative
I figured out a way to solve this with Apache and mod_proxy. This allows both your Grails install and Grails project to remain pristine. No hacking at the Grails internals, no adding plug-ins you may not need in production.
1. Install Apache httpd 2.2
Do this however makes the most sense for your operating system. It is important that you install Apache 2.2. I did this on an Ubuntu system, so any specific commands and file locations will be for Ubuntu. Modify as necessary for your system.
After you've installed Apache, start httpd.
sudo /sbin/service httpd start
Test that it is installed correctly using a web browser.
2. Create a root directory
Pick a location on your disk where you will keep your static files. This will be the document root for httpd. I will be using /var/grails_root.
mkdir /var/grails_root
touch /var/grails_root/crossdomain.xml
3. Create a VirtualHost in httpd.conf
Open httpd.conf in your favorite text editor.
vim /etc/httpd/conf/httpd.conf
Pick your favorite port, and create a virtual host on that port. I will be using 9090, but any port will do.
Add these lines to httpd.conf
Listen 9090
<VirtualHost *:9090>
DocumentRoot "/var/grails_root"
<Directory "/var/grails_root">
Allow from all
</Directory>
</VirtualHost>
Restart httpd
sudo /sbin/service httpd restart
Test that you are now able to access the static files in your document root directory. If not, you will need to fix this before moving on to the next step.
4. Enable mod_proxy and mod_proxy_http
You need to load both of these modules. mod_proxy has the base functionality for proxying, and the mod_proxy_xxx modules have information specific to a protocol. They ship standard with httpd 2.2, so you shouldn't need to install anything extra.
Add these lines to httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Now modify the virtual host you set up in the previous step. (You can omit the comments)
<VirtualHost *:9090>
DocumentRoot "/var/grails_root"
<Directory "/var/grails_root">
Allow from all
</Directory>
# New lines start here
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /grailsApp http://your.grails.server:8080/grailsApp
# New lines end here
</VirtualHost>
Restart httpd
sudo /sbin/service httpd restart
Now, you should be able to access both your static files and your Grails app via port 9090.
This is all based on information found here: http://docs.codehaus.org/display/JETTY/Configuring+mod_proxy
Information for doing this with other versions of Apache is available on the same site.

Resources