Looks good to me.
I'd like to request more files:
- /etc/systemd/system/nginx.service.d/override.conf
- /usr/lib/systemd/system/nginx.service
- /etc/nginx/nginx.conf
Thanks.
On Tue, Jun 08, 2021 at 06:02:29PM -0400, hgv wrote:
> Yes, certainly.
>
> drwxr-xr-x root root /etc
> drwxr-xr-x root root /etc/ssl
> drwxr-x--- root ssl-cert /etc/ssl/private
>
>
> Sergey A. Osokin Wrote:
> -------------------------------------------------------
> > Hi,
> >
> > Could you check and show permissions on /etc/ssl/private, /etc/ssl,
> > and /etc directories.
> >
> > Thanks.
> >
> > --
> > Sergey
> >
> > On Tue, Jun 08, 2021 at 03:57:59PM -0400, hgv wrote:
> > > Hi Sergey,
> > >
> > > Adding www-data user to ssl-cert group doesn't help.
> > >
> > > root@k2# usermod -a -G ssl-cert www-data
> > >
> > > root@k2# getent group ssl-cert
> > > ssl-cert:x:112:postgres,www-data
> > >
> > >
> > > Sergey A. Osokin Wrote:
> > > -------------------------------------------------------
> > > > Hi there,
> > > >
> > > > hope you're doing well.
> > > >
> > > > On Tue, Jun 08, 2021 at 11:46:32AM -0700, Palvelin Postmaster
> > wrote:
> > > > > I wonder what can cause these weird error log entries? The log
> > > > entries indicate a PID which doesn’t exist. Does nginx launch some
> > > > temporary process when it starts?
> > > > >
> > > > > Nginx 1.21.0 on Ubuntu 20.04.
> > > > >
> > > > > root@k2:~# systemctl restart nginx
> > > > >
> > > > > root@k2:~# tail /var/log/nginx/error.log
> > > > > 2021/06/08 21:25:32 [warn] 1287733#1287733: the "user" directive
> > > > makes sense only if the master process runs with super-user
> > > > privileges, ignored in /etc/nginx/nginx.conf:21
> > > > > 2021/06/08 21:25:32 [emerg] 1287733#1287733: cannot load
> > certificate
> > > > key "/etc/ssl/private/nginx-selfsigned.key": BIO_new_file() failed
> > > > (SSL: error:0200100D:system library:fopen:Permission
> > > > denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r')
> > > > error:2006D002:BIO routines:BIO_new_file:system lib)
> > > >
> > > > Seems like an attempt to start nginx without root privileges.
> > > >
> > > > > root@k2:~# ls -lh /etc/ssl/private/ |grep selfsigned
> > > > > -rw-r----- 1 root ssl-cert 1.7K Jul 8 17:12
> > nginx-selfsigned.key
> > > > >
> > > > > root@k2:~# cat /etc/nginx/nginx.conf |grep ^user
> > > > > user www-data;
> > > > >
> > > > > root@k2:~# ps -auxw |grep nginx
> > > > > root 1287600 0.0 0.0 56148 6504 ? Ss 21:25
> > 0:00
> > > > nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
> > > > > www-data 1287601 0.7 0.1 58544 15652 ? S 21:25
> > 0:05
> > > > nginx: worker process
> > > > > www-data 1287602 0.0 0.1 57556 13696 ? S 21:25
> > 0:00
> > > > nginx: worker process
> > > > > www-data 1287603 0.0 0.1 56392 9184 ? S 21:25
> > 0:00
> > > > nginx: cache manager process
> > > >
> > > > Could you check `www-data' user permission, and add, if necessary,
> > to
> > > > the `ssl-cert' group.
> > > >
> > > > --
> > > > Sergey Osokin
> > > > _______________________________________________
> > > > nginx mailing list
> > > > nginx@nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx
> > >
> > > Posted at Nginx Forum:
> > https://forum.nginx.org/read.php?2,291799,291801#msg-291801
> > >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,291799,291803#msg-291803
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
