Home > Others

Normal user starts Nginx and listens on port 80

Source: Internet
Author: User
Tags iptables
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Transferred from: http://www.codexiu.cn/nginx/blog/26217/



It is well known that Linux 0-1024 ports are not allowed to be occupied by non-root users.

However, in Linux, because of security issues, the root user is forbidden to log on to the server, and does not give ordinary users sudo permissions

In this case, Nginx can be enabled with a normal user, but also occupy 80 port

First use the ordinary user to edit the installation Nginx

I currently have three solutions:

Plan One SetUID

chmod U+s/usr/local/nginx/sbin/nginx

is actually giving this nignx binary file that can run like under root

The advantage is that convenience is simple, the disadvantage is that since sudo permissions are not given. This set UID is also the last to let Nginx run under the root authority. Ps-ef |grep nginx View, nginx main process is running under the root. Although it is possible for ordinary users to run Nginx services, not all nginx processes run under the user itself

Scenario Two: Port forwarding

Since 0-1024 of the ports cannot be occupied by non-root users, we can modify the listening port to more than 1024 ports, and then use iptables for port forwarding, 80-port packet forwarding to more than 1024 of our custom port

First turn on the forwarding function

Sysctl-w net.ipv4.ip_forward=1

Iptables-f-T Nat #清空nat表

Iptables-t nat-a prerouting-p tcp--dport 80-j DNAT--to:8088 #nat表PREROUTING Insert a forwarding rule in a chain

Advantages: Can be launched directly with third-party users, Nginx main process is the user itself to start. Disadvantages, additional overhead, low load conditions can be, high load is not good

Programme III:

Nginx kernel After more than 2.1 version of the ability to say,

We can give/usr/local/nginx/sbin/nginx permission to listen on port 80,

Setcap Cap_net_bind_service =+ep/usr/local/nginx/sbin/nginx

This allows you to enable nginx directly with the ordinary user. And in the case of high load, it can reduce the load cost due to the port forwarding part.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
http proxy port 80 iptables allow port 80 iptables port 80 telnet 80 port telnet port 80 commands telnet port 80 get linux open port 80

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More