Transferred from: http://www.codexiu.cn/nginx/blog/26217/
It is well known that Linux 0-1024 ports are not allowed to be occupied by non-root users.
However, in Linux, because of security issues, the root user is forbidden to log on to the server, and does not give ordinary users sudo permissions
In this case, Nginx can be enabled with a normal user, but also occupy 80 port
First use the ordinary user to edit the installation Nginx
I currently have three solutions:
Plan One SetUID
chmod U+s/usr/local/nginx/sbin/nginx
is actually giving this nignx binary file that can run like under root
The advantage is that convenience is simple, the disadvantage is that since sudo permissions are not given. This set UID is also the last to let Nginx run under the root authority. Ps-ef |grep nginx View, nginx main process is running under the root. Although it is possible for ordinary users to run Nginx services, not all nginx processes run under the user itself
Scenario Two: Port forwarding
Since 0-1024 of the ports cannot be occupied by non-root users, we can modify the listening port to more than 1024 ports, and then use iptables for port forwarding, 80-port packet forwarding to more than 1024 of our custom port
First turn on the forwarding function
Sysctl-w net.ipv4.ip_forward=1
Iptables-f-T Nat #清空nat表
Iptables-t nat-a prerouting-p tcp--dport 80-j DNAT--to:8088 #nat表PREROUTING Insert a forwarding rule in a chain
Advantages: Can be launched directly with third-party users, Nginx main process is the user itself to start. Disadvantages, additional overhead, low load conditions can be, high load is not good
Programme III:
Nginx kernel After more than 2.1 version of the ability to say,
We can give/usr/local/nginx/sbin/nginx permission to listen on port 80,
Setcap Cap_net_bind_service =+ep/usr/local/nginx/sbin/nginx
This allows you to enable nginx directly with the ordinary user. And in the case of high load, it can reduce the load cost due to the port forwarding part.