c10ad0d9eb
Drop privileges to a regular user when running commands defined by this snap. In most cases this is done prior to executing the command. NGINX is an exception in that the command will be run as root, allowing the the master process to bind to ports. The nginx.conf template is configured to then drop privileges for worker processes, which do all work, such as handling network connections, r/w to disk, and communication with servers. Change-Id: If9bf24fc65412b90b8b1890944a469de23888c32
40 lines
815 B
Django/Jinja
40 lines
815 B
Django/Jinja
user snap-keystone snap-keystone;
|
|
worker_processes auto;
|
|
pid {{ snap_common }}/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
|
|
http {
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include {{ snap_common }}/etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
access_log {{ snap_common }}/log/nginx-access.log;
|
|
error_log {{ snap_common }}/log/nginx-error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
|
|
include {{ snap_common }}/etc/nginx/conf.d/*.conf;
|
|
include {{ snap_common }}/etc/nginx/sites-enabled/*;
|
|
}
|