Running Nginx as non root user

Add/Change the following in your /etc/nginx/nginx.conf:

user nginx;

You should create the user and grant permissions on the webroot directories recursively.

This way only master process runs as root. Because: Only root processes can listen to ports below 1024. A webserver typically runs at port 80 and/or 443. That means it needs to be started as root.

To run master process as non root user:

Change the ownership of the following:

• error_log
• access_log
• pid
• client_body_temp_path
• fastcgi_temp_path
• proxy_temp_path
• scgi_temp_path
• uwsgi_temp_path

Change the listen directives to ports above 1024, log in as desired user and run nginx by nginx -c /path/to/nginx.conf

Just in case it helps, for testing/debugging purpose, I sometimes run an nginx instance as a non privileged user on my Debian (stretch) laptop.

I use a minimal config file like this:

worker_processes 1;error_log stderr;daemon off;pid nginx.pid;events {  worker_connections  1024;}http {  include             /etc/nginx/mime.types;  default_type        application/octet-stream;  sendfile on;  keepalive_timeout   65;  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   ssl_prefer_server_ciphers on;  access_log access.log;  server {    listen            8080;    server_name       localhost;    location / {      include /etc/nginx/uwsgi_params;      uwsgi_pass localhost:8081;    }  }}

and I start the process with:

/usr/sbin/nginx -c nginx.conf -p $PWD

Just in case it helps someone stumbling over this question in 2020, here is my minimal nginx.conf for running a web server on port 8088, works for a non-root user. No modding of file permissions necessary! (Tested on Centos 7.4 with nginx 1.16.1)

    error_log /tmp/error.log;    pid       /tmp/nginx.pid;        events {      # No special events for this simple setup    }    http {      server {        listen       8088;        server_name  localhost;            # Set a number of log, temp and cache file options that will otherwise        # default to restricted locations accessible only to root.        access_log /tmp/nginx_host.access.log;        client_body_temp_path /tmp/client_body;        fastcgi_temp_path /tmp/fastcgi_temp;        proxy_temp_path /tmp/proxy_temp;        scgi_temp_path /tmp/scgi_temp;        uwsgi_temp_path /tmp/uwsgi_temp;            # Serve local files        location / {          root /home/<your_user>/web;          index  index.html index.htm;          try_files $uri $uri/ /index.html;        }      }    }