Running Nginx as non root user
Add/Change the following in your /etc/nginx/nginx.conf
:
user nginx;
You should create the user and grant permissions on the webroot directories recursively.
This way only master process runs as root
. Because: Only root processes can listen to ports below 1024. A webserver typically runs at port 80 and/or 443. That means it needs to be started as root.
To run master process as non root user:
Change the ownership of the following:
- error_log
- access_log
- pid
- client_body_temp_path
- fastcgi_temp_path
- proxy_temp_path
- scgi_temp_path
- uwsgi_temp_path
Change the listen directives to ports above 1024, log in as desired user and run nginx by nginx -c /path/to/nginx.conf
Just in case it helps, for testing/debugging purpose, I sometimes run an nginx instance as a non privileged user on my Debian (stretch) laptop.
I use a minimal config file like this:
worker_processes 1;error_log stderr;daemon off;pid nginx.pid;events { worker_connections 1024;}http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; access_log access.log; server { listen 8080; server_name localhost; location / { include /etc/nginx/uwsgi_params; uwsgi_pass localhost:8081; } }}
and I start the process with:
/usr/sbin/nginx -c nginx.conf -p $PWD
Just in case it helps someone stumbling over this question in 2020, here is my minimal nginx.conf for running a web server on port 8088, works for a non-root user. No modding of file permissions necessary! (Tested on Centos 7.4 with nginx 1.16.1)
error_log /tmp/error.log; pid /tmp/nginx.pid; events { # No special events for this simple setup } http { server { listen 8088; server_name localhost; # Set a number of log, temp and cache file options that will otherwise # default to restricted locations accessible only to root. access_log /tmp/nginx_host.access.log; client_body_temp_path /tmp/client_body; fastcgi_temp_path /tmp/fastcgi_temp; proxy_temp_path /tmp/proxy_temp; scgi_temp_path /tmp/scgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; # Serve local files location / { root /home/<your_user>/web; index index.html index.htm; try_files $uri $uri/ /index.html; } } }