1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • Re: [gentoo-dev] [RFC PATCH 06/19] www-servers/nginx: add nginx-r2.serv

    From Alexander Tsoy@21:1/5 to All on Sat Jul 20 19:00:01 2024
    В Ср, 17/07/2024 в 15:05 +0300, Zurab Kvachadze пишет:
    This is the second revision of the systemd service file for NGINX.

    This commit removes redundant Exec{Stop,Reload} lines that restate
    the
    systemd defaults and changes the ExecStartPre directive from "nginx -
    t"
    (testing the NGINX configuration that is done anyway by the main
    process, bug 481456) to "mkdir -p /var/tmp/nginx", making sure the
    required directory for the NGINX temp files is present. ExecStopPost
    has
    also been removed, since sleeping for 100 ms serves no purpose.

    The second revision also changes the Exec* directives to use the
    plain
    file names, instead of the absolute ones, per systemd.service(5)
    guidelines:
    It is thus safe to use just the executable name in case of
    executables
    located in any of the "standard" directories, and an absolute path
    must be used in other cases.

    Bug: https://bugs.gentoo.org/481456
    Signed-off-by: Zurab Kvachadze <zurabid2016@gmail.com>
    ---
     www-servers/nginx/files/nginx-r2.service | 12 ++++++++++++
     1 file changed, 12 insertions(+)
     create mode 100644 www-servers/nginx/files/nginx-r2.service

    diff --git a/www-servers/nginx/files/nginx-r2.service b/www- servers/nginx/files/nginx-r2.service
    new file mode 100644
    index 000000000000..2916aba391a2
    --- /dev/null
    +++ b/www-servers/nginx/files/nginx-r2.service
    @@ -0,0 +1,12 @@
    +[Unit]
    +Description=The NGINX HTTP and reverse proxy server
    +After=network.target remote-fs.target nss-lookup.target
    +
    +[Service]
    +Type=forking
    +PIDFile=/run/nginx.pid
    +ExecStartPre=mkdir -p /var/tmp/nginx

    Please note that systemd-tmpfiles can remove the whole /var/tmp/nginx
    directory if it and its contents are not touched for a long time. And
    then reload of nginx might fail. So it is better to create this
    directory via tmpfiles.d.

    +ExecStart=nginx
    +
    +[Install]
    +WantedBy=multi-user.target

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alexander Tsoy@21:1/5 to All on Sat Jul 20 19:30:01 2024
    В Сб, 20/07/2024 в 13:15 -0400, Michael Orlitzky пишет:
    But so long as we're talking about it: what do the file names under /var/tmp/nginx look like? Hopefully they're random. Otherwise we have
    to worry about the bad guy pre-creating not only the directory, but
    also the files inside it.

    No, their names are predefined. For example with the current in-tree
    nginx:

    $ sudo ls -1 /var/lib/nginx/tmp/
    client
    fastcgi
    proxy
    scgi
    uwsgi

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alexander Tsoy@21:1/5 to All on Sat Jul 20 21:20:01 2024
    В Сб, 20/07/2024 в 20:25 +0300, Alexander Tsoy пишет:
    В Сб, 20/07/2024 в 13:15 -0400, Michael Orlitzky пишет:
    But so long as we're talking about it: what do the file names under /var/tmp/nginx look like? Hopefully they're random. Otherwise we
    have
    to worry about the bad guy pre-creating not only the directory, but
    also the files inside it.

    No, their names are predefined. For example with the current in-tree
    nginx:

    $ sudo ls -1 /var/lib/nginx/tmp/
    client
    fastcgi
    proxy
    scgi
    uwsgi

    Sorry, these are directories. I cannot check file names right now.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)