Use nginx user instead of www-data on Debian 9

Using www-data was a temporary measure while I was waiting for the
official nginx.org packages to be released for Debian 9 and we had
to use Debian's own nginx package.
This commit is contained in:
Alan Orth 2017-06-19 18:36:13 +03:00
parent b945240756
commit d518bc51a4
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 0 additions and 14 deletions

View File

@ -1,10 +1,6 @@
# Run as a unique, less privileged user for security reasons. # Run as a unique, less privileged user for security reasons.
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('9', '==') %}
user www-data;
{% else %}
user nginx; user nginx;
{% endif %}
# Sets the worker threads to the number of CPU cores available in the system for best performance. # Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores. # Should be > the number of CPU cores.

View File

@ -22,13 +22,8 @@
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('9', '==') %}
user = www-data
group = www-data
{% else %}
user = nginx user = nginx
group = nginx group = nginx
{% endif %}
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
@ -49,13 +44,8 @@ listen = /run/php/php7.0-fpm-{{ domain_name }}.sock
; BSD-derived systems allow connections regardless of permissions. ; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user ; Default Values: user and group are set as the running user
; mode is set to 0660 ; mode is set to 0660
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('9', '==') %}
listen.owner = www-data
listen.group = www-data
{% else %}
listen.owner = nginx listen.owner = nginx
listen.group = nginx listen.group = nginx
{% endif %}
;listen.mode = 0660 ;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using ; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names. ; these options, value is a comma separated list of user/group names.