diff --git a/kong.conf.default b/kong.conf.default index 0e1dcc5d189..aa03e529501 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -68,6 +68,11 @@ # HTTPS requests to the admin API, if # `admin_ssl` is enabled. +#nginx_user = nobody # Defines user and group credentials used by + # worker processes. If group is omitted, a + # group whose name equals that of user is + # used. Ex: [user] [group]. + #nginx_worker_processes = auto # Determines the number of worker processes # spawned by Nginx. diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua index 831d386f224..3c98d7a8138 100644 --- a/kong/conf_loader.lua +++ b/kong/conf_loader.lua @@ -59,6 +59,7 @@ local CONF_INFERENCES = { cluster_listen = {typ = "string"}, cluster_listen_rpc = {typ = "string"}, cluster_advertise = {typ = "string"}, + nginx_user = {typ = "string"}, nginx_worker_processes = {typ = "string"}, upstream_keepalive = {typ = "number"}, diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index 6e3851c3d53..534ba5259bf 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -8,6 +8,7 @@ proxy_listen = 0.0.0.0:8000 proxy_listen_ssl = 0.0.0.0:8443 admin_listen = 0.0.0.0:8001 admin_listen_ssl = 0.0.0.0:8444 +nginx_user = nobody nginx_worker_processes = auto nginx_optimizations = on nginx_daemon = on diff --git a/kong/templates/nginx.lua b/kong/templates/nginx.lua index 750eae6c088..77d17cb8dd6 100644 --- a/kong/templates/nginx.lua +++ b/kong/templates/nginx.lua @@ -1,4 +1,5 @@ return [[ +user ${{NGINX_USER}}; worker_processes ${{NGINX_WORKER_PROCESSES}}; daemon ${{NGINX_DAEMON}}; diff --git a/spec/01-unit/02-conf_loader_spec.lua b/spec/01-unit/02-conf_loader_spec.lua index 5cb923c118d..bd15db40c2c 100644 --- a/spec/01-unit/02-conf_loader_spec.lua +++ b/spec/01-unit/02-conf_loader_spec.lua @@ -5,6 +5,7 @@ describe("Configuration loader", function() it("loads the defaults", function() local conf = assert(conf_loader()) assert.is_string(conf.lua_package_path) + assert.equal("nobody", conf.nginx_user) assert.equal("auto", conf.nginx_worker_processes) assert.equal("0.0.0.0:8001", conf.admin_listen) assert.equal("0.0.0.0:8000", conf.proxy_listen) @@ -21,6 +22,7 @@ describe("Configuration loader", function() -- defaults assert.equal("on", conf.nginx_daemon) -- overrides + assert.equal("nobody", conf.nginx_user) assert.equal("1", conf.nginx_worker_processes) assert.equal("0.0.0.0:9001", conf.admin_listen) assert.equal("0.0.0.0:9000", conf.proxy_listen) @@ -39,6 +41,7 @@ describe("Configuration loader", function() -- defaults assert.equal("on", conf.nginx_daemon) -- overrides + assert.equal("nobody", conf.nginx_user) assert.equal("auto", conf.nginx_worker_processes) assert.equal("127.0.0.1:9001", conf.admin_listen) assert.equal("0.0.0.0:9000", conf.proxy_listen) diff --git a/spec/01-unit/03-prefix_handler_spec.lua b/spec/01-unit/03-prefix_handler_spec.lua index 993a96a347e..e4d5fe625ef 100644 --- a/spec/01-unit/03-prefix_handler_spec.lua +++ b/spec/01-unit/03-prefix_handler_spec.lua @@ -126,6 +126,7 @@ describe("NGINX conf compiler", function() describe("compile_nginx_conf()", function() it("compiles a main NGINX conf", function() local nginx_conf = prefix_handler.compile_nginx_conf(helpers.test_conf) + assert.matches("user nobody;", nginx_conf, nil, true)) assert.matches("worker_processes 1;", nginx_conf, nil, true) assert.matches("daemon on;", nginx_conf, nil, true) end) diff --git a/spec/fixtures/custom_nginx.template b/spec/fixtures/custom_nginx.template index aa39ac4064d..f5967d0f528 100644 --- a/spec/fixtures/custom_nginx.template +++ b/spec/fixtures/custom_nginx.template @@ -1,5 +1,6 @@ # This is a custom nginx configuration template for Kong specs +user ${{NGINX_USER}}; worker_processes ${{NGINX_WORKER_PROCESSES}}; daemon ${{NGINX_DAEMON}};