DSM 7.0 How to deploy a nginx config

Currently reading
DSM 7.0 How to deploy a nginx config

Status
Not open for further replies.
15
5
NAS
DS1815+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Hello,

With previous DSM, I used to "link" a nginx config file (installed with my packages) under /usr/syno/share/nginx/conf.d/
Ex.:
ln -s $SYNOPKG_PKGDEST/ui/dsm.cgi.conf /usr/syno/share/nginx/conf.d/dsm.$SYNOPKG_PKGNAME.conf
Where $SYNOPKG_PKGDEST is the target path of my package and $SYNOPKG_PKGNAME is the name of my package

Just to be complete... The nginx config file dsm.$SYNOPKG_PKGNAME.conf contains a redirection to be able to run the php scripts deployed in the target path of my package (instead of being deployed under the web station root folder).

location ~ ^/webman/3rdparty/<package name>/.*\.php {
root /usr/syno/synoman;
include scgi_params;
rewrite .*\.php /webman/3rdparty/<package name>/router.cgi break;
scgi_pass synoscgi;
}

And my router.cgi simply call php7x to execute the requested php scripts...

But with DSM 7.0, the package installation may not be run anymore as root. So, post installation script don't have the requires access rights to create the link.

Is there anyone who could help me to understand how to proceed with this ?
Using a Linker worker, I am only able to create links in /usr/local/etc/. I can't find how to create those links under /usr/local/etc/nginx/conf.d/ ?

Any idea ?
 
I noticed that Wordpress was able to do changes which requires the root privilege, during post-installation .
And indeed, I see that in the privilege file of this package, there is a request to run the postinst script as root:
"ctrl-script": [{ "action": "postinst", "run-as": "root" }],

But if I configure my packages to do so, I get an error message from Package Installer, mentioning that I may not request such privilege ?!?!? I guess that the wordpress package being made officially available via Synology, it's signed by synology and so, authorised to request such an elevation? :(
 
I noticed that Wordpress was able to do changes which requires the root privilege, during post-installation .
And indeed, I see that in the privilege file of this package, there is a request to run the postinst script as root:
"ctrl-script": [{ "action": "postinst", "run-as": "root" }],

But if I configure my packages to do so, I get an error message from Package Installer, mentioning that I may not request such privilege ?!?!? I guess that the wordpress package being made officially available via Synology, it's signed by synology and so, authorised to request such an elevation? :(
Would be using WP over Docker be a solution for you?

Synology is on a path to close and harden down dsm regarding 3rd party more and more. Best to avoid 3rd party installs if you can container them with docker. You will have a lot more freedom.
 
Indeed, that's probably the best option...

I spent hours to try various options like

Code:
#!/bin/sh
echo "$password" | sudo -S -u "$user" ln -s $SYNOPKG_PKGDEST/ui/dsm.cgi.conf /usr/syno/share/nginx/conf.d/dsm.$SYNOPKG_PKGNAME.conf

with $password and $user coming from the installation Wizard. But I always get the same output:

1612131567099.png

I have also tried with sudo -S -u "$user" <<< "$password", with hardcoded password and username, None of the usual trick works... It's blocked by Synology as running the same script from a SSH console works fine...

So far, my only solution is to run the installation of the package with a user which is defined as sudoer without password... A pitty... But it works.
 
I have found another way to execute commands as root during package installation... It requires SSH to be enabled. With the account and password collected by the Installation Wizard, I open a session via SSH and execute the commands there, via sudo. Works perfectly...
 
Status
Not open for further replies.

Similar threads

  • Locked
It happens from time to time yes.
Replies
3
Views
4,871

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top