Z-Push 2.4.0 - nginx configuration file

@milauria there are quite some pull requests attached to the ticket I’ve linked you. if you login at jira.z-hub.io then you can see all the changes that have been done.

Now that Z-push 2.4 has been released as official … I may suggest that when installing the z-push-config-nginx module the following permissions are also set during installation:

/var/lib/z-push/* must be owned by nginx : z-push (not apache:z-push)
/etc/logrotate.d/z-push.lr should remove “create apache apache”

I am running on Centos 7 with Nginx
thanks

Hi, thanks for the report. I’ve created an issue for it https://jira.z-hub.io/browse/ZP-1375
I am not sure why we didn’t see this/create the ticket before, but we will fix asap.

Cheers, Sebastian

@milauria we have fixed ZP-1375 and it’s released in Z-Push 2.4.1 beta1.
Could you try to install/update to this version and report back? Thank you!

With the Z-Push 2.4.1 beta1 installed I see that now the logrotate contains “create root z-push” which also does not work for me.

I need to be “create nginx z-push” to make let z-push write its log file … or just delete the “create” statement so that it inherits the permission from its folder

Basically to make it work I need both /var/log/z-push and /var/lib/z-push to be owned by the “nginx” user

Hi milauria,

are there any errors? z-push group does have the right permissions for both folders, doesn’t it?

Manfred

Hi manfred,
seems to be the file owner the problem, not the file group

The /var/lib/z-push owner needs to be “nginx”. The z-push install I think defaults the owner as “root” and in that case I get the below fatal error. After I did the “chown nginx” the error went away.

[FATAL] Exception: (FatalMisconfigurationException) - Not possible to write to the configured state directory.
[FATAL] FatalMisconfigurationException: Not possible to write to the configured state directory. - code: 0 - file: /usr/share/z-push/lib/default/filestatemachine.php:63

Similarly /var/log/z-push needs to owned by nginx AND needs to be writable only by the user.
The error I get: "parent directory has insecure permissions (It’s world writable or writable by group which is not “root”)"
I also removed altogether the “create” statement in the z-push.lr so that every new log is created with the same folder permission

Cheers

Hi milauria,

could you post the output of

groups nginx

?

With the current spec file configuration it’s not so trivial to change the ownership to user nginx. That’s why we introduced the z-push group which has the right permissions.

Manfred

groups nginx
nginx : nginx z-push

thanks for looking into this

Just to report that I have installed 2.4.1 final and all works fine with the only modification needed for the /var/log that I had to change as follow:

drwxr-x—. 2 nginx z-push 4096 Apr 11 19:21 z-push