Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This lets you run nginx as a normal user and still receive connections on port 80 and 443. Setup nginx to listen to port 8080 for http and 8443 for https.
<!-- https://gist.github.com/stefansundin/f0ad99195333480157ce67e97c8d28c7
Forward port 80 to port 8080 and 443 to 8443 so that you can run nginx as a normal user.
Save to: /Library/LaunchDaemons/nginx.firewall.plist
Install:
sudo curl -L -o /Library/LaunchDaemons/nginx.firewall.plist https://gist.githubusercontent.com/stefansundin/f0ad99195333480157ce67e97c8d28c7/raw/nginx.firewall.plist
sudo launchctl load -Fw /Library/LaunchDaemons/nginx.firewall.plist
Uninstall:
sudo launchctl unload /Library/LaunchDaemons/nginx.firewall.plist
sudo rm /Library/LaunchDaemons/nginx.firewall.plist
sudo pfctl -a "com.apple/250.NginxHttpFirewall" -F all
sudo pfctl -a "com.apple/250.NginxHttpsFirewall" -F all
Inspired by pow.cx firewall: https://github.com/basecamp/pow
-->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>nginx.firewall</string>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>root</string>
<key>ProgramArguments</key>
<array>
<string>/bin/sh</string>
<string>-c</string>
<string>
sysctl -w net.inet.ip.forwarding=1;
echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.1 port 8080" | pfctl -a "com.apple/250.NginxHttpFirewall" -Ef -
echo "rdr pass proto tcp from any to any port {443,8443} -> 127.0.0.1 port 8443" | pfctl -a "com.apple/250.NginxHttpsFirewall" -Ef -
</string>
</array>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment