Nginx is runing as www-data (set in /etc/nginx/nginx.conf : user www-data;)
Letsencrypt task create the ssl folder as root.
drwx------ 3 root root 4096 May 16 09:51 ssl
I have set the admin_user as ubuntu in group_vars/production/users.yml
nginx -T :
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2017/05/16 10:49:51 [warn] 28558#28558: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:7
2017/05/16 10:49:51 [emerg] 28558#28558: BIO_new_file("/etc/nginx/ssl/letsencrypt/xxxxx.com-1de5126-bundled.cert") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/nginx/ssl/letsencrypt/xxxx.com-1de5126-bundled.cert','r') error:2006D002:BIO routines:BIO_new_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
/var/log/nginx$ ls -l
-rw-r----- 1 www-data adm 69603 May 16 10:20 access.log
-rw-r----- 1 www-data adm 575 May 16 09:51 error.log
My trellis setup is a fresh install, cloned from the repo yesterday.
Any idea ? Not a specialist in security, so i do not want to do a "chmod" somewhere without knowing before what i'm doing ^^
Thanks for your help