jeffreyveon's questions

I've created a user called kafka to whom I am trying to give a sudo access to run only /etc/init.d/kafka commands.

I added the following entry to /etc/sudoers.d/kafka via Ansible:

kafka ALL = NOPASSWD: /etc/init.d/kafka

However, this breaks sudo completely with the following error:

/etc/sudoers.d/kafka: syntax error near line 1
sudo: parse error in /etc/sudoers.d/kafka near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Here's the full Ansible snippet:

- name: Create kafka user's group
  group:
    name: "{{ kafka_group }}"
    state: present

- name: Create kafka user
  user:
    name: "{{ kafka_user }}"
    state: present
    group: "{{ kafka_group }}"
    shell: /bin/bash

- name: Set up password-less sudo for kafka user
  copy:
    content: "{{ kafka_user }} ALL = NOPASSWD: /etc/init.d/{{ kafka_service_name }}"
    dest: "/etc/sudoers.d/{{ kafka_user }}"
    owner: root
    group: root
    mode: 0440

What am I doing wrong?

Nginx is running on port 80, and I'm using it to reverse proxy URLs with path /foo to port 3200 this way:

location /foo {
                proxy_pass http://localhost:3200;
                proxy_redirect     off;
                proxy_set_header   Host $host;
}

This works fine, but I have an application on port 3200, for which I don't want the initial /foo to be sent to. That is - when I access http://localhost/foo/bar, I want only /bar to be the path as received by the app. So I tried adding this line to the location block above:

rewrite ^(.*)foo(.*)$ http://localhost:3200/$2 permanent;

This causes 302 redirect (change in URL), but I want 301. What should I do?