You are not logged in.

#1 2013-03-08 13:50:38

jul16ares
Member
Registered: 2013-03-02
Posts: 9

[SOLVED] Nginx help with configuring chrooted

Hello,

I followed step by step nginx on chrooted environnement doc.

My nginx.service is

[Unit]
Description=A high performance web server and a reverse proxy server
After=syslog.target network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/bin/chroot --userspec=http:http /srv/http/usr/sbin/nginx -t -q -g 'pid /run/nginx.pid; d$
ExecStart=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid; daemon on;$
ExecReload=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid; daemon on$
ExecStop=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid;' -s quit

[Install]
WantedBy=multi-user.target

when i start service :

/usr/bin/chroot: failed to run command ‘/usr/sbin/nginx’: No such file or directory

chroot exe is in /usr/bin
nginx exe is in /srv/http/usr/sbin/

Seems to failed chroot in /srv/http roll

Last edited by jul16ares (2013-03-14 10:59:00)

Offline

#2 2013-03-10 19:54:43

jul16ares
Member
Registered: 2013-03-02
Posts: 9

Re: [SOLVED] Nginx help with configuring chrooted

I havn't  linux-vdso.so.1 maybe that's the problem ?

ldd /usr/sbin/nginx                
	libpthread.so.0 => /usr/lib/libpthread.so.0 (0x401fc000)
	libcrypt.so.1 => /usr/lib/libcrypt.so.1 (0x400dd000)
	libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x4021c000)
	libm.so.6 => /usr/lib/libm.so.6 (0x402e4000)
	libpcre.so.1 => /usr/lib/libpcre.so.1 (0x40115000)
	libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x40188000)
	libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x40385000)
	libdl.so.2 => /usr/lib/libdl.so.2 (0x40085000)
	libz.so.1 => /usr/lib/libz.so.1 (0x40090000)
	libGeoIP.so.1 => /usr/lib/libGeoIP.so.1 (0x404ee000)
	libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x4052d000)
	libc.so.6 => /usr/lib/libc.so.6 (0x40554000)
	/lib/ld-linux.so.3 (0x4005d000)

Offline

#3 2013-03-10 20:23:26

Lekensteyn
Member
From: Netherlands
Registered: 2012-06-19
Posts: 192
Website

Re: [SOLVED] Nginx help with configuring chrooted

Be sure to read https://wiki.archlinux.org/index.php/Ng … n_a_chroot completely, you probably miss some libraries. Have you tried starting nginx manually? E.g. `sudo chroot --userspec http:http /srv/http /usr/sbin/nginx` from terminal?

Offline

#4 2013-03-10 22:14:22

jul16ares
Member
Registered: 2013-03-02
Posts: 9

Re: [SOLVED] Nginx help with configuring chrooted

Thank you for response,
Same issue running manually sudo chroot --userspec http:http /srv/http /usr/sbin/nginx

chroot: failed to run command ‘/usr/sbin/nginx’: No such file or directory.
Nginx still be in /srv/http/usr/sbin/
Maybe try in normal path and/or deleting chroot enironnement...


I don't no if i missing some libraries, exept that ldd /usr/sbin/nginx don't send back
linux-vdso.so.1

Offline

#5 2013-03-11 14:19:51

Lekensteyn
Member
From: Netherlands
Registered: 2012-06-19
Posts: 192
Website

Re: [SOLVED] Nginx help with configuring chrooted

Have you copied the recursive dependencies? Even if nginx depends on libX, there may still be a need for libY if libX depends on it.

linux-vdso.so.1 is not an existing file. I have just a script I build a year ago for easily creating chroots. See https://lekensteyn.nl/files/scripts/build-chroot

Usage:
./build-chroot -d /srv/http /usr/sbin/nginx

(note: the script does not take dynamically loaded libraries (dlopen) into account not does it include interpreters from scripts with a #! line. You have to specify that explicitly)

Offline

#6 2013-03-11 20:41:23

jul16ares
Member
Registered: 2013-03-02
Posts: 9

Re: [SOLVED] Nginx help with configuring chrooted

I'm not enough skilled to understand your last note about dynamically loaded libraries, and interpreters stufs...

I'm on the way trying your script

Thanks

Offline

#7 2013-03-11 22:12:36

jul16ares
Member
Registered: 2013-03-02
Posts: 9

Re: [SOLVED] Nginx help with configuring chrooted

I did again the whole install, and copying some more libraries.

I get this :

mars 11 23:05:09 leplug chroot[22855]: nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
mars 11 23:05:09 leplug chroot[22855]: nginx: configuration file /etc/nginx/nginx.conf test failed

Last edited by jul16ares (2013-03-14 10:58:12)

Offline

#8 2013-03-12 19:53:27

Lekensteyn
Member
From: Netherlands
Registered: 2012-06-19
Posts: 192
Website

Re: [SOLVED] Nginx help with configuring chrooted

Change the port, start nginx as root or assign capabilities:

sudo setcap cap_net_bind_service+ep /srv/http/usr/sbin/nginx

Offline

#9 2013-03-12 20:35:46

jul16ares
Member
Registered: 2013-03-02
Posts: 9

Re: [SOLVED] Nginx help with configuring chrooted

Ok working well,

May i keep post open for further help ?

Offline

#10 2013-03-13 10:57:31

Lekensteyn
Member
From: Netherlands
Registered: 2012-06-19
Posts: 192
Website

Re: [SOLVED] Nginx help with configuring chrooted

If it is working well, I suggest to mark this thread as solved. You can add a new question later on.

Oh, and a title lke "Help with configuring chrooted nginx" is probably more descriptive.

Offline

Board footer

Powered by FluxBB