The experimental environment is 64-bit centos6.4, nginx uses the latest official stable version,
Download source code package
# Wget http://nginx.org/download/nginx-1.6.2.tar.gz
[[Email protected] local] # tar zxvf nginx-1.6.2.tar.gz
Hide the actual nginx version, and modify the nginx display version and name,
[[Email protected] nginx-1.6.2] # vi/usr/local/nginx-1.6.2/src/CORE/nginx. h
# Define nginx_version "1.6.2"/* version number, change it by yourself */# define nginx_ver "your string here"/* display this string directly when displaying the version */
Add users
# Groupadd nginx # useradd-G nginx [[email protected] nginx-1.6.2] # cd/usr/local/nginx-1.6.2
[[Email protected] nginx-1.6.2] #. /configure -- prefix =/usr/local/nginx -- user = nginx -- group = nginx -- with-http_gzip_static_module -- http-log-Path =/var/log/nginx/access. log
# Make
# Make install
The installation is complete and the test is successful.
#/Usr/local/nginx/sbin/nginx [[email protected] nginx-1.6.2] # ps auxf | grep nginx // check whether nginx is enabled normally, you can also http: // confirm IP address access. Note that iptables also opens the relevant port.
Root 7740 0.0 0.0 103240 852 pts/0 S + \ _ grep nginx
Root 7649 0.0 0.0 20212 604? SS nginx: Master process/usr/local/nginx/sbin/nginx
Nginx 7650 0.0 0.1 20636 1476? S \ _ nginx: Worker Process
Everything is normal. Next we will implement chroot. 1. Create a chroot running cage (jail) root directory, for example,/nginx # D =/nginx # mkdir-p $ D 2. Create an independent runtime environment, nginx will be restricted to running mkdir-p $ D/etc mkdir-p $ D/dev mkdir-p $ D/var mkdir-p $ D/usr mkdir-P in this environment $ D/usr/local/nginx mkdir-p $ D/tmp chmod 1777 $ D/tmp mkdir-p $ D/var/tmp chmod 1777 $ D/var/tmp mkdir- p $ D/lib64 3. Some special devices need to be created, otherwise errors may occur # ls-L/dev/{null, random, urandom} [[email protected] nginx-1.6.2] # ls-L/dev/{null, random, urandom}
CrW-RW-. 1 Root 1, 2013/dev/null
CrW-RW-. 1 Root 1, 2013/dev/random
CrW-RW-. 1 Root 1, September 13 2013/dev/urandom
#/Bin/mknod-M 0666 $ D/dev/null C 1 3 #/bin/mknod-M 0666 $ D/dev/random C 1 8 #/bin/mknod- M 0444 $ D/dev/urandom C 1 9
4. Copy all the files in the/Urs/local/nginx directory to the $ D/usr/local/nginx directory #/bin/CP-farv/usr/local/nginx /* $ D/usr/local/nginx
5. Because $ D/usr/local/nginx/sbin/nginx needs to be started, some libraries are involved. Copy the relevant libraries to the corresponding jail directory, run the following command to view the associated library # LDD/usr/local/nginx/sbin/nginx
Linux-vdso.so.1 => (0x00007fff225ff000) // This does not need to be copied
Libpthread. so.0 =>/lib64/libpthread. so.0 (0x00007fb0000acf000)
Libcrypt. so.1 =>/lib64/libcrypt. so.1 (0x00007fb0000898000)
Libpcre. so.0 =>/lib64/libpcre. so.0 (0x00007fb000066b000)
Libz. so.1 =>/lib64/libz. so.1 (0x00007fb0000455000)
Libc. so.6 =>/lib64/libc. so.6 (0x00007fb4500c2000)
/Lib64/ld-linux-x86-64.so.2 (0x00007fb0000cf5000)
Libfreebl3.so =>/lib64/libfreebl3.so (0x00007fb44fe5f000)
Libdl. so.2 =>/lib64/libdl. so.2 (0x00007fb44fc5b000) 6. Copy the above association to the corresponding directory to [[email protected] nginx-1.6.2] # cp/lib64/libpthread. so.0/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libcrypt. so.1/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libpcre. so.0/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libz. so.1/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libc. so.6/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/ld-linux-x86-64.so.2/nginx/lib64/CP/lib64/libfreebl3.so/nginx/lib64/CP/lib64/libdl. so.2/nginx/lib64/
7. Copy/etc to the/nginx directory. Different systems may have different directories. If a directory below does not exist, an error will be reported, but it does not affect CP-FV/etc/{group, prelink. cache, services, adjtime, shells, gshadow, shadow, hosts. deny, localtime, nsswitch. conf, nscd. conf, prelink. conf, protocols, hosts, passwd, LD. so. cache, LD. so. conf, resolv. conf, host. conf} $ D/etc CP-avr/etc/{lD. so. conf. d, prelink. conf. d} $ D/etc
8. Start nginx, pkill-9 nginx [[[email protected] nginx-1.6.2] #/usr/sbin/chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: [emerg] getpwnam ("nginx") failed
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test failed
The above error is due to the lack of some libraries. You need to copy these libraries to the/nginx/lib64 directory and run the following strace command to find that some libraries have not been copied.
# Strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T # More/tmp/nginx. strace 8221 open ("
/Lib64/libnss_files.so.2 ", o_rdonly) =-1 enoent (no such file or directory)
8221 open ("/lib64/tls/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/tls/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/tls/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/TLS", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64", {st_mode = s_ifdir | 0755, st_size = 4096,...}) = 0
8221 open ("/usr/lib64/tls/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/tls/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/tls/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/TLS", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 munmap (0x7f6818e0d000, 29430) = 0
8221 write (3, "17:49:34 [emerg] 8221"..., 99) = 99
8221 write (2, "nginx: [emerg] getpwnam (\" nginx \ ")"..., 78) = 78
8221 close (4) = 0
8221 write (2, "nginx: configuration file/usr/L"..., 71) = 71
8221 exit_group (1) =?
[[Email protected] nginx-1.6.2] # cp/lib64/libnss_files.so.2/nginx/lib64/
[[Email protected] nginx-1.6.2] # strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: [emerg] open () "/var/log/nginx/access. log" failed (2: no such file or directory)
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test failed is very obvious. This error is caused by NO/var/log/nginx/access. log, check, found that this/nginx/var/log directory [[email protected] nginx-1.6.2] # mkdir-P/nginx/var/log/nginx
[[Email protected] nginx-1.6.2] # chmod 777/nginx/var/log/nginx/
[[Email protected] nginx-1.6.2] # strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test is successful test by [[email protected] nginx-1.6.2] # chroot/nginx/usr/local/nginx/sbin/nginx
[[Email protected] nginx-1.6.2] # ps auxf | grep nginx
Root 8357 0.0 0.0 103240 856 pts/0 S + \ _ grep nginx
Root 8354 0.0 0.0 20212 604? Nginx: Master process/usr/local/nginx/sbin/nginx
Nginx 8355 0.0 0.1 20636 1200? S \ _ nginx: worker process now, the deployment is complete, then nginx runs in the/nginx directory, and the logs are generated in this directory. Note, the configuration file is in the/nginx/usr/local/nginx/CONF/directory # cd/nginx/usr/local/nginx/CONF/# vi nginx. conf
Restart command #/usr/sbin/chroot/nginx/usr/local/nginx/sbin/nginx-s reload
Enable nginx to run in chroot mode in centos
