Enable nginx to run in chroot mode in centos

Source: Internet
Author: User

The experimental environment is 64-bit centos6.4, nginx uses the latest official stable version,

Download source code package

# Wget http://nginx.org/download/nginx-1.6.2.tar.gz

[[Email protected] local] # tar zxvf nginx-1.6.2.tar.gz

Hide the actual nginx version, and modify the nginx display version and name,

[[Email protected] nginx-1.6.2] # vi/usr/local/nginx-1.6.2/src/CORE/nginx. h

# Define nginx_version "1.6.2"/* version number, change it by yourself */# define nginx_ver "your string here"/* display this string directly when displaying the version */

Add users
# Groupadd nginx # useradd-G nginx [[email protected] nginx-1.6.2] # cd/usr/local/nginx-1.6.2
[[Email protected] nginx-1.6.2] #. /configure -- prefix =/usr/local/nginx -- user = nginx -- group = nginx -- with-http_gzip_static_module -- http-log-Path =/var/log/nginx/access. log
# Make

# Make install

The installation is complete and the test is successful.

#/Usr/local/nginx/sbin/nginx [[email protected] nginx-1.6.2] # ps auxf | grep nginx // check whether nginx is enabled normally, you can also http: // confirm IP address access. Note that iptables also opens the relevant port.
Root 7740 0.0 0.0 103240 852 pts/0 S + \ _ grep nginx
Root 7649 0.0 0.0 20212 604? SS nginx: Master process/usr/local/nginx/sbin/nginx
Nginx 7650 0.0 0.1 20636 1476? S \ _ nginx: Worker Process

Everything is normal. Next we will implement chroot. 1. Create a chroot running cage (jail) root directory, for example,/nginx # D =/nginx # mkdir-p $ D 2. Create an independent runtime environment, nginx will be restricted to running mkdir-p $ D/etc mkdir-p $ D/dev mkdir-p $ D/var mkdir-p $ D/usr mkdir-P in this environment $ D/usr/local/nginx mkdir-p $ D/tmp chmod 1777 $ D/tmp mkdir-p $ D/var/tmp chmod 1777 $ D/var/tmp mkdir- p $ D/lib64 3. Some special devices need to be created, otherwise errors may occur # ls-L/dev/{null, random, urandom} [[email protected] nginx-1.6.2] # ls-L/dev/{null, random, urandom}
CrW-RW-. 1 Root 1, 2013/dev/null
CrW-RW-. 1 Root 1, 2013/dev/random
CrW-RW-. 1 Root 1, September 13 2013/dev/urandom
#/Bin/mknod-M 0666 $ D/dev/null C 1 3 #/bin/mknod-M 0666 $ D/dev/random C 1 8 #/bin/mknod- M 0444 $ D/dev/urandom C 1 9
4. Copy all the files in the/Urs/local/nginx directory to the $ D/usr/local/nginx directory #/bin/CP-farv/usr/local/nginx /* $ D/usr/local/nginx
5. Because $ D/usr/local/nginx/sbin/nginx needs to be started, some libraries are involved. Copy the relevant libraries to the corresponding jail directory, run the following command to view the associated library # LDD/usr/local/nginx/sbin/nginx
Linux-vdso.so.1 => (0x00007fff225ff000) // This does not need to be copied
Libpthread. so.0 =>/lib64/libpthread. so.0 (0x00007fb0000acf000)
Libcrypt. so.1 =>/lib64/libcrypt. so.1 (0x00007fb0000898000)
Libpcre. so.0 =>/lib64/libpcre. so.0 (0x00007fb000066b000)
Libz. so.1 =>/lib64/libz. so.1 (0x00007fb0000455000)
Libc. so.6 =>/lib64/libc. so.6 (0x00007fb4500c2000)
/Lib64/ld-linux-x86-64.so.2 (0x00007fb0000cf5000)
Libfreebl3.so =>/lib64/libfreebl3.so (0x00007fb44fe5f000)
Libdl. so.2 =>/lib64/libdl. so.2 (0x00007fb44fc5b000) 6. Copy the above association to the corresponding directory to [[email protected] nginx-1.6.2] # cp/lib64/libpthread. so.0/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libcrypt. so.1/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libpcre. so.0/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libz. so.1/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/libc. so.6/nginx/lib64/
[[Email protected] nginx-1.6.2] # cp/lib64/ld-linux-x86-64.so.2/nginx/lib64/CP/lib64/libfreebl3.so/nginx/lib64/CP/lib64/libdl. so.2/nginx/lib64/
7. Copy/etc to the/nginx directory. Different systems may have different directories. If a directory below does not exist, an error will be reported, but it does not affect CP-FV/etc/{group, prelink. cache, services, adjtime, shells, gshadow, shadow, hosts. deny, localtime, nsswitch. conf, nscd. conf, prelink. conf, protocols, hosts, passwd, LD. so. cache, LD. so. conf, resolv. conf, host. conf} $ D/etc CP-avr/etc/{lD. so. conf. d, prelink. conf. d} $ D/etc
8. Start nginx, pkill-9 nginx [[[email protected] nginx-1.6.2] #/usr/sbin/chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: [emerg] getpwnam ("nginx") failed
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test failed
The above error is due to the lack of some libraries. You need to copy these libraries to the/nginx/lib64 directory and run the following strace command to find that some libraries have not been copied.
# Strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T # More/tmp/nginx. strace 8221 open (" /Lib64/libnss_files.so.2 ", o_rdonly) =-1 enoent (no such file or directory)
8221 open ("/lib64/tls/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/tls/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/tls/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/TLS", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/lib64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/lib64", {st_mode = s_ifdir | 0755, st_size = 4096,...}) = 0
8221 open ("/usr/lib64/tls/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/tls/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/tls/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/TLS", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/x86_64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64/x86_64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 open ("/usr/lib64/libnss_files.so.2", o_rdonly) =-1 enoent (no such file or directory)
8221 Stat ("/usr/lib64", 0x7fffa8e0000a0) =-1 enoent (no such file or directory)
8221 munmap (0x7f6818e0d000, 29430) = 0
8221 write (3, "17:49:34 [emerg] 8221"..., 99) = 99
8221 write (2, "nginx: [emerg] getpwnam (\" nginx \ ")"..., 78) = 78
8221 close (4) = 0
8221 write (2, "nginx: configuration file/usr/L"..., 71) = 71
8221 exit_group (1) =?

[[Email protected] nginx-1.6.2] # cp/lib64/libnss_files.so.2/nginx/lib64/
[[Email protected] nginx-1.6.2] # strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: [emerg] open () "/var/log/nginx/access. log" failed (2: no such file or directory)
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test failed is very obvious. This error is caused by NO/var/log/nginx/access. log, check, found that this/nginx/var/log directory [[email protected] nginx-1.6.2] # mkdir-P/nginx/var/log/nginx
[[Email protected] nginx-1.6.2] # chmod 777/nginx/var/log/nginx/
[[Email protected] nginx-1.6.2] # strace-f-o/tmp/nginx. strace chroot/nginx/usr/local/nginx/sbin/nginx-T
Nginx: the configuration file/usr/local/nginx/CONF/nginx. conf syntax is OK
Nginx: configuration file/usr/local/nginx/CONF/nginx. conf test is successful test by [[email protected] nginx-1.6.2] # chroot/nginx/usr/local/nginx/sbin/nginx
[[Email protected] nginx-1.6.2] # ps auxf | grep nginx
Root 8357 0.0 0.0 103240 856 pts/0 S + \ _ grep nginx
Root 8354 0.0 0.0 20212 604? Nginx: Master process/usr/local/nginx/sbin/nginx
Nginx 8355 0.0 0.1 20636 1200? S \ _ nginx: worker process now, the deployment is complete, then nginx runs in the/nginx directory, and the logs are generated in this directory. Note, the configuration file is in the/nginx/usr/local/nginx/CONF/directory # cd/nginx/usr/local/nginx/CONF/# vi nginx. conf
Restart command #/usr/sbin/chroot/nginx/usr/local/nginx/sbin/nginx-s reload

Enable nginx to run in chroot mode in centos

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.