讓nginx在CentOS下以chroot的方式運行

最後更新：2014-10-24 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

標籤：style http color io os ar 使用 strong sp

實驗環境為64位的CentOS6.4，nginx使用官方最新穩定版的，

下載源碼包

# wget http://nginx.org/download/nginx-1.6.2.tar.gz

[[email protected] local]# tar zxvf nginx-1.6.2.tar.gz

隱藏nginx的真實版本，修改nginx顯示版本及名稱,

[[email protected] nginx-1.6.2]# vi /usr/local/nginx-1.6.2/src/core/nginx.h

#define NGINX_VERSION      "1.6.2"  /*版本號碼,自己改*/#define NGINX_VER          "Your string here" /*顯示版本時直接顯示此字串*/

增加使用者
#groupadd nginx #useradd -g nginx nginx [[email protected] nginx-1.6.2]# cd /usr/local/nginx-1.6.2
[[email protected] nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_gzip_static_module --http-log-path=/var/log/nginx/access.log
#make

#make install

安裝完成，測試是否能正常啟動

# /usr/local/nginx/sbin/nginx [[email protected] nginx-1.6.2]# ps auxf|grep nginx //檢查nginx是否正常啟，也可以http://ip 訪問確認，注意iptables也是開啟了相關的連接埠
root 7740 0.0 0.0 103240 852 pts/0 S+ 16:28 0:00 \_ grep nginx
root 7649 0.0 0.0 20212 604 ? Ss 16:26 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 7650 0.0 0.1 20636 1476 ? S 16:26 0:00 \_ nginx: worker process

一切正常，下面開始實施chroot, 1、建立一個chroot運行牢籠(Jail)根目錄，比如/nginx #D=/nginx #mkdir -p $D 2、建立一個獨立的運行環境，nginx將被限制在這環境下運行 mkdir -p $D/etc mkdir -p $D/dev mkdir -p $D/var mkdir -p $D/usr mkdir -p $D/usr/local/nginx mkdir -p $D/tmp chmod 1777 $D/tmp mkdir -p $D/var/tmp chmod 1777 $D/var/tmp mkdir -p $D/lib64 3、還有些特殊裝置需要建立，否則可能出錯 # ls -l /dev/{null,random,urandom} [[email protected] nginx-1.6.2]# ls -l /dev/{null,random,urandom}
crw-rw-rw-. 1 root root 1, 3 9月 13 2013 /dev/null
crw-rw-rw-. 1 root root 1, 8 9月 13 2013 /dev/random
crw-rw-rw-. 1 root root 1, 9 9月 13 2013 /dev/urandom
#/bin/mknod -m 0666 $D/dev/null c 1 3 #/bin/mknod -m 0666 $D/dev/random c 1 8 #/bin/mknod -m 0444 $D/dev/urandom c 1 9
4、將/urs/local/nginx目錄裡所有的檔案複製到$D/usr/local/nginx目錄去 # /bin/cp -farv /usr/local/nginx/* $D/usr/local/nginx
5、因為要啟動 $D/usr/local/nginx/sbin/nginx,涉及一些庫，相應地，複製相關的庫到Jail對應目錄去，使用下面的命令查看關聯的庫 # ldd /usr/local/nginx/sbin/nginx
linux-vdso.so.1 => (0x00007fff225ff000) //這個不用複製
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb450acf000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb450898000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fb45066b000)
libz.so.1 => /lib64/libz.so.1 (0x00007fb450455000)
libc.so.6 => /lib64/libc.so.6 (0x00007fb4500c2000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb450cf5000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007fb44fe5f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fb44fc5b000) 6、把上面關聯的複製到相應目錄裡去 [ [email protected] nginx-1.6.2]# cp /lib64/libpthread.so.0 /nginx/lib64/
[ [email protected] nginx-1.6.2]# cp /lib64/libcrypt.so.1 /nginx/lib64/
[ [email protected] nginx-1.6.2]# cp /lib64/libpcre.so.0 /nginx/lib64/
[ [email protected] nginx-1.6.2]# cp /lib64/libz.so.1 /nginx/lib64/
[ [email protected] nginx-1.6.2]# cp /lib64/libc.so.6 /nginx/lib64/
[ [email protected] nginx-1.6.2]# cp /lib64/ld-linux-x86-64.so.2 /nginx/lib64/ cp /lib64/libfreebl3.so /nginx/lib64/ cp /lib64/libdl.so.2 /nginx/lib64/
7、複製/etc 到/nginx目錄去，不同系統可能有不同目錄，如果下面某目錄不存在的話，會有相應的報錯，但不會影響 cp -fv /etc/{group,prelink.cache,services,adjtime,shells,gshadow,shadow,hosts.deny,localtime,nsswitch.conf,nscd.conf,prelink.conf,protocols,hosts,passwd,ld.so.cache,ld.so.conf,resolv.conf,host.conf} $D/etc cp -avr /etc/{ld.so.conf.d,prelink.conf.d} $D/etc
8、啟動nginx， pkill -9 nginx [ [email protected] nginx-1.6.2]# /usr/sbin/chroot /nginx /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: [emerg] getpwnam("nginx") failed
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
上面的報錯是由於還缺少一些庫，需要把這些庫複製到/nginx/lib64目錄下，通過以下命令strace，發現還有庫沒有複製過來
# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t # more /tmp/nginx.strace 8221 open(" /lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 open("/lib64/tls/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/lib64/tls/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/lib64/tls", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/lib64/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/lib64/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
8221 open("/usr/lib64/tls/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/usr/lib64/tls/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/usr/lib64/tls", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/usr/lib64/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/usr/lib64/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
8221 stat("/usr/lib64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)
8221 munmap(0x7f6818e0d000, 29430) = 0
8221 write(3, "2014/10/24 17:49:34 [emerg] 8221"..., 99) = 99
8221 write(2, "nginx: [emerg] getpwnam(\"nginx\")"..., 78) = 78
8221 close(4) = 0
8221 write(2, "nginx: configuration file /usr/l"..., 71) = 71
8221 exit_group(1) = ?

[ [email protected] nginx-1.6.2]# cp /lib64/libnss_files.so.2 /nginx/lib64/
[ [email protected] nginx-1.6.2]# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: [emerg] open() " /var/log/nginx/access.log" failed (2: No such file or directory)
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed 很明顯，這次報錯是沒有/var/log/nginx/access.log,檢查一下，發現沒有這個/nginx/var/log目錄 [ [email protected] nginx-1.6.2]# mkdir -p /nginx/var/log/nginx
[ [email protected] nginx-1.6.2]# chmod 777 /nginx/var/log/nginx/
[ [email protected] nginx-1.6.2]# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 測試通過 [ [email protected] nginx-1.6.2]# chroot /nginx /usr/local/nginx/sbin/nginx
[ [email protected] nginx-1.6.2]# ps auxf|grep nginx
root 8357 0.0 0.0 103240 856 pts/0 S+ 18:04 0:00 \_ grep nginx
root 8354 0.0 0.0 20212 604 ? Ss 18:04 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 8355 0.0 0.1 20636 1200 ? S 18:04 0:00 \_ nginx: worker process 至此，部署完成，這時，nginx 便在/nginx這個目錄下運行了，而日誌這些檔案都在這個目錄下產生，注意，這時的設定檔在這/nginx/usr/local/nginx/conf/目錄了 # cd /nginx/usr/local/nginx/conf/ # vi nginx.conf
重啟命令 # /usr/sbin/chroot /nginx /usr/local/nginx/sbin/nginx -s reload

讓nginx在CentOS下以chroot的方式運行

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More