Loading ...CentOS / Redhat Enterprise Linux Setup Lighttpd in Chroot Jail
Many people asked me to write about setting up Lighttpd under CentOS or RHEL 5 Linux using chroot() call. The instructions are almost same but you need to make little modification as compare to Debian / Ubuntu Linux instructions.
For example purpose we will build jail at /webroot location.
=> Default document root : /home/lighttpd/default/
=> Port : 80
=> IP: Your Public IP address
=> Virtual domain1: /home/lighttpd/vdomain1.com/
=> Virtual domain1 access log file: /var/log/lighttpd/vomain1.com/
=> Default access log file:/var/log/lighttpd/access.log
=> Default error log file:/var/log/lighttpd/error.log
=> Default php error log file: /var/log/lighttpd/php.log
Assumptions
These installation instructions assume you have:
- Linux distribution
- Required RPMs (see below for installation instructions)
- php, php-pear, php-common, php-pdo, php-ldap, php-gd, php-cli, php-mysql
- mysql, mysql-server etc
- lighttpd, lighttpd-fastcgi (rpm available here)
- Installations were tested on Red Hat Enterprise Linux v4/5 or CentOS v4/5 or Fedora Linux 7
Step # 1: Install required packages
Install php and related packages:
# yum install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql
Install mysql and related packages:
# yum install mysql mysql-server
Install lighttpd and mod_fastcgi for lighttpd:
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-1.4.18-1.el5.rf.i386.rpm
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-fastcgi-1.4.18-1.el5.rf.i386.rpm
Step # 2: Create /webroot and related directories
# mkdir /webroot
# cd /webroot
# mkdir etc
# mkdir tmp
# chmod 1777 tmp/
# mkdir -p usr/bin
# mkdir -p home/lighttpd/default
# mkdir -p var/run/lighttpd
# mkdir -p var/log/lighttpd
# chown lighttpd:lighttpd var/run/lighttpd/
# chown lighttpd:lighttpd var/log/lighttpd/
# chown -R lighttpd:lighttpd home/
Step # 3: Install chroot script
You need to download and install my script that will help you to build lighttpd in jail:
# cd /sbin/
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot
Step # 4: Install php in jail
Now copy php-cgi binary and related shared libraries using l2chroot script:
# cd /webroot/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi
Step # 5: Copy required files to /etc
Now you must copy php.ini and related all files to /etc/
# cd /webroot/etc
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/nsswitch.conf .
# cp /etc/resolv.conf .
# cp /etc/php.ini .
# cp -avr /etc/php.d/ .
# cp -avr /etc/ld* .
Open group and passwd file and only keep entries for root and lighttpd user:
# vi /webroot/etc/group
Make sure file look as follows:
root:x:0:root
lighttpd:x:101:
Also open passwd file inside jail:
# vi /webroot/etc/passwd
Make sure file look as follows:
root:x:0:0:root:/root:/bin/bash
lighttpd:x:100:101:lighttpd web server:/srv/www/lighttpd:/sbin/nologin
Step # 5: Copy php modules
Now copy php mysql support, php gd and other all modules:
# cd /webroot/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done
Step # 6: Configure lighttpd chroot call
Open /etc/lighttpd/lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Setup default document root and chroot directory:
server.document-root = "/home/lighttpd/default/"
server.chroot="/webroot"
Save and close the file.
Step # 7: Restart lighttpd
Type the following command:
# /etc/init.d/lighttpd restart
Jail size
# du -ch /webroot/
Output:
12K /webroot/var/log/lighttpd 16K /webroot/var/log 4.0K /webroot/var/run/lighttpd 8.0K /webroot/var/run 28K /webroot/var 8.0K /webroot/etc/ld.so.conf.d 36K /webroot/etc/php.d 160K /webroot/etc 8.0K /webroot/home/lighttpd/default 12K /webroot/home/lighttpd 16K /webroot/home 5.3M /webroot/lib 4.0K /webroot/tmp 872K /webroot/usr/lib/sse2 1.4M /webroot/usr/lib/mysql 676K /webroot/usr/lib/php/modules 4.0K /webroot/usr/lib/php/pear 684K /webroot/usr/lib/php 9.9M /webroot/usr/lib 2.9M /webroot/usr/bin 13M /webroot/usr 19M /webroot/ 19M total
Troubleshooting
Always go thought /var/log/messages and server log files:
# tail -f /var/log/messages
Download mysql testing script
Copy and test php mysql connectivity with this script.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Lighttpd / Apache : Run Xcache in Chrooted Jail
- Lighttpd php segfault at 0000000000000040 rip 0000003e30228278 rsp 0000007fbffff708 error 4
- Ultimate Lighttpd webserver security
- Chroot in OpenSSH / SFTP Feature Added To OpenSSH
- Setup sendmail php mail() support for chrooted Lighttpd or Apache web server
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: centos linux, chown_command, chroot lighttpd, cp_command, fedora linux, install lighttpd, install mysql, install php, ldap php, lighttpd, pear php, php gd, php ldap, php pear, rhel 5, webroot, yum_command
Hmm do I have to copy my website files from the old /var/www/docroot to the new /chroot/var/www/docroot
? If I let my files to the /var/www/docroot i get 404, if I move them to /chroot/var/www/docroot, lighttpd displays “No input files specified” and if I place them to both location in same time looks like working :/ crazy problem.
And I have another behaviour, can’t stop services as explained here: http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html#comment-142040