Loading ...Install chrooted lighttpd under Ubuntu Linux 64 bit version
This is a common question and it is asked again and again:
How do you install & configure secure chrooted lighttpd under Ubuntu 64 bit version? I need to configure:
* PHP 5
* MySQL 5 Server via localhost (127.0.0.1) TCP/IP
* Lighttpd latest version
* Perl
* php mail() support
* etc
Following are instructions for php5, MySQL 5 database and latest lighttpd in chrooted jail under 64 bit Ubuntu Linux.
You will learn how to configure and install secure lighttpd server along with PHP5 and MySQL server version 5. Instruction mentioned below also work with 32 bit version. See original article for more information.
#1: Install lighttpd
# apt-get install lighttpd
#2: Install MySQL server 5
#apt-get install mysql-server
PHP will talk to mysql using TCP/IP socket. By default Ubuntu MySQL server is configured to accept connections from localhost 
#3: Install php5, php5 mysql, gd support
# apt-get install php5-cgi php5-mysql php5-gd php5
#4: Now create a chrooted enviorment in /webroot directory
# mkdir /webroot
# mkdir /webroot/tmp/
# chmod 1777 /webroot/tmp/
# mkdir /webroot/etc
#5: Copy files to /webroot /etc directory
Following file ensure that DNS name quires work from chrooted lighttpd server.
# cp /etc/hosts /webroot/etc/
# cp /etc/nsswitch.conf /webroot/etc/
# cp /etc/resolv.conf /webroot/etc/
# cp /etc/services /webroot/etc/
# cp /etc/localtime /webroot/etc/
#6: Create other directories
# mkdir -p /webroot/var/log/lighttpd
# chown www-data:www-data /webroot/var/log/lighttpd
# mkdir -p /webroot/var/tmp/lighttpd/cache/compress/
# chown www-data:www-data /webroot/var/tmp/lighttpd/cache/compress/
# mkdir -p /webroot/home/lighttpd
# mkdir -p /webroot/var/www
# chown www-data:www-data /webroot/home/lighttpd
# chown www-data:www-data /webroot/var/www
# chmod 0700 /webroot/home/lighttpd
# ls -dl /webroot/home/lighttpd
#7: Copy l2chroot script
Copy l2chroot script to bin directory. This script will install required shared libs in /webroot directory for php5-cgi executable and other shared libs:
# cd /bin
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot
#8: Install PHP in the jail
# mkdir -p /webroot/usr/bin
# cp /usr/bin/php5-cgi /webroot/usr/bin/
# cd /webroot/etc/
# cp -avr /etc/php5/ .
# /bin/l2chroot /usr/bin/php5-cgi
Copy linux 64 bit /lib64/ld* lib:
# mkdir /webroot/lib64
# cp /lib64/ld-linux-x86-64.so.2 /webroot/lib64
NOTE: If you are using 32 bit Ubuntu linux put ld libs in /lib directory:
# cp /lib/ld-linux-x86-64.so.2 /webroot/lib
#9: Copy and Install php5 mysql and gd support:
Find out php extension support directory name.
# dpkg -L php5-mysql
Output:
/. /usr /usr/lib /usr/lib/php5 /usr/lib/php5/20051025 /usr/lib/php5/20051025/mysql.so /usr/share /usr/share/doc /usr/share/doc/php5-mysql
Note down /usr/lib/php5/20051025 directory name and create the same in /webroot. Next copy gd.so and mysql.so/mysqli.so libs to /webroot/usr/lib/php5/20051025:
# mkdir -p /webroot/usr/lib/php5/20051025/
# cp /usr/lib/php5/20051025/mysql.so /webroot/usr/lib/php5/20051025
# cp /usr/lib/php5/20051025/mysqli.so /webroot/usr/lib/php5/20051025
# cp /usr/lib/php5/20051025/gd.so /webroot/usr/lib/php5/20051025
Install shared lib support in chrooted jail:
# /bin/l2chroot /usr/lib/php5/20051025/mysql.so
# /bin/l2chroot /usr/lib/php5/20051025/mysqli.so
# /bin/l2chroot /usr/lib/php5/20051025/gd.so
#10: Make sure fastcgi module is enabled
# lighty-enable-mod fastcgi
Open /etc/lighttpd/conf-enabled/10-fastcgi.conf file
# vi /etc/lighttpd/conf-enabled/10-fastcgi.conf
Set bin-path to PHP5 from PHP4:
"bin-path" => "/usr/bin/php5-cgi"
Save and close the file. Now open /etc/lighttpd/lighttpd.conf and setup chroot to /webroot directory:
server.chroot = "/webroot"
Save and close the file.
#11: Copy /lib64 and /usr/lib directories
This ensures that outgoing DNS quires or php XML support is loaded on fly i.e. it will copy required all shared directories:
# cp -avr /lib64/* /webroot/lib64/
# cp -avr /usr/lib/* /webroot/usr/lib/
If you are using 32 bit version:
# cp -avr /lib/* /webroot/lib/
# cp -avr /usr/lib/* /webroot/usr/lib/
#12: Restart lighttpd
And you are done! Just restart Lighttpd:
# /etc/init.d/lighttpd restart
# 13: Test jail setup
Create two test php files in /webroot/var/www directory:
=> db.php : Test MySQL database connectivity, make sure you modify this file for correct MySQL server hostname, username and password.
=> test.php : Test php via phpinfo()
# cd /webroot/var/www
# wget http://www.cyberciti.biz/files/lighttpd/db.php.txt
# wget http://www.cyberciti.biz/files/lighttpd/test.php.txt
# mv test.php.txt test.php
# mv db.php.txt db.php
Open db.php file:
# vi db.php
Set MySQL username and password:
$link = mysql_connect("127.0.0.1", "root", "SET-PASSWORD");
Save and close the file. Fire a web browser and type url http://yourdomain.com/test.php and http://yourdomain.com/db.php.
See all lighttpd related articles.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Download of the day: Lighttpd web server 1.4.17
- How to upgrade chrooted lighttpd web server
- FreeBSD Install Lighttpd Web Server
- How to upgrade lighttpd tar ball (source code) installation
- Setup sendmail php mail() support for chrooted Lighttpd or Apache web server
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Nice howto, thanks! My problem: lighttpd quits without leaving an entry in error.log when i try to execute a php file through the webserver. The bin path to php is set correctly. Any ideas?
Great guide, but I have a couple of small problems, that you may have a solution for…
1. Even though I have made a copy of hosts and resolv.conf to /webroot/etc/ I still cant use localhost to connect to the db. Works fine with 127.0.0.1, so its not really a big problem. And I have checked the hosts file, and localhost is in it.
2. I would like to install phpMyAdmin to manage the MySQL, but since I have never installed anything in a chroot jail before, I dont know how. I assume the apt-get install phpmyadmin will do me no good, since the web-server is not where it normally should be.
THX for the guide, tested on Ubuntu 7.10 (minimal) to be a complete no-brainer to follow. Just shut down your brain and copy-paste
> I would like to install phpMyAdmin to manage the MySQL, but since I have never installed anything in a chroot jail before, I dont know how.
install it under /webroot/var/www/phpmyadmin. Don’t forget to password protect phpmyadmin directory. If you are going to set large number of vhosts use /webroot/home/lighttpd/domain1.com /webroot/home/lighttpd/domain2.com directory structure.
THX for the reply vivek, it got me thinking that I could just install it with the package and the move it
I even got i connecting and all, but there is one problem. I get the error
Cannot load mcrypt check your PHP configuration
But, mcrypt is installed and i have moved all the files that i could find with mcrypt in their name, to the same locatio under /webroot, but with no effect. Anyone got a suggestion.
I am using the phpmyadmin so apperantly its not that bad, but it would be nice not to have errors in the setup
Hello everyone,
in the latest version of ubuntu (hardy) is an error before restarting lighttp (with the basic configuration):
2008-05-20 08:13:50: (server.c.908) Configuration of plugins failed. Going down.
2008-05-20 23:34:55: (log.c.75) server started
2008-05-20 23:34:55: (mod_compress.c.185) can't stat compress.cache-dir /var/cache/lighttpd/compress/ No such file or directory
To resolve simply run:
mkdir /webroot/var/cache/
mkdir /webroot/var/cache/lighttpd/
mkdir /webroot/var/cache/lighttpd/compress/
and then start lighttpd:
/etc/init.d/lighttpd start