Test and Troubleshoot Chrooted Apache Jail

by on December 22, 2008 · 0 comments· LAST UPDATED December 22, 2008

in , ,

This is 3rd and the final installment for Apache Chroot Jail for CentOS / RHEL series. Once Apache is configured with mod_chroot, you may need to test and debug problems. This article will provide a few troubleshooting tips.

Check Log Files

As always check Apache's error log files. In our case apache's error log located inside each domains' directory. For example in our sample setup error_log for nixcraft.com is located at /httpdjail/home/httpd/.nixcraft.com/logs/error_log. The relevant error should be logged to error_log. Use less or grep to view Apache error log files:
# tail -f /httpdjail/home/httpd/.nixcraft.com/logs/error_log
# grep error /httpdjail/home/httpd/.nixcraft.com/logs/error_log

Dealing with segmentation fault

If you are seeing any kind of segmentation fault, or any error that appears to be coming from Apache, try following troubleshooting guide

You can always run strace as follows:
# pgrep httpd
# strace -s 2000 -p {PID-of-HTTPD} -o /tmp/httpd

strace will write findings to /tmp/httpd.PID-of-HTTPD file. This provides lots of good information to get rid of problems.

Databases Configuration

Chrooted Apache cannot access MySQL database via a UNIX socket which is outside of your chroot jail. Configure MySQL to listen on 127.0.0.1 and update php / perl script to connect host 127.0.0.1.

PHP mail() function and sendmail not working

PHP needs a sendmail binary to send mail. You have few options here:

Use a class/function that knows how to send directly via SMTP. See how to send an email using PHP SMTP server. You also need to "Install PHP Pear Mail / SMTP package on CentOS / Red Hat Enterprise Linux" to use this option.

Alternatively, you can install mini_sendmail or sSMTP or nbsmtp. Put SMTP only binary inside your jail, and deliver mail via a smarthost.

Dealing with DNS lookups

You need to install a small caching server listening on 127.0.0.1 such as dnsmasq dns caching server.

Testing your setup scripts

Test php installtion inside your jail.

Test MySQL database connectivity using PHP inside your jail.

Test MySQL database connectivity using PERL inside your jail.

Patched /etc/init.d/httpd init script.

References:

  1. Apache project documentation.
  2. mod_chroot project.
  3. lighttpd - chroot jail setup.
  4. man pages httpd, httpd.conf, yum, strace, tail, and grep.
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 0 comments… add one now }

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , , , , , ,

Previous post:

Next post: