CentOS / Redhat Enterprise Linux Setup Lighttpd in Chroot Jail

Many people asked me to write about setting up Lighttpd under CentOS or RHEL 5 Linux using chroot() call. The instructions are almost same but you need to make little modification as compare to Debian / Ubuntu Linux instructions.

For example purpose we will build jail at /webroot location.
=> Default document root : /home/lighttpd/default/
=> Port : 80
=> IP: Your Public IP address
=> Virtual domain1: /home/lighttpd/vdomain1.com/
=> Virtual domain1 access log file: /var/log/lighttpd/vomain1.com/
=> Default access log file:/var/log/lighttpd/access.log
=> Default error log file:/var/log/lighttpd/error.log
=> Default php error log file: /var/log/lighttpd/php.log


These installation instructions assume you have:

  • Linux distribution
  • Required RPMs (see below for installation instructions)
    • php, php-pear, php-common, php-pdo, php-ldap, php-gd, php-cli, php-mysql
    • mysql, mysql-server etc
    • lighttpd, lighttpd-fastcgi (rpm available here)
  • Installations were tested on Red Hat Enterprise Linux v4/5 or CentOS v4/5 or Fedora Linux 7

Step # 1: Install required packages

Install php and related packages:
# yum install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql
Install mysql and related packages:
# yum install mysql mysql-server
Install lighttpd and mod_fastcgi for lighttpd:
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-1.4.18-1.el5.rf.i386.rpm
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-fastcgi-1.4.18-1.el5.rf.i386.rpm

Step # 2: Create /webroot and related directories

# mkdir /webroot
# cd /webroot
# mkdir etc
# mkdir tmp
# chmod 1777 tmp/
# mkdir -p usr/bin
# mkdir -p home/lighttpd/default
# mkdir -p var/run/lighttpd
# mkdir -p var/log/lighttpd
# chown lighttpd:lighttpd var/run/lighttpd/
# chown lighttpd:lighttpd var/log/lighttpd/
# chown -R lighttpd:lighttpd home/

Step # 3: Install chroot script

You need to download and install my script that will help you to build lighttpd in jail:
# cd /sbin/
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot

Step # 4: Install php in jail

Now copy php-cgi binary and related shared libraries using l2chroot script:
# cd /webroot/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi

Step # 5: Copy required files to /etc

Now you must copy php.ini and related all files to /etc/
# cd /webroot/etc
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/nsswitch.conf .
# cp /etc/resolv.conf .
# cp /etc/php.ini .
# cp -avr /etc/php.d/ .
# cp -avr /etc/ld* .

Update (Oct-1-2008, 1:52pm) : You need to copy entire /etc/ and /usr/share/zoneinfo files to work with latest php version:
# cd /webroot/etc
# /bin/cp -avr /etc/* .

Copy all files from /usr/share/zoneinfo/:
# mkdir -p /webroot/usr/share/
# cd /webroot/usr/share/
# cp -avr /usr/share/zoneinfo/ .

Open group and passwd file and only keep entries for root and lighttpd user:
# vi /webroot/etc/group
Make sure file look as follows:

Also open passwd file inside jail:
# vi /webroot/etc/passwd
Make sure file look as follows:
lighttpd:x:100:101:lighttpd web server:/srv/www/lighttpd:/sbin/nologin

Step # 5: Copy php modules

Now copy php mysql support, php gd and other all modules:
# cd /webroot/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done

Step # 6: Configure lighttpd chroot call

Open /etc/lighttpd/lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Setup default document root and chroot directory:
server.document-root = "/home/lighttpd/default/"

Save and close the file.

Step # 7: Restart lighttpd

Type the following command:
# /etc/init.d/lighttpd restart

Jail size

# du -ch /webroot/

12K     /webroot/var/log/lighttpd
16K     /webroot/var/log
4.0K    /webroot/var/run/lighttpd
8.0K    /webroot/var/run
28K     /webroot/var
8.0K    /webroot/etc/ld.so.conf.d
36K     /webroot/etc/php.d
160K    /webroot/etc
8.0K    /webroot/home/lighttpd/default
12K     /webroot/home/lighttpd
16K     /webroot/home
5.3M    /webroot/lib
4.0K    /webroot/tmp
872K    /webroot/usr/lib/sse2
1.4M    /webroot/usr/lib/mysql
676K    /webroot/usr/lib/php/modules
4.0K    /webroot/usr/lib/php/pear
684K    /webroot/usr/lib/php
9.9M    /webroot/usr/lib
2.9M    /webroot/usr/bin
13M     /webroot/usr
19M     /webroot/
19M     total


Always go thought /var/log/messages and server log files:
# tail -f /var/log/messages

Download mysql testing script

Copy and test php mysql connectivity with this script.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 10 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
10 comments… add one
  • Arnaud D Dec 3, 2007 @ 13:32

    Hmm do I have to copy my website files from the old /var/www/docroot to the new /chroot/var/www/docroot

    ? If I let my files to the /var/www/docroot i get 404, if I move them to /chroot/var/www/docroot, lighttpd displays “No input files specified” and if I place them to both location in same time looks like working :/ crazy problem.

    And I have another behaviour, can’t stop services as explained here: http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html#comment-142040

  • Nitz Jul 21, 2008 @ 8:57

    error message Starting lighttpd: 2008-07-21 08:51:44: (configfile.c.1136) base-docroot doesn’t exist: /home/lighttpd/default/

    vi /etc/lighttpd/lighttpd.conf
    server.document-root = “/home/lighttpd/default/”

    needs to be;
    server.document-root = “home/lighttpd/default/”

  • MM Oct 2, 2008 @ 3:05

    I needed to copy the /lib/libnss_dns.so.2 to my chroot “/lib” directory becouse the php-cgi wasn’t able to resolve names in fsockopen/fopen/etc.

    (php_network_getaddresses: getaddrinfo failed)


    []s, MM

  • alex Jun 15, 2009 @ 11:25

    Hey, you’ve missed the “how to setup mysql” instructions, and mysql wont work…

  • 🐧 nixCraft Jun 15, 2009 @ 13:15

    @ alex

    No, I don’t. yum command is used to install mysql-server. However, customization setting up mysql root password, database, accounts is not covered as those are site specific config options.

  • Alexandre Haguiar Jun 28, 2009 @ 13:20

    If you are using lua and mod_magnet you have to follow this step:

    # cd /webroot/usr/bin
    # cp /usr/bin/lua .
    # l2chroot lua

  • Steve Zip Feb 21, 2010 @ 6:48

    Starting lighttpd: 2010-02-21 01:36:28: (configfile.c.1178) base-docroot doesn’t exist: /webroot/home/lighttpd/default/
    2010-02-21 01:36:28: (server.c.584) setting default values failed

    Followed the tutorial to the T, and I don’t see where this directory is created. I tried to create this directory myself:

    mkdir /webroot/home/lighttpd/default
    mkdir: cannot create directory `/webroot/home/lighttpd/default’: File exists

    So does this directory exist or what? If it exists, than what’s the problem with lighttpd?

  • James Shailes Mar 18, 2010 @ 23:14

    Same problem as Steve, I’ll keep you posted if I find a fix.

  • Miki Nov 21, 2010 @ 13:28

    Step # 4: Install php in jail

    I’m getting an error “cannot stat `/lib64/libsepol.so.1)’: No such file or directory”
    and file is there.

  • Ali Aghabagheri Nov 24, 2011 @ 13:35


    thanks. the jail works perfectly. php pages communicates successfully with mysql server. But just phpmyadmin loads a white page.

    My issue is phpmyadmin that doesn’t work in the jail.
    I don’t know why?. I debug it with strace and copied all of the required libraries to the jail.
    please give me a clue?

    My test environment is as follows:
    CentOs -latest version
    httpd- latest version
    mysql- latest version
    php- latest version
    phpmyadmin- latest version

    Ali Aghabagheri

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum