nginx-forum at nginx.us
Thu Jan 13 00:09:53 MSK 2011
> I have seemingly solved this issue. I failed to
> copy /lib/libnsl.so.1 into my chroot /lib folder
> but have added it and I can start nginx using the
> start-stop-daemon command with the --chroot flag;
> strace is a life-saver.
> In case anyone else goes down this road in the
> future, you can strace your start-stop-daemon call
> to a chrooted nginx as follows:
> # start-stop-daemon --start --pidfile $PIDFILE
> --exec $DAEMON --chroot $CHRDIR --startas
> /usr/bin/strace -- -f -o /tmp/$NAME.strace
> $DAEMON $ARGS
> $PIDFILE = path/to/nginx/pid
> $DAEMON = /usr/sbin/nginx
> $CHRDIR = /chroot/nginx (or your chroot dir)
> $NAME = nginx
> make sure you copy /usr/bin/strace into
> $CHRDIR/usr/bin/ else the above command will fail
> (don't forget to remove it after you've debugged
> strace will be output to $CHRDIR/tmp/$NAME.strace.
> This is how I was able to determine what libraries
> I needed.
Thanks for the tip! I too was having trouble with chroot'ing nginx on
Ubuntu Lucid 10.04 LTS, and that strace led me to the missing libs.
To make this easier, I wrote a script based on many tips from Vivek
Gite's blog, mainly this post:
http://www.cyberciti.biz/faq/howto-run-nginx-in-a-chroot-jail/ , and
I've released it on Github in hopes it will help others:
I've included the nginx init.d script updated to launch nginx chrooted.
It also creates a new, password-locked nginx user with the home
directory set to the chroot directory. I've only tested it with an
Ubuntu 64-bit minimal installation on my VPS, so feel free to comment or
submit patches on Github!
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,163489,165707#msg-165707
More information about the nginx