Moin, habe versucht Nginx in einem Chroot aufzusetzen (
Installation_in_a_chroot) und erhalte Fehlermeldungen aus denen ich nicht schlau werde (habe zuvor auch noch nicht wirklich viel mit Nginx gemacht). Wenn ich den Service mit Systemd starten will erhalte ich direkt eine Absturzmeldung:
# systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
Oder genauer:
# journalctl -u nginx
Dez 13 14:23:32 belial systemd[1]: Starting A high performance web server and a reverse proxy server...
Dez 13 14:23:32 belial systemd[1]: nginx.service: Control process exited, code=exited status=1
Dez 13 14:23:32 belial systemd[1]: nginx.service: Failed with result 'exit-code'.
Dez 13 14:23:32 belial chroot[3833]: 2017/12/13 14:23:32 [warn] 3833#3833: could not build optimal types_hash, you should increase either types_hash_max_size:
Dez 13 14:23:32 belial chroot[3833]: nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
Dez 13 14:23:32 belial chroot[3833]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dez 13 14:23:32 belial systemd[1]: Failed to start A high performance web server and a reverse proxy server.
An das hier habe ich natürlich gedacht:
If your server will bind port 80 (or any other port in range [1-1023]), give the chrooted executable permission to bind these ports without root.
# setcap 'cap_net_bind_service=+ep' $JAIL/usr/bin/nginx
Auch bei der Syntaxcheck der Konfig sagt er mir erst, die Syntax sei okay, doch dann scheitert die Überprüfung an einer Datei, die zwar angeblich nicht existiert, tatsächlich aber an ihrem Platz ist und auch dem http-User gehört.
# $JAIL/usr/bin/nginx -t -c $JAIL/etc/nginx/nginx.conf
2017/12/13 14:15:53 [warn] 3669#3669: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
nginx: the configuration file /srv/http/etc/nginx/nginx.conf syntax is ok
2017/12/13 14:15:53 [emerg] 3669#3669: mkdir() "/var/lib/nginx/client-body" failed (2: No such file or directory)
nginx: configuration file /srv/http/etc/nginx/nginx.conf test failed
Hier die nginx.conf:
# cat $JAIL/etc/nginx/nginx.conf
#user html;
worker_processes 1;
error_log /var/log/error.log;
error_log /var/log/error.log notice;
error_log /var/log/error.log info;
#pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Und die Dateien im "Jail":
# tree -pufid $JAIL
/srv/http
[d--x--x--x root ] /srv/http/dev
[d--x--x--x root ] /srv/http/etc
[drwxr-x--- http ] /srv/http/etc/nginx
[drwxr-x--- http ] /srv/http/etc/nginx/logs
[lrwxrwxrwx root ] /srv/http/lib -> usr/lib
[lrwxrwxrwx root ] /srv/http/lib64 -> usr/lib
[drwxrwxrwt root ] /srv/http/run
[drwxrwxrwt root ] /srv/http/tmp
[d--x--x--x root ] /srv/http/usr
[d--x--x--x root ] /srv/http/usr/bin
[d--x--x--x root ] /srv/http/usr/lib
[lrwxrwxrwx root ] /srv/http/usr/lib64 -> lib
[d--x--x--x root ] /srv/http/usr/share
[d--x--x--x root ] /srv/http/usr/share/nginx
[d--x--x--x root ] /srv/http/usr/share/nginx/html
[d--x--x--x root ] /srv/http/var
[d--x--x--x root ] /srv/http/var/lib
[drwxr-x--- http ] /srv/http/var/lib/nginx
[drwx------ http ] /srv/http/var/lib/nginx/client-body
[drwx------ http ] /srv/http/var/lib/nginx/fastcgi
[drwxr-x--- http ] /srv/http/var/lib/nginx/nginx
[drwx------ http ] /srv/http/var/lib/nginx/nginx/proxy
[drwx------ http ] /srv/http/var/lib/nginx/proxy
[drwx------ http ] /srv/http/var/lib/nginx/scgi
[drwx------ http ] /srv/http/var/lib/nginx/uwsgi
[d--x--x--x root ] /srv/http/var/log
[drwxr-x--- http ] /srv/http/var/log/nginx
[drwxr-x--- http ] /srv/http/www
[drwxr-x--- http ] /srv/http/www/cgi-bin
Wäre nett wenn mir jemand weiter helfen könnte. Danke schonmal im Voraus.