让nginx在CentOS下以chroot的方式运行

实验环境为64位的CentOS6.4,nginx使用官方最新稳定版的,

下载源码包

# wget http://nginx.org/download/nginx-1.6.2.tar.gz

[[email protected] local]# tar zxvf nginx-1.6.2.tar.gz

隐藏nginx的真实版本,修改nginx显示版本及名称,

[[email protected] nginx-1.6.2]# vi /usr/local/nginx-1.6.2/src/core/nginx.h

#define NGINX_VERSION      "1.6.2"  /*版本号,自己改*/
#define NGINX_VER          "Your string here" /*显示版本时直接显示此字符串*/

增加用户
#groupadd nginx

#useradd -g nginx nginx

[[email protected] nginx-1.6.2]# cd /usr/local/nginx-1.6.2

[[email protected] nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_gzip_static_module --http-log-path=/var/log/nginx/access.log

#make

#make install

安装完成,测试是否能正常启动

# /usr/local/nginx/sbin/nginx

[[email protected] nginx-1.6.2]# ps auxf|grep nginx   //检查nginx是否正常启,也可以http://ip 访问确认,注意iptables也是打开了相关的端口
root 7740 0.0 0.0 103240 852 pts/0 S+ 16:28 0:00 \_ grep nginx 
root 7649 0.0 0.0 20212 604 ? Ss 16:26 0:00 nginx: master process /usr/local/nginx/sbin/nginx 
nginx 7650 0.0 0.1 20636 1476 ? S 16:26 0:00 \_ nginx: worker process

一切正常,下面开始实施chroot,

1、建立一个chroot运行牢笼(Jail)根目录,比如/nginx

#D=/nginx

#mkdir -p $D

2、建立一个独立的运行环境,nginx将被限制在这环境下运行

mkdir -p $D/etc

mkdir -p $D/dev

mkdir -p $D/var

mkdir -p $D/usr

mkdir -p $D/usr/local/nginx

mkdir -p $D/tmp

chmod 1777 $D/tmp

mkdir -p $D/var/tmp

chmod 1777 $D/var/tmp

mkdir -p $D/lib64

3、还有些特殊设备需要创建,否则可能出错

# ls -l /dev/{null,random,urandom}

[[email protected] nginx-1.6.2]# ls -l /dev/{null,random,urandom} 
crw-rw-rw-. 1 root root 1, 3 9月 13 2013 /dev/null 
crw-rw-rw-. 1 root root 1, 8 9月 13 2013 /dev/random 
crw-rw-rw-. 1 root root 1, 9 9月 13 2013 /dev/urandom

#/bin/mknod -m 0666 $D/dev/null c 1 3

#/bin/mknod -m 0666 $D/dev/random c 1 8

#/bin/mknod -m 0444 $D/dev/urandom c 1 9

4、将/urs/local/nginx目录里所有的文件复制到$D/usr/local/nginx目录去

# /bin/cp -farv /usr/local/nginx/* $D/usr/local/nginx

5、因为要启动
$D/usr/local/nginx/sbin/nginx,涉及一些库,
相应地,复制相关的库到Jail对应目录去,使用下面的命令查看关联的库

# ldd /usr/local/nginx/sbin/nginx

linux-vdso.so.1 => (0x00007fff225ff000)   //这个不用复制

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb450acf000)

libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb450898000)

libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fb45066b000)

libz.so.1 => /lib64/libz.so.1 (0x00007fb450455000)

libc.so.6 => /lib64/libc.so.6 (0x00007fb4500c2000)

/lib64/ld-linux-x86-64.so.2 (0x00007fb450cf5000)

libfreebl3.so => /lib64/libfreebl3.so (0x00007fb44fe5f000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007fb44fc5b000)

6、把上面关联的复制到相应目录里去

[
[email protected]
 nginx-1.6.2]# cp /lib64/libpthread.so.0 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# cp /lib64/libcrypt.so.1 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# cp /lib64/libpcre.so.0 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# cp /lib64/libz.so.1 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# cp /lib64/libc.so.6 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# cp /lib64/ld-linux-x86-64.so.2 /nginx/lib64/

cp /lib64/libfreebl3.so /nginx/lib64/

cp /lib64/libdl.so.2 /nginx/lib64/

7、复制/etc 到/nginx目录去,不同系统可能有不同目录,如果下面某目录不存在的话,会有相应的报错,但不会影响

cp -fv /etc/{group,prelink.cache,services,adjtime,shells,gshadow,shadow,hosts.deny,localtime,nsswitch.conf,nscd.conf,prelink.conf,protocols,hosts,passwd,ld.so.cache,ld.so.conf,resolv.conf,host.conf} $D/etc

cp -avr /etc/{ld.so.conf.d,prelink.conf.d} $D/etc

8、启动nginx,

pkill -9 nginx

[
[email protected]
 nginx-1.6.2]# /usr/sbin/chroot /nginx /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: [emerg] getpwnam("nginx") failed

nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

上面的报错是由于还缺少一些库,需要把这些库复制到/nginx/lib64目录下,
通过以下命令strace,发现还有库没有复制过来

# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t

# more /tmp/nginx.strace

8221 open("
/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 open("/lib64/tls/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/lib64/tls/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/lib64/tls", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/lib64/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/lib64/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

8221 open("/usr/lib64/tls/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/usr/lib64/tls/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/usr/lib64/tls/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/usr/lib64/tls", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/usr/lib64/x86_64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/usr/lib64/x86_64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 open("/usr/lib64/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

8221 stat("/usr/lib64", 0x7fffa8e430a0) = -1 ENOENT (No such file or directory)

8221 munmap(0x7f6818e0d000, 29430) = 0

8221 write(3, "2014/10/24 17:49:34 [emerg] 8221"..., 99) = 99

8221 write(2, "nginx: [emerg] getpwnam(\"nginx\")"..., 78) = 78

8221 close(4) = 0

8221 write(2, "nginx: configuration file /usr/l"..., 71) = 71

8221 exit_group(1) = ?

[
[email protected]
 nginx-1.6.2]# cp /lib64/libnss_files.so.2 /nginx/lib64/

[
[email protected]
 nginx-1.6.2]# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: [emerg] open() "
/var/log/nginx/access.log" failed (2: No such file or directory)

nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

很明显,这次报错是没有/var/log/nginx/access.log,检查一下,发现没有这个/nginx/var/log目录

[
[email protected]
 nginx-1.6.2]# mkdir -p /nginx/var/log/nginx

[
[email protected]
 nginx-1.6.2]# chmod 777 /nginx/var/log/nginx/

[
[email protected]
 nginx-1.6.2]# strace -f -o /tmp/nginx.strace chroot /nginx /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

测试通过

[
[email protected]
 nginx-1.6.2]# chroot /nginx /usr/local/nginx/sbin/nginx

[
[email protected]
 nginx-1.6.2]# ps auxf|grep nginx

root 8357 0.0 0.0 103240 856 pts/0 S+ 18:04 0:00 \_ grep nginx

root 8354 0.0 0.0 20212 604 ? Ss 18:04 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 8355 0.0 0.1 20636 1200 ? S 18:04 0:00 \_ nginx: worker process

至此,部署完成,这时,nginx 便在/nginx这个目录下运行了,而日志这些文件都在这个目录下生成,注意,这时的配置文件在这/nginx/usr/local/nginx/conf/目录了

# cd /nginx/usr/local/nginx/conf/

# vi nginx.conf

重启命令

# /usr/sbin/chroot /nginx /usr/local/nginx/sbin/nginx -s reload

时间: 2024-10-13 23:42:44

让nginx在CentOS下以chroot的方式运行的相关文章

centos下搭建.NET Core项目运行环境

centos下搭建.NET Core项目运行环境:https://github.com/Somnus/somnus.github.io/blob/master/doc/code/centos%E4%B8%8B%E6%90%AD%E5%BB%BA.NET%20Core%E9%A1%B9%E7%9B%AE%E8%BF%90%E8%A1%8C%E7%8E%AF%E5%A2%83.md#%E7%99%BB%E5%BD%95%E6%95%B0%E6%8D%AE%E5%BA%93 原文地址:https://

nginx在centos下的安装

第一步:打开浏览器下载,再上传到centOS系统中 http://nginx.org/download/ 或者在 centOS系统输入: wget http://nginx.org/download/nginx-1.9.9.tar.gz 第二步:解压 tar -xvf nginx-1.9.9.tar.gz 第三步:配置 cd nginx-1.9.9 ./configure --with-stream --with-http_stub_status_module --with-http_ssl_m

nginx在CentOs下的安装及配置

前言: 先介绍一下nginx: Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行.其特点是占有内存少,并发能力强,事实上nginx的并发能力确实在同类型的网页服务器中表现较好. 下面介绍具体的安装细节: 1.在安装nginx之前要安装好依赖和软件工具包:(如果系统存在工具包可忽略此步骤,可在命令行下输入命令测试命令是否可用) (1)安装make: # yum -y install gcc automake au

Nginx在CentOS上进行安装

Nginx在CentOS下进行安装的一些总结,从官网先将源码包wget到服务器,通过一些nginx的配置.编译,最后进行服务的注册,将脚本放入/etc/init.d,可以使用System V,service指令来控制nginx. 下载源码包 到nginx官网进行下载,可以直接在服务器上wget拉取,http://nginx.org/en/download.html,选择Stable version的版本 先决条件 nginx的编译需要几个先决条件,GCC, PCRE, zlib, OpenSSL

CentOS下搭建Nginx+PHP+MYSQL环境

之前弄了个云主机玩,装了个CentOS,然后搭建了一个Nginx+PHP+MYSQL的环境,按照网上的各种教程安装下来还是遇到了一下小问题,于是我对安装过程做了下整理,然后记录成本文. 1.安装CentOS 这个嘛,我选的这个IDC提供了几种操作系统选择,其中就有CentOS,云主机后台点几下鼠标就OK了,然后SSH连接上去进行其他软件的安装. 2.安装所需的库文件和编译环境 yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel li

Centos下nginx支持https协议

1.首先配置nginx及其他插件,这个Google下,很多配置方案. 2.配置服务器的证书.操作步骤如下: [[email protected] ~]# cd /etc/pki/tls/certs [[email protected] certs]# make server.key umask 77 ; /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modul

CentOS 下安装 LEMP 服务(nginx、MariaDB/MySQL 和 php)

转载自:https://linux.cn/article-4314-1.html 编译自:http://xmodulo.com/install-lemp-stack-centos.html 作者: Dan Nanni 原创:LCTT https://linux.cn/article-4314-1.html 译者: runningwater 本文地址:https://linux.cn/article-4314-1.html LEMP 组合包是一款日益流行的网站服务组合软件包,在许多生产环境中的核心

centos 下yum 安装nginx

centos 下yum 安装nginx 1. 直接yum install nginx不行,要先处理下源: rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm 2. 查看源: yum info nginx 这时会提示有可安装的软件包 nginx | 2.9 kB 00:00nginx/primary_db | 15 kB 00:00可安装的软件包Nam

图文:CentOS 下对 Nginx + Tomcat 配置 SSL 实现服务器 / 客户端双向认证

1. 安装 nginx 1.1 nginx 包及其依赖包下载 出于模块的依赖性,Nginx 依赖以下三个包: gzip 模块需要 zlib 库(http://www.zlib.net/): rewrite 模块需要 pcre 库(http://www.pcre.org/): ssl 功能需要 openssl 库(http://www.openssl.org/): 分别下载它们的最新稳定版(截至本文最新稳定版分别是 zlib-1.2.8.tar.gz.pcre-8.36.tar.gz.openss