Reputation: 53
DNS resolution error under php-fpm chroot
After days of intensive search to solve my problem, I couldn't get anything that worked, so here it is.
I‘m running a chrooted php with FastCGI and php-fpm (under Ubuntu 16.04 with php7), which works well, however I get the expected DNS resolution problem, for example when trying to file_get_content : file_get_contents(): php_network_getaddresses: getaddrinfo failed.
I looked online quite a bit and here's what i've already tried (without success) :
- I used the methods described here, and also tried to adapt this tutorial in order to copy all the libraries used by php, and of course copied hosts and resolv files
- I also tried to use nscd to link hosts file inside and outside the chroot by mounting it inside the chroot at /var/run/nscd
- I also got some SSL issues, so I downloaded this certificate and put it where the default php-curl certificate was probably missing (found after
openssl_get_cert_locations():["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem)
edit: This doesn't seem to do much as phpinfo() returns no value for the certs files (see), so maybe I should tweak a bit openssl config file but I really don't know what to look for.
Using debootstrap (or other programs like this) is not an option for me, because it creates a too large chroot, and I'm willing to keep it lightweight and fast to create as I could have many chroots running on one machine.
Plus, here are my config files, however I doubt the problem to be here because most php functions work well under chroot :
Default php-fpm pool:
[${username}]
user = ${username}
group = www-data
listen = /run/php/php7.0-fpm.${username}.sock
listen.owner = ${username}
listen.group = www-data
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s
pm.max_requests = 250
chroot = /var/www/${username}
chdir = /
Default apache virtualhost file :
<VirtualHost *:80>
ServerName www.${domain}
ServerAlias ${domain}
ServerAdmin webmaster@${domain}
DocumentRoot /var/www/${username}/var/www/${username}
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-${username} .php
Action php7-fcgi-${username} /php7-fcgi-${username} virtual
Alias /php7-fcgi-${username} /usr/lib/cgi-bin/php7-fcgi-${username}
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-${username} -socket /var/run/php/php7.0-fpm.${username}.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
</VirtualHost>
Thanks !
Upvotes: 1
Views: 1273
Answers (1)
Reputation: 3253
Under Ubuntu 16.04, you need at least these files in your chroot:
etc/resolv.conf
lib/libnss_dns.so.2
You can hardlink to prevent using extra disk space (only works when the chroot is on the same partition as /lib):
ln --logical /lib/x86_64-linux-gnu/libnss_dns.so.2 /chroot/lib
If it still fails (future Ubuntu?) you can debug the issue by running strace -e file -fp $(pgrep fpm)
Upvotes: 3
Related Questions
- DNS not working in PHP (but does in general)
- Chrooted PHP-FPM script cannot resolve DNS after a moment
- php-fpm and dns not work well randomly
- Can't resolve domain names in php under apache
- CentOS 7, php script via apache doesn't resolve host names. If I use ip directly it works
- Apache + PHP-FPM + chroot results “File not found.” error
- DNS lookup failed with wamp server
- Apache 2.4.10 + mod_proxy_fcgi + PHP-FPM with CHROOT => 404 Error
- PHP-FPM and CHROOT
- Exec with PHP-FPM on nginx (under chroot) returns nothing