Monday, April 24, 2006

 


OpenBSD 3.9, lighttpd, fastcgi and php in chroot


Openbsd is free, functional and secure. Logical, consistent. Things are done the right way or not at all. The documentation is superb. Although it has a non-deserved reputation to be difficult to install (likely meaning to double-boot), it actually is very easy, intuitive and ideal for beginners.

These are a couple of notes on how to use lighttpd with fcgi and php on OpenBSD 3.9 (which will be released on May, 1st). Buyers of CDs likely have their copy already.

Note that an awesome updated (by > 20K), chrooted version apache comes with OpenBSD. There are very good reasons to use the default server.
This write up is for those who for various other reasons (etc. no good reason, be different, small footprint, fast) like lighttpd.

Lighttpd runs php via fcgi. The php5 port and package does not come with cgi/fcgi, so we use a simple workaround.

>su
>'password'
#export PKG_PATH=ftp://mirror/pub/OpenBSD/3.9/packages/i386
#pkg_add lighttpd-1.4.10-mysql
#pkg_add php5-core
several dependencies added, we will need those for our built later
--> follow instructions
#cp /usr/local/share/examples/php5/php.ini-recommended /var/www/conf/php.ini
#phpxs -s (you might want to use apache at some point)
#pkg_add mysql-client
--> follow instructions
#phpxs -a mysql
#pkg_add fcgi


PHP built:
Note, that OpenBSD uses 5.0.5 for a number of reasons (see mailing lists). We will stick with that version.
First we delete the installed php5-core packages (we just installed it to get the dependencies easily)
#pkg_delete php5-core-5.0.5
#cd /home/USER
#wget mirror/php-5.0.5.tar.gz
#tar zxf php*gz
# cd php*

#
./configure --with-mysql=/usr/local/lib/mysql --enable-xml --enable-wddx --enable-cli --with-iconv=/usr/local/lib/ --with-gettext=/usr/local/lib/ --enable-dio --enable-bcmath --enable-session --enable-trans-sid --enable-calendar --enable-ctype --enable-ftp --with-pcre-regex --with-posix --enable-sockets --enable-sysvsem --enable-sysvshm --enable-yp --enable-exif --without-sqlite --enable-fastcgi --enable-force-cgi-redirect



# make
# make install
# /usr/local/bin/php -v
PHP 5.0.5 (cgi-fcgi) (built: Apr 24 2006 07:05:51)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.5, Copyright (c) 1998-2004 Zend Technologies

Configure lighttpd

#
mg /etc/lighttpd.conf

enable mod_rewrite mod_access mod_fastcig + whatever you need (mod_webdav)


server.document-root = "/htdocs/"

server.errorlog = "/logs/lighttpd.error.log

accesslog.filename = "/logs/lighttpd.access.log"

server.chroot = "/var/www/"

server.username = "www"

server.groupname = "www"

fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/local/bin/php"
)
)
)


# touch /var/www/logs/lighttpd.error.log
# touch /var/www/logs/lighttpd.access.log
# chown www:www /var/www/logs/lighttpd*


CHROOT

You obviously do that the same way as for chrooted apache
# ldd /usr/local/bin/php
#mkdir /var/www/usr /var/www/usr/lib /var/www/usr/local /var/www/usr/local/lib /var/www/usr/local/bin /var/www/usr/libexec/ /var/www/tmp


and then copy all the ldd stuff over, plus whatever else you need chrooted.


/etc/rc.conf.local
# Lighttpd Web Server
if [ -x /usr/local/sbin/lighttpd ] ; then
/usr/local/sbin/lighttpd -f /etc/lighttpd.conf
echo -n ' lighttpd'
fi


Comments








This page is powered by Blogger. Isn't yours?