Monday, April 24, 2006
OpenBSD 3.9, lighttpd, fastcgi and php in chroot
Openbsd is free, functional and secure. Logical, consistent. Things are done the right way or not at all. The documentation is superb. Although it has a non-deserved reputation to be difficult to install (likely meaning to double-boot), it actually is very easy, intuitive and ideal for beginners.
These are a couple of notes on how to use lighttpd with fcgi and php on OpenBSD 3.9 (which will be released on May, 1st). Buyers of CDs likely have their copy already.
Note that an awesome updated (by > 20K), chrooted version apache comes with OpenBSD. There are very good reasons to use the default server.
This write up is for those who for various other reasons (etc. no good reason, be different, small footprint, fast) like lighttpd.
Lighttpd runs php via fcgi. The php5 port and package does not come with cgi/fcgi, so we use a simple workaround.
several dependencies added, we will need those for our built later
--> follow instructions
#cp /usr/local/share/examples/php5/php.ini-recommended /var/www/conf/php.ini
#phpxs -s (you might want to use apache at some point)
--> follow instructions
#phpxs -a mysql
Note, that OpenBSD uses 5.0.5 for a number of reasons (see mailing lists). We will stick with that version.
First we delete the installed php5-core packages (we just installed it to get the dependencies easily)
#tar zxf php*gz
# cd php*
|./configure --with-mysql=/usr/local/lib/mysql --enable-xml --enable-wddx --enable-cli --with-iconv=/usr/local/lib/ --with-gettext=/usr/local/lib/ --enable-dio --enable-bcmath --enable-session --enable-trans-sid --enable-calendar --enable-ctype --enable-ftp --with-pcre-regex --with-posix --enable-sockets --enable-sysvsem --enable-sysvshm --enable-yp --enable-exif --without-sqlite --enable-fastcgi --enable-force-cgi-redirect|
# make install
# /usr/local/bin/php -v
PHP 5.0.5 (cgi-fcgi) (built: Apr 24 2006 07:05:51)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.5, Copyright (c) 1998-2004 Zend Technologies
enable mod_rewrite mod_access mod_fastcig + whatever you need (mod_webdav)
server.document-root = "/htdocs/"
server.errorlog = "/logs/lighttpd.error.log
accesslog.filename = "/logs/lighttpd.access.log"
server.chroot = "/var/www/"
server.username = "www"
server.groupname = "www"
fastcgi.server = ( ".php" =>
( "localhost" =>
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/local/bin/php"
# touch /var/www/logs/lighttpd.access.log
# chown www:www /var/www/logs/lighttpd*
You obviously do that the same way as for chrooted apache
# ldd /usr/local/bin/php
#mkdir /var/www/usr /var/www/usr/lib /var/www/usr/local /var/www/usr/local/lib /var/www/usr/local/bin /var/www/usr/libexec/ /var/www/tmp
and then copy all the ldd stuff over, plus whatever else you need chrooted.
# Lighttpd Web Server
if [ -x /usr/local/sbin/lighttpd ] ; then
/usr/local/sbin/lighttpd -f /etc/lighttpd.conf
echo -n ' lighttpd'
- You are better off running the pre-configured apache.
- If you break stuff, it is not my prob. Don't go and complain here or on the lists.
- This worked for me.
- It works for ruby on rails as it is (just add an .fcgi part to lighttpd.conf)