To fix the issue of NGINX not serving files from /data/www due to the chroot environment on OpenBSD, you have a couple of options:
Option 1: Move the Document Root Inside the Chroot Directory
Move Your Web Content: Move your web content from /data/www to a directory inside the default chroot directory of NGINX, which is /var/www. For example, you could create a new directory /var/www/data-www and move your files there.
sh
Copy code
doas mkdir /var/www/data-www
doas cp -R /data/www/* /var/www/data-www/
Update NGINX Configuration: Update the root directive in your nginx.conf to point to the new location inside the chroot.
nginx
Copy code
server {
listen 80;
server_name aretha;
root /var/www/data-www;
}
Restart NGINX: Apply the changes by restarting NGINX.
sh
Copy code
doas rcctl restart nginx
Option 2: Modify the Chroot Location for NGINX (Advanced)
This approach involves changing the chroot environment for NGINX to include your desired document root. This method is more complex and can have security implications.
Adjust NGINX's Chroot in rc.d Script: Edit the NGINX service script in /etc/rc.d/nginx (or wherever OpenBSD places the rc scripts for services) to change the chroot directory. This might involve modifying a line that sets the chroot environment for NGINX, but be aware that this could potentially expose your system to greater security risks.
Ensure Required Files Are Accessible: Make sure all files needed by NGINX, including configuration files, log directories, and any libraries or binaries it depends on, are accessible within the new chroot path. You might need to copy or link these files into the new chroot environment.
Update NGINX Configuration: Ensure your nginx.conf file is updated and accessible within the new chroot location, and that it points to the correct root directory.
Restart NGINX: Apply the changes by restarting NGINX.
sh
Copy code
doas rcctl restart nginx
Recommendation
For most users, Option 1 is recommended due to its simplicity and reduced security risk. Modifying the chroot environment as described in Option 2 should only be done by advanced users who are familiar with the security implications and who have a specific need to serve files from outside the default chroot directory.