chadmiko Wrote:
-------------------------------------------------------
> I have seemingly solved this issue. I failed to
> copy /lib/libnsl.so.1 into my chroot /lib folder
> but have added it and I can start nginx using the
> start-stop-daemon command with the --chroot flag;
> strace is a life-saver.
>
> In case anyone else goes down this road in the
> future, you can strace your start-stop-daemon call
> to a chrooted nginx as follows:
>
> # start-stop-daemon --start --pidfile $PIDFILE
> --exec $DAEMON --chroot $CHRDIR --startas
> /usr/bin/strace -- -f -o /tmp/$NAME.strace
> $DAEMON $ARGS
>
> where...
> $PIDFILE = path/to/nginx/pid
> $DAEMON = /usr/sbin/nginx
> $CHRDIR = /chroot/nginx (or your chroot dir)
> $NAME = nginx
>
> make sure you copy /usr/bin/strace into
> $CHRDIR/usr/bin/ else the above command will fail
> (don't forget to remove it after you've debugged
> everything).
> strace will be output to $CHRDIR/tmp/$NAME.strace.
>
>
> This is how I was able to determine what libraries
> I needed.

Thanks for the tip! I too was having trouble with chroot'ing nginx on Ubuntu Lucid 10.04 LTS, and that strace led me to the missing libs.

To make this easier, I wrote a script based on many tips from Vivek Gite's blog, mainly this post: http://www.cyberciti.biz/faq/howto-run-nginx-in-a-chroot-jail/ , and I've released it on Github in hopes it will help others:

https://github.com/doublerebel/nginx-chroot

I've included the nginx init.d script updated to launch nginx chrooted. It also creates a new, password-locked nginx user with the home directory set to the chroot directory. I've only tested it with an Ubuntu 64-bit minimal installation on my VPS, so feel free to comment or submit patches on Github!

Cheers,

[b]Charles[/b]