Welcome! Log In Create A New Profile

Advanced

php-fpm from inside a freebsd jail

Posted by wonslung 
php-fpm from inside a freebsd jail
November 20, 2009 08:03AM
What i'm trying to do is run php-fpm in it's own jail. The main reason is that i host multiple sites on this server, for different people. It's easy to give a user a jail and even root access to that jail without having to worry about too much. I've already got mysql running in it's own jail successfully. If i could get php-fpm to do the same it would help a lot. Currently, i've been running separate php-fpm installs in each jail. (i use the patch version for 5.2.11 on freebsd 7.2 amd64)

The problem is that when i try to set php-fpm to run inside the jail, i get 504 gateway timeouts. The jail runs on an alias ip on the loopback device with ip 10.0.0.1

I've made sure to enter in the allowed ip's in the php-fpm.conf file, what else am i missing?
Momchil Ivanov
Re: php-fpm from inside a freebsd jail
November 20, 2009 11:04AM
На петък 20 ноември 2009 14:03:44 wonslung написа:
> What i'm trying to do is run php-fpm in it's own jail. The main reason is
> that i host multiple sites on this server, for different people. It's
> easy to give a user a jail and even root access to that jail without
> having to worry about too much. I've already got mysql running in it's
> own jail successfully. If i could get php-fpm to do the same it would
> help a lot. Currently, i've been running separate php-fpm installs in
> each jail. (i use the patch version for 5.2.11 on freebsd 7.2 amd64)
>
> The problem is that when i try to set php-fpm to run inside the jail, i get
> 504 gateway timeouts. The jail runs on an alias ip on the loopback device
> with ip 10.0.0.1
>
> I've made sure to enter in the allowed ip's in the php-fpm.conf file, what
> else am i missing?
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?3,24399,24399#msg-24399
>

did you check your firewall?
Hugo Monteiro
Re: php-fpm from inside a freebsd jail
November 20, 2009 02:32PM
wonslung wrote:
> What i'm trying to do is run php-fpm in it's own jail. The main reason is that i host multiple sites on this server, for different people. It's easy to give a user a jail and even root access to that jail without having to worry about too much.

You SHOULD worry about giving people root access inside the chroot.

Just do a google search on "chroot jail break out" and read a couple of
them.

If you MUST give somene root access, consider using some kind of
virtualization platform, such as Xen, VirtualBox, VMWare, etc.


Best regards,

Hugo Monteiro.
Re: php-fpm from inside a freebsd jail
November 20, 2009 05:30PM
On Sat, Nov 21, 2009 at 2:30 AM, Hugo Monteiro <monteiro.hugo@gmail.com> wrote:
> wonslung wrote:
>>
>> What i'm trying to do is run php-fpm in it's own jail.  The main reason is
>> that i host multiple sites on this server, for different people.  It's easy
>> to give a user a jail and even root access to that jail without having to
>> worry about too much.
>
> You SHOULD worry about giving people root access inside the chroot.
>
> Just do a google search on "chroot jail break out" and read a couple of
> them.
>
> If you MUST give somene root access, consider using some kind of
> virtualization platform, such as Xen, VirtualBox, VMWare, etc.
>
>
> Best regards,
>
> Hugo Monteiro.
>
>

I think you're confusing between 'normal' chroot and freebsd jail

--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Hugo Monteiro
Re: php-fpm from inside a freebsd jail
November 20, 2009 06:22PM
Edho P Arief wrote:
> On Sat, Nov 21, 2009 at 2:30 AM, Hugo Monteiro <monteiro.hugo@gmail.com> wrote:
>
>> wonslung wrote:
>>
>>> What i'm trying to do is run php-fpm in it's own jail. The main reason is
>>> that i host multiple sites on this server, for different people. It's easy
>>> to give a user a jail and even root access to that jail without having to
>>> worry about too much.
>>>
>> You SHOULD worry about giving people root access inside the chroot.
>>
>> Just do a google search on "chroot jail break out" and read a couple of
>> them.
>>
>> If you MUST give somene root access, consider using some kind of
>> virtualization platform, such as Xen, VirtualBox, VMWare, etc.
>>
>>
>> Best regards,
>>
>> Hugo Monteiro.
>>
>>
>>
>
> I think you're confusing between 'normal' chroot and freebsd jail
>
>


Indeed, my apologies. Wasn't aware he was refering to virtualization
solution and not just a regular chroot jail.
Also, thank you for pointing out the difference, I've learned something
new. =)

Best Regards,

Hugo Monteiro.
Re: php-fpm from inside a freebsd jail
November 21, 2009 03:57AM
It's not the firewall, i assure you.
I even disabled the firewall completely and still had the same 504 error. I'm wondering if it's something specific to freebsd jails.

And yes, giving someone root access inside a jail completely limits them to that jail. It's one of the beautiful things about FreeBSD and jails.
Momchil Ivanov
Re: php-fpm from inside a freebsd jail
November 21, 2009 07:44AM
На събота 21 ноември 2009 09:57:22 wonslung написа:
> It's not the firewall, i assure you.
> I even disabled the firewall completely and still had the same 504 error.
> I'm wondering if it's something specific to freebsd jails.
>
> And yes, giving someone root access inside a jail completely limits them to
> that jail. It's one of the beautiful things about FreeBSD and jails.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?3,24399,24607#msg-24607
>

If you are sure that your firewall allows connections from the web to the php
jail, try connecting with telnet. If it works (you see the connection in the
php jail) then your tcp connection is ok and the problem is in php-fpm, since
fastcgi works over tcp. Try using a simple php script which prints "a" or
phpinfo().
Re: php-fpm from inside a freebsd jail
November 21, 2009 04:15PM
i'm not sure what's wrong. When i try to connect via telnet i get this:

[code]telnet: connect to address 10.0.0.2: Operation timed out
telnet: Unable to connect to remote host
[/code]

but it's showing as being up in sockstat
Jose Amengual
Re: php-fpm from inside a freebsd jail
November 23, 2009 01:14PM
you should use socket instead of a tcp connection to run php-fpm if you are using that instance of php-fpm for that jail only.

I have a similar setup like you and works pretty well on my side.


On 2009-11-21, at 1:16 PM, wonslung wrote:

> i'm not sure what's wrong. When i try to connect via telnet i get this:
>
> telnet: connect to address 10.0.0.2: Operation timed out
> telnet: Unable to connect to remote host
>
>
> but it's showing as being up in sockstat
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?3,24399,24721#msg-24721
>
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 325
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready