Introduce mysqld socket stream forwarding with nginx for chroot jails

2019-01-01 13:47:30 +01:00
parent 0f38bd2449
commit 55bc8cd757
9 changed files with 48 additions and 22 deletions
--- a/etc/nginx/fastcgi.conf
+++ b/etc/nginx/fastcgi.conf
@ -26,3 +26,6 @@ fastcgi_param  SERVER_NAME        $server_name;
 fastcgi_param  REDIRECT_STATUS    200;
 # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
 fastcgi_param HTTP_PROXY "";
+
+#running in chroots
+fastcgi_param SCRIPT_FILENAME /www/$fastcgi_script_name;
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@ -100,3 +100,7 @@ http {

 	include /etc/nginx/sites-enabled/*;
 }
+
+stream {
+	include /etc/nginx/streams-enabled/*;
+}
--- a/etc/systemd/system/nginx.service.d/custom.conf
+++ b/etc/systemd/system/nginx.service.d/custom.conf
@ -18,5 +18,6 @@ SystemCallArchitectures=native
 BindPaths=/var/log/nginx/
 BindPaths=/var/lib/nginx/
 BindPaths=/var/run/
+BindPaths=/var/www/var/run/
 BindPaths=/run/
 InaccessiblePaths=/root/