|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
NGINX/PHP-FPM wordpress issue
I've configured and installed a virtual host and installed php-fpm from the packages and have managed to get wordpress up successfully without issue. It's incredibly fast but I'm having an issue with PHP and network connectivitiy.
I'm receiving the following error: Code:
php_network_getaddresses: getaddrinfo failed: temporary failure in name resolution If anyone has gotten WP working in a chroot environment before that has any direction for me it would be most appreciated. FYI, I have copied the resolv.conf and hosts files over the /var/www/etc as well and it doesn't seem to work. |
|
|||
If you run tcpdump to tap the port 53 traffic, do you see outgoing DNS requests like I do when doing a "dig www.openbsd.org"?
Code:
$ tcpdump -Xni re0 port 53 22:02:20.211830 192.168.222.20.3960 > 192.168.222.10.53: 29001+ A? www.openbsd.org. (33) 0000: 4500 003d ee15 0000 4011 0000 c0a8 de14 E..=î...@...À¨Þ. 0010: c0a8 de0a 0f78 0035 0029 3dab 7149 0100 À¨Þ..x.5.)=«qI.. 0020: 0001 0000 0000 0000 0377 7777 076f 7065 .........www.ope 0030: 6e62 7364 036f 7267 0000 0100 01 nbsd.org..... 22:02:20.571070 192.168.222.10.53 > 192.168.222.20.3960: 29001 1/0/0 A 129.128.5.194 (49) 0000: 4500 004d 38c3 0000 4011 046d c0a8 de0a E..M8Ã..@..mÀ¨Þ. 0010: c0a8 de14 0035 0f78 0039 9c99 7149 8180 À¨Þ..5.x.9..qI.. 0020: 0001 0001 0000 0000 0377 7777 076f 7065 .........www.ope 0030: 6e62 7364 036f 7267 0000 0100 01c0 0c00 nbsd.org.....À.. 0040: 0100 0100 0151 8000 0481 8005 c2 .....Q...... So here we see the request as well as the answer.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
|
|
|||
http://php.net/manual/en/function.dns-get-record.php gives some simple examples of PHP code doing DNS lookups. Try one of these on your server.
If that works then the issue is Wordpress. If it does not return any result, then it really is the chrooted PHP install.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Check the shared libs needed to run 'dig':
Code:
# ldd $(which dig) /usr/sbin/dig: Start End Type Open Ref GrpRef Name 1c000000 3c02e000 exe 1 0 0 /usr/sbin/dig 0857c000 285b9000 rlib 0 1 0 /usr/lib/libcrypto.so.20.1 07d3a000 27d68000 rlib 0 1 0 /usr/lib/libc.so.62.0 0be98000 0be98000 rtld 0 1 0 /usr/libexec/ld.so DNS requests also include a random number to helps the resolver to match the answer with the question and also is meant to prevent somebody spoofing a fake DNS reply (he would have to guess the random ID correctly): Code:
$ dig www.openbsd.org ; <<>> DiG 9.4.2-P2 <<>> www.openbsd.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.openbsd.org. IN A ;; ANSWER SECTION: www.openbsd.org. 77653 IN A 129.128.5.194 ;; Query time: 1 msec ;; SERVER: 192.168.222.10#53(192.168.222.10) ;; WHEN: Sat Dec 22 00:28:07 2012 ;; MSG SIZE rcvd: 49 00:28:07.341373 192.168.222.20.9625 > 192.168.222.10.53: [bad udp cksum 48aa!] 26376+ A? www.openbsd.org. (33) (ttl 64, id 40525, len 61, bad cksum 0! differs by 9ef2) 00:28:07.342385 192.168.222.10.53 > 192.168.222.20.9625: [udp sum ok] 26376 q: A? www.openbsd.org. 1/0/0 www.openbsd.org. A 129.128.5.194 (49) (ttl 64, id 54455, len 77) So it looks like you also need the /dev/*random device nodes. Code:
ls -l /dev/*random* crw-r--r-- 1 root wheel 45, 3 Dec 21 21:29 /dev/arandom crw-r--r-- 1 root wheel 45, 0 Apr 5 2010 /dev/random crw-r--r-- 1 root wheel 45, 1 Apr 5 2010 /dev/srandom crw-r--r-- 1 root wheel 45, 2 Dec 21 21:29 /dev/urandom EDIT: As shown in the following post, it turns out that this is not needed at all.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 23rd December 2012 at 08:46 AM. |
|
|||
I installed the latest OpenBSD amd64 snapshot, nginx and php_fpm from the snapshot packages. The only thing I had to to get DNS lookups working from within php was to create an etc directory and copy /etc/resolv.conf to it:
Code:
root@fidelity[/var/www]cat etc/resolv.conf search utp.xnet nameserver 192.168.222.10 I used the following PHP script: PHP Code:
HTML Code:
:<html> <head> <title>Test for php DNS requests</title> </head> <body> <h1>Testing PHP-FPM with nginx</h1> <h4>Trying to resolve IP address of www.openbsd.org</h4><p> IP address of www.openbsd.org: 129.128.5.194 </p> <p>A reverse lookup of 129.128.5.194 : obsd3.srv.ualberta.ca</p></body> </html> Code:
09:03:42.222806 192.168.222.240.41997 > 192.168.222.10.53: 43294+ A? www.openbsd.org. (33) 09:03:42.223868 192.168.222.10.53 > 192.168.222.240.41997: 43294 1/0/0 A 129.128.5.194 (49) 09:03:42.224031 192.168.222.240.1883 > 192.168.222.10.53: 36739+ PTR? 194.5.128.129.in-addr.arpa. (44) 09:03:42.224944 192.168.222.10.53 > 192.168.222.240.1883: 36739 1/0/0 PTR[|domain] Code:
root@fidelity[/etc/nginx]diff -u nginx.conf.orig nginx.conf --- nginx.conf.orig Sun Dec 23 07:06:55 2012 +++ nginx.conf Sun Dec 23 07:32:07 2012 @@ -66,20 +66,21 @@ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # - #location ~ \.php$ { - # root /var/www/htdocs; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # include fastcgi_params; - #} + location ~ \.php$ { + #root /var/www/htdocs; + root /htdocs; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # - #location ~ /\.ht { - # deny all; - #} + location ~ /\.ht { + deny all; + } }
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can't import mysql wordpress into jail | unixjingleman | FreeBSD General | 4 | 25th July 2012 09:05 PM |
WordPress 3.3 approaches with first release candidate | J65nko | News | 0 | 1st December 2011 03:23 PM |
WordPress 3.0.3 security update released | J65nko | News | 0 | 9th December 2010 02:10 PM |
Problems with TinyMCE / Wordpress | sampler | OpenBSD Packages and Ports | 6 | 18th August 2010 01:30 PM |
WordPress 3.0 nearly complete | J65nko | News | 0 | 9th June 2010 06:28 PM |