Webserver: chrooted PHP gives mysql.sock error when attempting to reach mysql
I have configured an Ubuntu webserver with Nginx + PHP5-FPM. I have created a chrooted environment (using jailkit) that I'm tossing my developers into, from where they can develop their test applications.
Chroot jail: /home/jail
Nginx and PHP5-FPM run outside the chroot, but are configured to function with websites within the chrooted environment.
So far, Nginx and PHP5-FPM are serving up files without issue, except for the following: When attempting to connect to MySQL, we receive this error: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'
Now, I believe the issue is due to the non-chrooted php.ini referencing mysqld.sock outside of the chroot environment (it's actually using the MySQL default setting currently).
My question is, how can I configure PHP to access MySQL via loopback or similar? (Found that as a suggestion in a google result, but without any instructions)
Or if I'm missing some other obvious setting, let me know. If there's an option of creating a hardlink (that would remain available even if mysql is restarted), that would be handy as well.
I solved my own issue.
Jailkit couldn't create a hard link reference to mysqld.sock, as Ubuntu stores /var/run in tmpfs, which appears to the system to be a separate partition (which breaks hardlink functionality).
I instead am now mounting /var/run/mysqld in the jail now, like so:
mount --bind /var/run/mysqld /home/jail/var/run/mysqld/
How about using as host
value 127.0.0.1
? It uses TCP connection which doesn't write socket (unlike localhost
value on unix).
Remounting using --bind
for the chroot looks like a workable suggestion. However, IMHO connecting to MySQL using a TCP socket (127.0.0.1) seems cleaner, more secure and less likely to go wrong.
The reason I say that is that various sources including http://blog.dispatched.ch/postfix-and-mysql-debian/ and https://stackoverflow.com/questions/11389214/postfix-cant-connect-with-mysql-table-when-using-unix-socket-postmap-succeeds suggest adding to the fstab:
/var/run/mysqld /home/jail/var/run/mysqld bind defaults,bind 0 0
Be cautious with that: Debian at least cleans out /var/run on reboot, so the mount will fail at boot time, and so will your service. Of course you could instead use:
/var/run /home/jail/var/run bind defaults,bind 0 0