Re: LibreNMS chroot issues
> I was wondering if anybody tried running LibreNMS with httpd from the > base and even more fundamentally does httpd from the base support > "unsecure" mode. I read up and down httpd several times but I didn't see > anything about insecure mode. Yes, "unsecure mode" is call Linux. Or FreeBSD these days with all security they talked about not enable by default. Take your pick.
Re: LibreNMS chroot issues
Why not pointing the socket to chroot? Von meinem Samsung Galaxy Smartphone gesendet. Ursprüngliche Nachricht Von: Ax0n Datum:27.12.2015 18:58 (GMT+01:00) An: cou...@gmail.com, punoseva...@gmail.com Cc: misc@openbsd.org Betreff: Re: LibreNMS chroot issues
Re: LibreNMS chroot issues
On 2015-12-27, Ax0n wrote: > I've been able to run most *AMP stuff on OpenBSD/nginx/php_fpm. I've not > tried librenms before, but the major hurdle for chroot is usually the > mariaDB socket. That isn't the major hurdle for LibreNMS. It needs snmpbulkwalk, fping, rrdtool, etc.
Re: LibreNMS chroot issues
I've been able to run most *AMP stuff on OpenBSD/nginx/php_fpm. I've not tried librenms before, but the major hurdle for chroot is usually the mariaDB socket. I overcome this by setting up mariadb to bind to localhost and setting up a user on 127.0.0.1 to force a TCP connection instead of sockets. This is a little slower but I've never seen it make a web app sluggish on its own. If you want an example of the setup I use, I wrote it up here (only up to date with 5.7 though) http://www.h-i-r.net/p/openbsd-nginx-php-mysql.html On Sun, Dec 27, 2015, 07:40 ludovic coues wrote: > On 26 Dec 2015 12:47 am, "Predrag Punosevac" > wrote: > > > > > I was wondering if anybody tried running LibreNMS with httpd from the > > base and even more fundamentally does httpd from the base support > > "unsecure" mode. I read up and down httpd several times but I didn't see > > anything about insecure mode. > > > > Like many part of OpenBSD, httpd from base have a concept of "non-optional > security". So there is no possibility to use httpd without chroot.
Re: LibreNMS chroot issues
On 26 Dec 2015 12:47 am, "Predrag Punosevac" wrote: > > I was wondering if anybody tried running LibreNMS with httpd from the > base and even more fundamentally does httpd from the base support > "unsecure" mode. I read up and down httpd several times but I didn't see > anything about insecure mode. > Like many part of OpenBSD, httpd from base have a concept of "non-optional security". So there is no possibility to use httpd without chroot.
Re: LibreNMS chroot issues
On 2015-12-25, Predrag Punosevac wrote: > I was wondering if anybody tried running LibreNMS with httpd from the > base and even more fundamentally does httpd from the base support > "unsecure" mode. I read up and down httpd several times but I didn't see > anything about insecure mode. It's PHP, not the http server, that needs to be run without chroot. > My second question is using PHP with Nginx running in the insecure mode. > I got Nginx exporting http without any problems. However I can't get > to export PHP files. I was under impression that it is sufficient to > comment out with ; the > > chroot = /var/www > > line from > > /etc/php-fpm.conf > > However that didn't work. Can anybody who runs php-fpm, MariaDB, and > Nginx in the insecure mode give me some hint to what I am doing wrong. > I haven't seen anything interesting in php-fpm log files. > > Best, > Predrag You probably need something like this. fastcgi_param DOCUMENT_ROOT /var/www$document_root; fastcgi_param SCRIPT_FILENAME /var/www$document_root$fastcgi_script_name; Works with nginx for sure. I don't think httpd will give enough control over fastcgi path names to work though. I'll try to find time to revise the pkg-readme.
Re: LibreNMS chroot issues
Sorry my original message was somehow garbled. Hi Misc, I am using this holiday season to migrate our Debian based Observium installation to LibreNMS/OpenBSD. I have two questions. The first one is related to httpd from the base. According to wonderful pkg-readmes for LibreNMS pre-assumable written by Stan the LibreNMS is tested with Apache2 (which is what Observium people insisted on) but also with Nginx (I was delighted to see this). However pkg-readmes recommend using both servers in unsecure "non-chroot" mode due to extensive dependencies on other software besides PHP and MariaDB. The pkg-readmes come even with the nginx.conf example. I was wondering if anybody tried running LibreNMS with httpd from the base and even more fundamentally does httpd from the base support "unsecure" mode. I read up and down httpd several times but I didn't see anything about insecure mode. My second question is using PHP with Nginx running in the insecure mode. I got Nginx exporting http without any problems. However I can't get to export PHP files. I was under impression that it is sufficient to comment out with ; the chroot = /var/www line from /etc/php-fpm.conf However that didn't work. Can anybody who runs php-fpm, MariaDB, and Nginx in the insecure mode give me some hint to what I am doing wrong. I haven't seen anything interesting in php-fpm log files. Best, Predrag
LibreNMS chroot issues
Hi Misc, sing this holiday season to migrate our Debian based Observium n to LibreNMS/OpenBSD. I have two questions. The first one is pd from the base. According to wonderful pkg-readmes for ache2 (which is what Observium people insisted on) but also with Nginx (I was delighted to see this). However pkg-readmes recommend using both servers in unsecure "non-chroot" mode due to extensive dependencies on other software besides PHP, and MariaDB. The pkg-readmes come even with the nginx.conf example. I was wondering if anybody tried running LibreNMS with httpd from the base and even more fundamentally does httpd from the base support "unsecure" mode. I read up and down httpd several times but I didn't see anything about insecure mode. My second question is using PHP with Nginx running in the insecure mode. I got Nginx exporting http without any problems. However I can't get to export PHP files. I was under impre I am uhainstallatioficient to comment out with ; the chroot = /var/www linerelated to htthp-fpm.conf However that didn't work. Can anybody who runsLibreNMS pre-assumable written by Stan the LibreNMS is tested with Apo what I am doing wrong. I haven't seen anything interesting in php-fpm log files. Best, Predrag