[英]Chrooted PHP-FPM script cannot resolve DNS after a moment
I need some help to understand why a PHP-FPM chrooted PHP script fails to resolve an FQDN few instants after the PHP-FPM service started.我需要一些帮助来理解为什么 PHP-FPM chroot 的 PHP 脚本在 PHP-FPM 服务启动后的几个瞬间无法解析 FQDN。
When I (re)start the PHP-FPM service, it works (resolution succeeds) a few seconds and then resolution fails.当我(重新)启动 PHP-FPM 服务时,它工作(解析成功)几秒钟,然后解析失败。
I chrooted a PHP application (a WordPress actually) via PHP-FPM (settings `` chroot` in the PHP-FPM pool configuration file) and gave PHP what it needed:我通过 PHP-FPM(在 PHP-FPM 池配置文件中设置``chroot`)对一个 PHP 应用程序(实际上是一个 WordPress)进行了 chroot,并为 PHP 提供了它需要的东西:
/etc/hosts
file/etc/hosts
文件mount --bind
of /etc/ssl/certs mount --bind
/dev/urandom
(via mknod
) /dev/urandom
(通过mknod
)mount --bind
of /usr/share/zoneinfo mount --bind
mount --bind
of /var/run/mysqld for the socket to MySQL.mount --bind
。mount --bind
of /var/run/nscd for the socket to nscd resolver.mount --bind
用于套接字到 nscd 解析器。I noticed the issue when WordPress complained it could not download updates with:当 WordPress 抱怨无法下载更新时,我注意到了这个问题:
stream_socket_client(): php_network_getaddresses: getaddrinfo failed: Name or service not known stream_socket_client(): unable to connect to tcp://www.wordpress.org:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known) stream_socket_client(): php_network_getaddresses: getaddrinfo failed: Name or service not known stream_socket_client(): 无法连接到 tcp://www.wordpress.org:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known)
Sample script:示例脚本:
<?php
$domain = 'www.example.com';
echo 'gethostbynamel(): '; var_dump(gethostbynamel($domain));
echo 'checkdnsrr(): '; var_dump(checkdnsrr($domain, 'A'));
echo 'dns_get_record(): '; var_dump(dns_get_record($domain));
?>
When it works:当它工作时:
gethostbynamel(): array(1) {
[0]=>
string(13) "93.184.216.34"
}
checkdnsrr(): bool(true)
dns_get_record(): array(1) {
[0]=>
array(5) {
["host"]=>
string(15) "www.example.com"
["class"]=>
string(2) "IN"
["ttl"]=>
int(86348)
["type"]=>
string(1) "A"
["ip"]=>
string(13) "93.184.216.34"
}
}
After a few instants:几分钟后:
gethostbynamel(): bool(false)
checkdnsrr(): bool(true)
dns_get_record(): array(1) {
[0]=>
array(5) {
["host"]=>
string(15) "www.example.com"
["class"]=>
string(2) "IN"
["ttl"]=>
int(86400)
["type"]=>
string(1) "A"
["ip"]=>
string(13) "93.184.216.34"
}
}
Note that, in any case, both dns_get_record()
and checkdnsrr()
always works fine.请注意,在任何情况下,
dns_get_record()
和checkdnsrr()
都可以正常工作。
Three questions:三个问题:
dns_get_record()
and checkdnsrr()
achieve to resolve FQDN when gethostbynamel()
fails?gethostbynamel()
失败时,是什么让dns_get_record()
和checkdnsrr()
实现解析 FQDN?gethostbynamel()
need in a chrooted setup? gethostbynamel()
在 chrooted 设置中需要什么? Software versions:软件版本:
Thanks谢谢
Per the comment on the question, Chrooted PHP-FPM script cannot resolve DNS after a moment , the OP was able to resolve the issue by adding the following files to the jail:根据对该问题的评论, Chrooted PHP-FPM 脚本稍后无法解析 DNS ,OP 能够通过将以下文件添加到 jail 来解决该问题:
/lib/x86_64-linux-gnu/libnss_dns.so.2
(or depending on OS variant, /lib/libnss_dns.so
) /lib/x86_64-linux-gnu/libnss_dns.so.2
(或取决于操作系统变体, /lib/libnss_dns.so
)/etc/nsswitch.conf
/etc/resolv.conf
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.