Chrooted PHP-FPM 脚本在一段时间后无法解析 DNS
[英]Chrooted PHP-FPM script cannot resolve DNS after a moment
问题描述
I need some help to understand why a PHP-FPM chrooted PHP script fails to resolve an FQDN few instants after the PHP-FPM service started.
我需要一些帮助来理解为什么 PHP-FPM chroot 的 PHP 脚本在 PHP-FPM 服务启动后的几个瞬间无法解析 FQDN。
When I (re)start the PHP-FPM service, it works (resolution succeeds) a few seconds and then resolution fails.当我(重新)启动 PHP-FPM 服务时,它工作(解析成功)几秒钟,然后解析失败。
I chrooted a PHP application (a WordPress actually) via PHP-FPM (settings `` chroot` in the PHP-FPM pool configuration file) and gave PHP what it needed:我通过 PHP-FPM(在 PHP-FPM 池配置文件中设置``chroot`)对一个 PHP 应用程序(实际上是一个 WordPress)进行了 chroot,并为 PHP 提供了它需要的东西:
- A basic
/etc/hostsfile一个基本的/etc/hosts文件 - A
mount --bindof /etc/ssl/certs/etc/ssl/certs 的mount --bind - A
/dev/urandom(viamknod)A /dev/urandom(通过mknod) - A
mount --bindof /usr/share/zoneinfo/usr/share/zoneinfo 的mount --bind - A
mount --bindof /var/run/mysqld for the socket to MySQL.用于连接到 MySQL 的套接字的 /var/run/mysqld 的mount --bind。 - A
mount --bindof /var/run/nscd for the socket to nscd resolver.将 /var/run/nscd 的mount --bind用于套接字到 nscd 解析器。 - A place to store PHP sessions一个存储 PHP 会话的地方
I noticed the issue when WordPress complained it could not download updates with:当 WordPress 抱怨无法下载更新时,我注意到了这个问题:
stream_socket_client(): php_network_getaddresses: getaddrinfo failed: Name or service not known stream_socket_client(): unable to connect to tcp://www.wordpress.org:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known) stream_socket_client(): php_network_getaddresses: getaddrinfo failed: Name or service not known stream_socket_client(): 无法连接到 tcp://www.wordpress.org:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known)
Sample script:示例脚本:
<?php
$domain = 'www.example.com';
echo 'gethostbynamel(): '; var_dump(gethostbynamel($domain));
echo 'checkdnsrr(): '; var_dump(checkdnsrr($domain, 'A'));
echo 'dns_get_record(): '; var_dump(dns_get_record($domain));
?>
When it works:当它工作时:
gethostbynamel(): array(1) {
[0]=>
string(13) "93.184.216.34"
}
checkdnsrr(): bool(true)
dns_get_record(): array(1) {
[0]=>
array(5) {
["host"]=>
string(15) "www.example.com"
["class"]=>
string(2) "IN"
["ttl"]=>
int(86348)
["type"]=>
string(1) "A"
["ip"]=>
string(13) "93.184.216.34"
}
}
After a few instants:几分钟后:
gethostbynamel(): bool(false)
checkdnsrr(): bool(true)
dns_get_record(): array(1) {
[0]=>
array(5) {
["host"]=>
string(15) "www.example.com"
["class"]=>
string(2) "IN"
["ttl"]=>
int(86400)
["type"]=>
string(1) "A"
["ip"]=>
string(13) "93.184.216.34"
}
}
Note that, in any case, both dns_get_record() and checkdnsrr() always works fine.请注意,在任何情况下, dns_get_record()和checkdnsrr()都可以正常工作。
Three questions:三个问题:
- What makes
dns_get_record()andcheckdnsrr()achieve to resolve FQDN whengethostbynamel()fails?当gethostbynamel()失败时,是什么让dns_get_record()和checkdnsrr()实现解析 FQDN? - What does
gethostbynamel()need in a chrooted setup?gethostbynamel()在 chrooted 设置中需要什么? - What could make it works only for a few moment?什么可以让它只工作片刻?
Software versions:软件版本:
- Debian 9 Debian 9
- Nginx 10.3 nginx 10.3
- PHP 7.0.19 PHP 7.0.19
Thanks谢谢
1 个解决方案
解决方案1
1 2020-10-03 05:38:13
Per the comment on the question, Chrooted PHP-FPM script cannot resolve DNS after a moment , the OP was able to resolve the issue by adding the following files to the jail:根据对该问题的评论, Chrooted PHP-FPM 脚本稍后无法解析 DNS ,OP 能够通过将以下文件添加到 jail 来解决该问题:
-
/lib/x86_64-linux-gnu/libnss_dns.so.2(or depending on OS variant,/lib/libnss_dns.so)/lib/x86_64-linux-gnu/libnss_dns.so.2(或取决于操作系统变体,/lib/libnss_dns.so) -
/etc/nsswitch.conf -
/etc/resolv.conf
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.