MySQL on OpenBSD 4.3 using the Apache Chroot

I’m back with some more tech geek goodness for anyone who uses MySQL and OpenBSD.

OpenBSD by default apache runs in a chroot jail, thereby making it more secure in case the www server is compromised. I have talked about this before.

However if you use wordpress or some other web application that needs MySQL (and I’m talking where apache and MySQL reside on the same host), then the chroot jail will not allow your webapp access to the mysql socket file which is by default located in /var/run/mysql/

There are various solutions available online to wait x number of seconds and then to create symlinks, etc – but this was not always working for me – with the result the server would sometimes be up without database availability.

Here is my solution (thanks to NoMoa for the idea) – very simple, no postfix symlink but there is a symlink to allow other applications to access MySQL locally via the default socket location.

First I create the run dirs in the apache jail:

mkdir -p /var/www/var/run/mysql
chown _mysql:_mysql /var/www/var/run/mysql
chmod 711 /var/www/var/run/mysql

Then I add this to the bottom of /etc/rc.local on the webhost.

#mySQL
if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then
        echo -n " mysqld"; /usr/local/bin/mysqld_safe --user=_mysql --log --open-files-limit=256 --socket=/var/www/var/run/mysql/mysql.sock &
        if [ ! -L /var/run/mysql/mysql.sock ]; then
                mkdir -p /var/run/mysql
                chown _mysql:_mysql /var/run/mysql
                chmod 711 /var/run/mysql
                ln -fs /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock
        fi
fi

Lastly I add this to my /etc/rc.conf.local

mysql=YES

Note: you may need to change the open-files-limit to suit, but the above paths are as per a standard OpenBSD 4.3 install using the supplied MySQL pkgs.

I tested this all out on OpenBSD 4.3 and it now works fine for me. Whenever the server comes up I never get the dreaded word press DB failure screen. Good luck

Melbourne underground band Asbestos Garage

As regular readers of my blog will know, I’m a fan of metal, progressive rock and a bit of eighties rock. The other day I had the chance to speak to the lead singer of Asbestos Garage, a Melbourne based band. Neon Kessler told me of their aspirations to bring glam rock back to Melbourne, and not one of mega-concerts – but something you can enjoy at your local pub. With the up-coming Def Leppard concert in Melbourne this appears to be the right time to do so.

The band is currently promoting their fantastic T-Shirts to raise the funds to go on tour possibly some time in the near future. I personally will be buying the black design.

I’m looking forward to hearing their 2007 promo/demo track “The Will To Breathe“, which can hopefully be released on an independent label soon. Neon advised it is planned as their opening track on their EP “Fire Proof Rock“.

If by chance a music label reads this you can contact the band on the email neon at asbestos garage dot com.

Death to Spam

I’ve been hit by a number of Spam comments recently that snuck through the filters.

If you are subscribed to the comments feed, apologies for this.

It turns out that since I moved TechDebug to a VM host, I did not follow my own post and the spam tools where not connecting to Akismet to check the comments. So remember that if you use OpenBSD and the default chroot for Apache, then you need to setup a resolv.conf to allow Apache to resolve hostnames.

It should be all fixed now. If I still get them sneaking through I may have to turn on “logins” to allow commenting. This is my last resort so it’s not in place yet.