MySQL on OpenBSD 4.3 using the Apache Chroot
I’m back with some more tech geek goodness for anyone who uses MySQL and OpenBSD.
OpenBSD by default apache runs in a chroot jail, thereby making it more secure in case the www server is compromised. I have talked about this before.
However if you use wordpress or some other web application that needs MySQL (and I’m talking where apache and MySQL reside on the same host), then the chroot jail will not allow your webapp access to the mysql socket file which is by default located in /var/run/mysql/
There are various solutions available online to wait x number of seconds and then to create symlinks, etc – but this was not always working for me – with the result the server would sometimes be up without database availability.
Here is my solution (thanks to NoMoa for the idea) – very simple, no postfix symlink but there is a symlink to allow other applications to access MySQL locally via the default socket location.
First I create the run dirs in the apache jail:<br /> mkdir -p /var/www/var/run/mysql<br /> chown _mysql:_mysql /var/www/var/run/mysql<br /> chmod 711 /var/www/var/run/mysql<br />
Then I add this to the bottom of /etc/rc.local on the webhost.<br /> <a href="http://search.twitter.com/search?q=%23mySQL" class="tweet-hashtag">#mySQL</a><br /> if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then<br /> echo -n " mysqld"; /usr/local/bin/mysqld_safe --user=_mysql --log --open-files-limit=256 --socket=/var/www/var/run/mysql/mysql.sock &<br /> if [ ! -L /var/run/mysql/mysql.sock ]; then<br /> mkdir -p /var/run/mysql<br /> chown _mysql:_mysql /var/run/mysql<br /> chmod 711 /var/run/mysql<br /> ln -fs /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock<br /> fi<br /> fi<br />
Lastly I add this to my /etc/rc.conf.local<br /> mysql=YES<br />
Note: you may need to change the open-files-limit to suit, but the above paths are as per a standard OpenBSD 4.3 install using the supplied MySQL pkgs.
I tested this all out on OpenBSD 4.3 and it now works fine for me. Whenever the server comes up I never get the dreaded word press DB failure screen. Good luck