Forum

Im Trying to set up Hiawatha as a secure webserver. Because it has to be secure (at least for my hobby), I separated every single service in a single jail.
So Hiawatha runs in one, php in an other one.

When I'm trying to access for example a info.php file to show all php-information or any else php file, I receive the message "No input file specified." generated by the PHP-FPM-Server. Therefore, the php-fpm server should have connection to Hiawatha. The php-file isn't processed though.

Any Idea?

-------------------------------------------
Here my hiawatha.conf:

# BINDING SETTINGS
Binding {
	Port = 80
	Interface = 10.0.0.2
	MaxKeepAlive = 30
	TimeForRequest = 3,20
}

Binding {
	Port = 443
	Interface = 10.0.0.2 
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = /usr/local/etc/hiawatha/serverkey.pem 
}

BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes

Hostname = 10.0.0.2 
WebsiteRoot = /usr/local/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
ErrorHandler = 404:/error.cgi

FastCGIserver {
    FastCGIid = PHP5
    ConnectTo = 10.0.0.6:9000
    Extension = php
}

VirtualHost {
	Hostname = php.mydomain.de
	WebsiteRoot = /usr/local/www/php
	StartFile = info.php
	FastCGI = PHP5
}

----------------------------------------------------------
php-fpm.conf -- default file with:

listen = 10.0.0.6:9000

----------------------------------------------------------
Since I'm testing pf is not blocking any connection:

pf.conf (host)

ext_if="bge0"
jail_if="lo1"

IP_PUB="192.168.1.5"
NET_JAIL="10.0.0.0/24"
MYSQL="10.0.0.1"
WWW="10.0.0.2"
PHP="10.0.0.6"

PORT_MYSQL="{3306}"
PORT_PHP="{9000}"

icmp_types = "echoreq"

scrub in all

# nat all jail traffic
nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB

# MYSQL
rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_MYSQL -> $MYSQL
# PHP
rdr pass on $jail_if proto tcp from any to $PHP port $PORT_PHP -> $PHP
# WWW
rdr pass on $ext_if inet proto tcp to port http -> $WWW port http
rdr pass on $ext_if inet proto tcp to port https -> $WWW port https

# test only, passing all traffic
pass in
pass out

Hiawatha version: v9.3.1
Operating System: FreeBSD 10 (64 Bit)

I have not much experience with FreeBSD jails, but my guess is that the difference in root path between the Hiawatha jail and PHP jail is the cause of this

Now I've shared a folder between the two jails in which the common used php.sock is located. Although accessing is possible from both sides, The Same error (No input file specified.) appears when opening a php-page.

Any Ideas?

Make sure the DocumentRoot in your Hiawatha configuration file is relative to the jail root, not the disk root.

My DocumentRoot in my hiawatha.conf is set relative to the jail's root as you can see above.

The structure of my jails: /jails/JAILNAME - /jails/www - /jails/php

Inside the jails, there is a shared folder (relatively to jails) /phpsock. Neither the shared socket usage nor the connection via tcp-connection between the jails actually worked.

So, the complete path (ignoring the jail) to info.php is /jails/php/usr/local/www/php/info.php. Correct?