Plesk — Restore chrooted SSH access and re-installing PHP 7.1

I had a little trouble finding all the information in one place for this. Essentially, users in a chrooted environment were unable to login via SSH and this was caused by a corrupt/invalid program in the user’s environment it seems. I simply had the message Connection to server.XXX.XXX closed. after a successful login. Here’s what I did.

Rebuilding the default chroot template

I began here: https://support.plesk.com/hc/en-us/articles/115002140654-How-to-rebuild-chroot-template-

So you should login over SSH as a root user. Check the link above for Debian 8 users.

cd /tmp
wget https://plesk.zendesk.com/hc/article_attachments/115003221093/update_chroot.tar.gz
tar -xvzf update_chroot.tar.gz

Now you have a program to modify the chrooted environments. Let’s remove everything in the chrooted environments

./update_chroot.sh --remove all

And then backup the entire directory

mv /var/www/vhosts/chroot{,.old}

Append binaries:

sed -i 's/CHROOT_PROGRAMS="/CHROOT_PROGRAMS="chmod curl gunzip gzip tar unzip zip wget /' update_chroot.sh

And recreate

./update_chroot.sh --install

Copy in nameserver/dns resolution defaults:

cp -a /etc/resolv.conf /var/www/vhosts/chroot/etc/

And apply to all the domains

./update_chroot.sh --apply all

Logins should now be restored.

But, we need to add our the programs back into the chrooted environments that we need. I only really needed PHP, but I wanted 7.1 — not the default 5.4 version in the /usr/bin directory.

Installing PHP 7.1 into Plesk Chrooted Environment

For this step I started here: https://support.plesk.com/hc/en-us/articles/213909545-How-to-add-and-remove-programs-to-a-chrooted-shell-environment-template

It took a little extra thinking time to install PHP 7.1 because all the file paths are incorrect and need to match in the chrooted environment. So here are my commands to install PHP 7.1 as it is if you’ve installed it via the GUI in the Plesk CP.

Remember to be logged in as a root user. This assumes that you’ve already setup your environment so the command php -v shows you running 7.1 — i.e. you’ve set your PATH environment variable to look in /opt/plesk/php/7.1/bin before your /usr/bin directory. You could just add PATH=/opt/plesk/php/7.1/bin:$PATH to the end of your your ~/.bashrc file

This assumes the command php -i | grep extension_dir should output /opt/plesk/php/7.1/lib64/php/modules

So here we go (all the commands are explained at the link above, it’s the paths which I’ve updated for PHP 7.1)

# ./update_chroot.sh --add `which php`
# mkdir /var/www/vhosts/chroot/usr/share
cp -a /usr/share/zoneinfo /var/www/vhosts/chroot/usr/share
# for f in /opt/plesk/php/7.1/lib64/php/modules/*.so ; do ./update_chroot.sh --add $f ; done
# rm -f /var/www/vhosts/chroot/bin/*.so
# mkdir -p /var/www/vhosts/chroot/opt/plesk/php/7.1/lib64
# cp -a /opt/plesk/php/7.1/lib64/php /var/www/vhosts/chroot/opt/plesk/php/7.1/lib64
# mkdir /var/www/vhosts/chroot/opt/plesk/php/7.1/etc
# cp -a /opt/plesk/php/7.1/etc/php.ini /opt/plesk/php/7.1/etc/php.d /var/www/vhosts/chroot/opt/plesk/php/7.1/etc
# ./update_chroot.sh --apply all

Now we’ve installed php for a chrooted user, there was one more issue I had. To run it I had to type /bin/php every time which was a bit of a pain. The PATH environment variable wasn’t set. So, when logged in as a user I was able to run

vi .bash_profile

And insert the following lines:

PATH=/bin
export PATH

I found this easier as a root user personally because it’s a different version of vi when chrooted with shortcuts I’m not familiar with. Make sure the file ownership is correct if you do this (same as the .bash_history file), or create the file first as the user your logged in as.

If you want this to be created whenever you add a new website create the same file in your skeleton:

vi /var/www/vhosts/.skel/0/.bash_profile

I think that’s it. I hope it’s helpful for others as well.