Lighttpd

Hello all,

I'll try and be as clear as I can, but I'm not a serious developer so please pardon my French if I don't make any sense.

I'm using a Deb. Squeeze release on an old PC I'm trying to convert into a webserver.
I installed and chrooted lighttpd.

I think I succeeded (not sure though)
-> when I call my web page through safari, it opens the directory listing of the chroot environment and it can read HTML static pages

Next, I try to install PHP with fast-cgi in the same chrooted env.
I think I suceeded here too but a few points make me unsure about it, and that's what I would like to discuss, because as you can guess, I don't want all my chrooting efforts wasted.

What seems normal :
Due to my Chroot I have 2 php.ini files (one in the usual /etc/php5/.… and one in /chroot/etc/php5/...) And it seems that the one used by PHP is the chrooted one. So good news.

What makes me not so sure that everything is correct
Point 1.
I use the non chrooted /etc/lighttpd/lighttp.conf file to configure everything is that normal ?

Point 2.
In that file, I inserted the following lines :

fastcgi.server = ( ".php" => ((
"bin-path" => " /usr/bin/php5-cgi",
"socket" => "/tmp/php.socket" 
)))

And I'm a bit confused as the paths mentioned here look like absolute paths, not "from the chroot" paths.

Point 3.
in php.ini (the chrooted one) in order to have php work I have to do something also a tad weird :
doc_root = "/home/lighttpd/www/"
I'm a bit surprised that I had to use "/home/lighttpd/..." instead of "home/lighttpd/..." to reflect the chroot.

That's it. I hope I made sense..
I would really appreciate it if you can help me make sure my chroot is indeed secure.

Couleseb