We Keep Coding

traefik doesn't detect my container with nginx and php-fpm

I'm using traefik :
version: '3'
services:
traefik:
image: traefik:v2.9
# command: --api.insecure=true --providers.docker
command: --providers.docker
ports:
- "80:80"
- "8080:8080"
network_mode: "host"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme.json:/acme.json
command:
# We are going to use the docker provider
- --api.insecure=true
- "--providers.docker"
# Only enabled containers should be exposed
#- "--providers.docker.exposedByDefault=false"
# We want to use the dashbaord
- "--api.dashboard=true"
# The entrypoints we ant to expose
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
#- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
# - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--certificatesresolvers.letsencrypt.acme.email=$EMAIL"
- "--certificatesresolvers.letsencrypt.acme.storage=acme.json"
# used during the challenge
And separately another docker-compose.yml with database, mailserver, nginx+php-fpm:
version: "3"
services:
database:
build:
context: ./database
environment:
MYSQL_DATABASE: '${MYSQL_DATABASE}'
MYSQL_USER: '${MYSQL_USER}'
MYSQL_PASSWORD: '${MYSQL_PASSWORD}'
MYSQL_ROOT_PASSWORD: '${MYSQL_ROOT_PASSWORD}'
volumes:
- ./database/data:/var/lib/mysql
restart: always
php-http:
build:
context: ../
dockerfile: ./docker/php-nginx/Dockerfile
args:
DOMAIN: '${DOMAIN}'
depends_on:
- database
- mailserver
volumes:
- ./nginxlogs/:/var/log/nginx/
- './symfonylogs:/var/www/html/mystuff/var/log/'
#labels:
# - traefik.http.routers.php-http.tls=true
# - traefik.http.routers.php-http.tls.certresolver=letsencrypt
# - traefik.http.services.php-http.loadbalancer.server.port=8080
# - traefik.enable=true
# - traefik.http.routers.php-http.rule=Host(`mystuff.com`, `mystuff2.com`)
# - 'traefik.http.routers.php-http.tls.domains[0].main=mystuff.com'
# - 'traefik.http.routers.php-http.tls.domains[1].main=mystuff2.com'
restart: always
mailserver:
[stuffs]
The dockerfile for nginx/php-fpm is based on https://github.com/TrafeX/docker-php-nginx/tree/1.10.0.
But I made a few changes in the config.
The nginx.conf :
worker_processes auto;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
keepalive_timeout 65;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Default server definition
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
sendfile off;
root /var/www/html;
index index.php index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
# Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires 5d;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
# deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
gzip_vary on;
gzip_disable "msie6";
# Include other server configs
include /etc/nginx/conf.d/*.conf;
}
my website config :
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name mystuff.com mystuff2.com;
root /var/www/html/mystuff/public;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
# optionally disable falling back to PHP script for the asset directories;
# nginx will return a 404 error when files are not found instead of passing the
# request to Symfony (improves performance but Symfony's 404 page is not displayed)
# location /bundles {
# try_files $uri =404;
# }
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# optionally set the value of the environment variables used in the application
# fastcgi_param APP_ENV prod;
# fastcgi_param APP_SECRET <app-secret-id>;
# fastcgi_param DATABASE_URL "mysql://db_user:db_pass#host:3306/db_name";
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
# Caveat: When PHP-FPM is hosted on a different machine from nginx
# $realpath_root may not resolve as you expect! In this case try using
# $document_root instead.
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
www.conf:
[global]
; Log to stderr
error_log = /dev/stderr
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php7.4-fpm.sock
listen.owner = nobody
listen.group = nobody
listen.mode = 0660
user = nobody
group = nobody
; Enable status page
pm.status_path = /fpm-status
; Ondemand process manager
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 100
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 1000
; Make sure the FPM workers can reach the environment variables for configuration
clear_env = no
; Catch output from PHP
catch_workers_output = yes
; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
decorate_workers_output = no
; Enable ping page to use in healthcheck
ping.path = /fpm-ping
Among other things, I made it listen to /var/run/php/php7.4-fpm.sock instead of the localhost.
Result : if I try to reach my website, I get a "404 page not found". Without traefik it seems to work (in http).
On the dashboard of traefik, I can see that traefik detect the containers of my database and mailserver, but not php-nginx. It's not in the list.
Update :
php-http_1 | 2023-01-22 16:27:56,736 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
php-http_1 | 2023-01-22 16:27:56,739 INFO supervisord started with pid 1
php-http_1 | 2023-01-22 16:27:57,742 INFO spawned: 'nginx' with pid 7
php-http_1 | 2023-01-22 16:27:57,744 INFO spawned: 'php-fpm' with pid 8
php-http_1 | nginx: [emerg] a duplicate default server for [::]:8080 in /etc/nginx/conf.d/symfony-nginx.conf:2
php-http_1 | 2023-01-22 16:27:57,754 INFO exited: nginx (exit status 1; not expected)
php-http_1 | 2023-01-22 16:27:57,755 INFO gave up: nginx entered FATAL state, too many start retries too quickly
php-http_1 | [22-Jan-2023 16:27:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'pdo_mysql' (tried: /usr/lib/php7/modules/pdo_mysql (Error loading shared library /usr/lib/php7/modules/pdo_mysql: No such file or directory), /usr/lib/php7/modules/pdo_mysql.so (Error relocating /usr/lib/php7/modules/pdo_mysql.so: pdo_throw_exception: symbol not found)) in Unknown on line 0
php-http_1 | [22-Jan-2023 16:27:57] NOTICE: fpm is running, pid 8
php-http_1 | [22-Jan-2023 16:27:57] NOTICE: ready to handle connections
php-http_1 | 2023-01-22 16:27:58,792 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
docker ps:
713bd86c922d docker_php-http "/usr/bin/supervisor…" 2 minutes ago Up 2 minutes (unhealthy) 8080/tcp docker_php-http_1
f80676dda336 docker_database "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp, 33060/tcp docker_database_1
a4a50d91722d docker_mailserver "/usr/bin/entrypoint…" 2 minutes ago Up 2 minutes (healthy) 25/tcp, 110/tcp, 143/tcp, 465/tcp, 587/tcp, 993/tcp, 995/tcp, 4190/tcp mailserver
I tried billions of small changes, nothing works. I'm getting quite desperate. I had made another build with apache instead of nginx, it works perfectly. I have no idea what's going on. Does anyone has any idea?
Thank you
Update : okay we can see in the docker ps that it's noted as unhealthy. I assume it's related.
In the original docker image, there is this :
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
I assume it's not correct anymore after my changes.

php5-fpm.sock not found / created in /var/run

I fail to connect to php5-fpm.sock. I have tried many solutions but still getting this error:
2017/11/20 11:17:21 [crit] 9670#9670: *1 connect() to unix:/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.224.8, server: babylon, request: "GET /webmail/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "babylon"
My configuration is like this:
location /webmail {
alias /srv/roundcubemail;
index index.php index.html;
# Favicon
location ~ ^/webmail/favicon.ico$ {
root /srv/roundcubemail/skins/classic/images;
log_not_found off;
access_log off;
expires max;
}
# Robots file
location ~ ^/webmail/robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny Protected directories
location ~ ^/webmail/(config|temp|logs)/ {
deny all;
}
location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/webmail/(bin|SQL)/ {
deny all;
}
# Hide .md files
location ~ ^/webmail/(.+\.md)$ {
deny all;
}
# Hide all dot files
location ~ ^/webmail/\. {
deny all;
access_log off;
log_not_found off;
}
#Roundcube fastcgi config
location ~ /webmail(/.*\.php)$ {
error_log /var/log/nginx/x.log error;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Is it maybe a problem with permissions over directories? I don't think so.
The attempts that I made were:
I change the listen of my www.conf, for socket and IP but still not working
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
I have restarted php5-fm and nginx and still nothing.
Any ideas how I can fix that?

First, ensure that php-fpm is installed, you could use this to check the current version if any:
php-fpm -v
Second check the php-fpm.conf configuration, and search for this line:
listen = /tmp/php-fpm.socket
In case it doesn't exist just add it, it can be also something like:
listen = /var/run/php5-fpm.sock
In some Linux distros normally this is used:
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
In case you want to use a TCP socket:
Listen 127.0.0.1:9000
Restart php-fpm and check that the socket has been created in case of using a Unix domain socket, this can be done by doing this:
$ file /var/run/php5-fpm.sock
If socket exists if should print out something like this:
/var/run/php5-fpm.sock: socket

Could you please ensure those settings on your PHP-fpm/www.conf file
.....
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data
......
Then Restart PHP-fpm under root user.

listen.owner = nginx
listen.group = nginx

Nginx together with haproxy does not point the root index.php file

I have 1 local haproxy server (10.10.1.18) that is used for loadbalance 2 nginx local webservers (web1=10.10.1.21,web2=10.10.1.22).
I can reach local ips of web servers to the index.php file successfully like that http://10.10.1.21/ and http://10.10.1.22/
However, when I point local ip of haproxy http://10.10.1.18/, it only brings the index.html file instead of index.php file. We also have a domainname that points the public ip to the haproxy but http://example.uni.edu brings again the index.html file and not index.php file
So I don't think it's about public vs local ip but rather haproxy or nginx configuration
/etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 10000
#---------------------------------------------------------------------
#HAProxy statistics backend
#---------------------------------------------------------------------
listen haproxy3-monitoring *:80
mode http
option forwardfor except 127.0.0.1
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth username:password
stats admin if TRUE
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:80
default_backend webapp-main
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend webapp-main
balance roundrobin
option httpchk HEAD / HTTP/1.1\r\nHost:\ example.uni.edu
server web1 10.10.1.21:80 check
server web2 10.10.1.22:80 check
web1 nginx - /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name 10.10.1.21;
# note that these lines are originally from the "location /" block
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /dataroot/ {
internal;
alias /var/moodledata/; # ensure the path ends with /
}
location /cachedir/ {
internal;
alias /var/moodledata/cache/; # ensure the path ends with /
}
location /localcachedir/ {
internal;
alias /var/moodledata/localcache/; # ensure the path ends with /
}
location /tempdir/ {
internal;
alias /var/moodledata/temp/; # ensure the path ends with /
}
location /filedir/ {
internal;
alias /var/moodledata/filedir/; # ensure the path ends with /
}
}
web2 has the same configs as web1 along with its own local ip.
When I point directly the index.php http://10.10.1.18/index.php it downloads the index.php file and gives
503 Service Unavailable
Anybody has similar experience issues like this?

Finally it worked out, please follow these steps:
do not use config files under /etc/nginx/conf.d/ only use 1 config file /etc/nginx/nginx.conf like this
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 8192;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
tcp_nopush on;
sendfile on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 512m;
large_client_header_buffers 2 1k;
client_body_timeout 1200;
client_header_timeout 1200;
send_timeout 100;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name example.uni.edu;
# note that these lines are originally from the "location /" block
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ =404;
index index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
root /usr/share/nginx/html;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
###################### For Moodle Application ##################
location /dataroot/ {
internal;
alias /var/moodledata/; # ensure the path ends with /
}
location /cachedir/ {
internal;
alias /var/moodledata/cache/; # ensure the path ends with /
}
location /localcachedir/ {
internal;
alias /var/moodledata/localcache/; # ensure the path ends with /
}
location /tempdir/ {
internal;
alias /var/moodledata/temp/; # ensure the path ends with /
}
location /filedir/ {
internal;
alias /var/moodledata/filedir/; # ensure the path ends with /
}
###################### For Moodle Application ##################
}
}
Make sure you use a valid haproxy config along with 2 different ports 80 is for backend and 8080 is to monitor the stats
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 10000
#---------------------------------------------------------------------
#HAProxy statistics backend
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth username:password
stats admin if TRUE
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:80
option http-server-close
option forwardfor
default_backend webapp-main
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend webapp-main
balance source
option httpchk HEAD / HTTP/1.1\r\nHost:\ example.uni.edu
server web1 10.10.1.21:80 check
server web2 10.10.1.22:80 check
Now you are fine to lookup your stats http://10.10.1.18:8080/ or http://example.uni.edu:8080/
You can also browse your application http://example.uni.edu
Note: Make sure you public ip points to your haproxy server successfully!

nginx - Unable to open primary script

I got error message:
FastCGI sent in stderr: "Unable to open primary script: /home/messi/web/wordpress/index.php (No such file or directory)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.domain.com
here are my configuration files:
/etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
doc_root =
user_dir =
....
/etc/php5/fpm/php-fpm.conf
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf
/etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
security.limit_extensions = .php .php3 .php4 .php5
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server_tokens off;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/wordpress
server {
listen 80;
server_name www.domain.com;
root /home/messi/web/wordpress;
error_log /var/log/nginx/err.wordpress.log;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Setup user permission:
#adduser www-data messi
#chown -R www-data:www-data /home/messi/web
#chmod -R 664 /home/messi/web/wordpress
How can I resolve this?
Thanks

SELinux will cause this error on CentOS/RHEL 7+ by default :(
To test if SELinux is the source of your woes, do
setenforce 0
... and see if everything works. If that fixed it, you can leave SELinux off (weak, you're better than that), or you can turn it back on with
setenforce 1
... and then properly fix the issue.
If you do
tail -f /var/log/audit/audit.log
... you'll see the SELinux issue. In my case, it was denying PHP-FPM access to web files. You can run the following directives to fix it:
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_network_connect 1
This actually didn't fix it for me at first, but then restoring SELinux context did it
restorecon -R -v /var/www
Hope that helps.

This is likely a permissions problem.
Make sure that every parent directory has +x permissions for the user (the nginx user and/or php-fpm user).
You can check these permissions with: namei -om /path/to/file.
If you have symlinks, make sure they point to a valid path.
Make sure chroots have access to the right paths.
Make sure SELinux (e.g. Fedora / Centos) or AppArmor (e.g. Ubuntu) or any other MAC security systems are not interfering with the file access.
For SeLinux:
Check /var/log/audit/audit.log or /var/log/messages
For AppArmor:
Im not a Ubuntu user and as far as I understand the logging for AppArmor isnt always easy to figure out. You might check here for info: http://ubuntuforums.org/showthread.php?t=1733231

It was SELinux in my case as well. I read some documentation found here:
https://wiki.centos.org/HowTos/SELinux
https://linux.die.net/man/1/chcon
and ended up with the command:
chcon -R -v --type=httpd_sys_content_t html/
....this changed the context of the files to the httpd type which is what my web server (Nginx) was running as.
You can find what context your web server runs as using:
ps axZ | grep nginx
....which in my case gave me:
system_u:system_r:**httpd_t**:s0 6246 ? Ss 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
system_u:system_r:**httpd_t**:s0 6249 ? S 0:00 nginx: worker process
Seeing the context of the running service was httpd_t I changed the context of my web site's root folder to that (recursively)
The point of SELinux is to only allow services and processes to access files of the same type as them. Since the web server ran as httpd_t than it made sense to set the context of the files/folder in the site to the same.
I'm new at this by the way.... But this seemed to be the best approach to me. It kept SELinux enabled, didn't lessen the security of what it does, nad matched up context of the files with the process/service.

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ->
fastcgi_param SCRIPT_FILENAME/home/messi/web/wordpress$fastcgi_script_name;

Nginx Error 413

When I try to upload a file to my site, I'm getting the Nginx "413 Request Entity Too Large" error, however in my nginx.conf file I've already explicitly stated the max size to be about 250MB at the moment, and changed the max file size in php.ini as well (and yes, I restarted the processes). The error log gives me this:
2010/12/06 04:15:06 [error] 20124#0:
*11975 client intended to send too large body: 1144149 bytes, client:
60.228.229.238, server: www.x.com, request: "POST
/upload HTTP/1.1", host:
"x.com", referrer:
"http://x.com/"
As far as I know, 1144149 bytes isn't 250MB...
Is there something I'm missing here?
Here's the base Nginx config:
user nginx;
worker_processes 8;
worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
client_max_body_size 300M;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_static on;
gzip_comp_level 5;
gzip_min_length 1024;
keepalive_timeout 300;
limit_zone myzone $binary_remote_addr 10m;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/sites/*;
}
And the vhost for the site:
server {
listen 80;
server_name www.x.com x.com;
access_log /var/log/nginx/x.com-access.log;
location / {
index index.html index.htm index.php;
root /var/www/x.com;
if (!-e $request_filename) {
rewrite ^/([a-z,0-9]+)$ /$1.php last;
rewrite ^/file/(.*)$ /file.php?file=$1;
}
location ~ /engine/.*\.php$ {
return 404;
}
location ~ ^/([a-z,0-9]+)\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}

Not knowing the version of your nginx build and what modules it was built with makes this tough, but try the following:
Copy your client_max_body_size 300M; line into the location / { } part of your vhost config. I'm not sure if it's overriding the default (which is 1 MB) properly.
Are you using nginx_upload_module? If so make sure you have the upload_max_file_size 300MB; line in your config as well.

My setup was:
php.ini
...
upload_max_filesize = 8M
...
nginx.conf
...
client_max_body_size 8m;
...
The nginx showed the error 413 when it was uploaded.
Then I had an idea: I will not let nginx show the error 413, client_max_body_size set to a value greater than upload_max_filesize, thus:
php.ini
...
upload_max_filesize = 8M
...
nginx.conf
...
client_max_body_size 80m;
...
What happened?
When you upload smaller than 80MB nginx will not display the error 413, but PHP will display the error if the file is up to 8MB.
This solved my problem, but if someone upload a file larger than 80MB error 413 happens, nginx rule.

I also add that you could define it in the *.php location handler
location ~ ^/([a-z,0-9]+)\.php$ {
Being the "lower" one in the cascading level, it would be an easy way to see if the problem comes from your nginx config or modules.
It sure doesn't come from PHP because the 413 error "body too large" is really a NGinx error.

Try the following steps to resolve the error.
Open the Nginx configuration file (nginx.conf) in a text editor.
$ sudo nano /etc/nginx/nginx.conf
Add the directive client_max_body_size under the http block:
http {
# Basic Settings
client max body size 16M;
...
}
Open nginx default file in a text editor
$ sudo nano /etc/nginx/sites-enabled/default
Add the directive client_max_body_size under location block.
location / {
...
client_max_body_size 100M;
}
Restart Nginx using the following command.
$ sudo systemctl restart nginx
Optional:
If you have a time-consuming process running on the backend server then you have to adjust the timeout attribute of the server to avoid 504 timeout error.
Open the Nginx default file in a text editor
$ sudo nano /etc/nginx/sites-enabled/default
Add the directives proxy_connect_timeout, proxy_send_timeout proxy_read_timeout under the location block:
location /api {
client_max_body_size 100M;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
proxy_pass http://localhost:5001;
}
Restart Nginx using the following command.
$ sudo systemctl restart nginx