I have nginx installed with PHP-FPM on a CentOS 5 box, but am struggling to get it to serve any of my files - whether PHP or not.
Nginx is running as www-data:www-data, and the default "Welcome to nginx on EPEL" site (owned by root:root with 644 permissions) loads fine.
The nginx configuration file has an include directive for /etc/nginx/sites-enabled/*.conf, and I have a configuration file example.com.conf, thus:
server {
listen 80;
Virtual Host Name
server_name www.example.com example.com;
location / {
root /home/demo/sites/example.com/public_html;
index index.php index.htm index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /home/demo/sites/example.com/public_html$fastcgi_script_name;
include fastcgi_params;
}
}
Despite public_html being owned by www-data:www-data with 2777 file permissions, this site fails to serve any content -
[error] 4167#0: *4 open() "/home/demo/sites/example.com/public_html/index.html" failed (13: Permission denied), client: XX.XXX.XXX.XX, server: www.example.com, request: "GET /index.html HTTP/1.1", host: "www.example.com"
I've found numerous other posts with users getting 403s from nginx, but most that I have seen involve either more complex setups with Ruby/Passenger (which in the past I've actually succeeded with) or are only receiving errors when the upstream PHP-FPM is involved, so they seem to be of little help.
Have I done something silly here?
One permission requirement that is often overlooked is a user needs x permissions in every parent directory of a file to access that file. Check the permissions on /, /home, /home/demo, etc. for www-data x access. My guess is that /home is probably 770 and www-data can't chdir through it to get to any subdir. If it is, try chmod o+x /home (or whatever dir is denying the request).
EDIT: To easily display all the permissions on a path, you can use namei -om /path/to/check
If you still see permission denied after verifying the permissions of the parent folders, it may be SELinux restricting access.
To check if SELinux is running:
# getenforce
To disable SELinux until next reboot:
# setenforce Permissive
Restart Nginx and see if the problem persists. To allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, setenforce Enforcing)
# chcon -Rt httpd_sys_content_t /path/to/www
See my answer here for more details
I solved this problem by adding user settings.
in nginx.conf
worker_processes 4;
user username;
change the 'username' with linux user name.
I've got this error and I finally solved it with the command below.
restorecon -r /var/www/html
The issue is caused when you mv something from one place to another. It preserves the selinux context of the original when you move it, so if you untar something in /home or /tmp it gets given an selinux context that matches its location. Now you mv that to /var/www/html and it takes the context saying it belongs in /tmp or /home with it and httpd is not allowed by policy to access those files.
If you cp the files instead of mv them, the selinux context gets assigned according to the location you're copying to, not where it's coming from. Running restorecon puts the context back to its default and fixes it too.
I've tried different cases and only when owner was set to nginx (chown -R nginx:nginx "/var/www/myfolder") - it started to work as expected.
If you're using SELinux, just type:
sudo chcon -v -R --type=httpd_sys_content_t /path/to/www/
This will fix permission issue.
Old question, but I had the same issue. I tried every answer above, nothing worked. What fixed it for me though was removing the domain, and adding it again. I'm using Plesk, and I installed Nginx AFTER the domain was already there.
Did a local backup to /var/www/backups first though. So I could easily copy back the files.
Strange problem....
We had the same issue, using Plesk Onyx 17. Instead of messing up with rights etc., solution was to add nginx user into psacln group, in which all the other domain owners (users) were:
usermod -aG psacln nginx
Now nginx has rights to access .htaccess or any other file necessary to properly show the content.
On the other hand, also make sure that Apache is in psaserv group, to serve static content:
usermod -aG psaserv apache
And don't forget to restart both Apache and Nginx in Plesk after! (and reload pages with Ctrl-F5)
I was facing the same issue but above solutions did not help.
So, after lot of struggle I found out that sestatus was set to enforce which blocks all the ports and by setting it to permissive all the issues were resolved.
sudo setenforce 0
Hope this helps someone like me.
I dug myself into a slight variant on this problem by mistakenly running the setfacl command. I ran:
sudo setfacl -m user:nginx:r /home/foo/bar
I abandoned this route in favor of adding nginx to the foo group, but that custom ACL was foiling nginx's attempts to access the file. I cleared it by running:
sudo setfacl -b /home/foo/bar
And then nginx was able to access the files.
If you are using PHP, make sure the index NGINX directive in the server block contains a index.php:
index index.php index.html;
For more info checkout the index directive in the official documentation.
Related
I cannot launch php-fpm on OpenSUSE.
When I run systemctl restart php-fpm.service
I receive the following error, after copying etc/php8/fpm/php-fpm.conf.default to etc/php8/fpm/php-fpm.conf
[25-Apr-2021 12:52:18] ERROR: failed to open configuration file '/etc/php8/fpm/php-fpm.conf': Permission denied (13)
[25-Apr-2021 12:52:18] ERROR: failed to load configuration file '/etc/php8/fpm/php-fpm.conf'
[25-Apr-2021 12:52:18] ERROR: FPM initialization failed
I had to switch to php7-fpm to make it works.
It seems that php-fpm does not work properly on OpenSUSE Tumbleweed.
No problem with apache mod php.
I had some of the issues as can be found in your post.
My setup:
php8 with nginx (fast-cgi NOT USING SOCK) works fine on my laptop
hardware: HP mobile workstation Compaq 8510w
Yes, I know, that is not the latest gear, but its very solid and stable.
It looks like it has been made for Linux!
Micros....urged me to upgrade it from W7 to W10
but left me alone with unsolvable issues. Their Troubleshooter told me
"Ask a friend" and that is what I did.
The friend said, try linux and that is why I am here now.
I never regretted and this is the only reason to say "Thank you Micros..."
Operating System: openSUSE Tumbleweed 20210
KDE Plasma Version: 5.22.5
KDE Frameworks Version: 5.85.0
Qt Version: 5.15.2
Kernel Version: 5.13.8-1-default (64-bit)
Graphics Platform: X11
Processors: 2 × Intel® Core™2 Duo CPU T9300 # 2.50GHz
Memory: 3.8 GiB of RA
Graphics Processor: AMD RV630
for peace of mind:
nginx and php have numerous safety-features.
Safety is very important, so keep an eye on the common IT-safety rules,
but be aware, that safety-rules can lock you out, if not implemented correctly.
Before doing any editing make backups of all original configuration files
for convenience:
I installed mc (Midnight Commander) and use nano as editor.
I added myself to the group wheel, so that I can use sudo without having to enter my password.
mc is very convenient for changing directories, jumping from file to file and editing configuration files, because you can use mc as root. Besides that you can easily change to the shell and back i.E to modify permissions or to use other shell-commands.
Further:
I created aliases in .bashrc enabling starting, stopping and checking
services with shortcuts.
alias sto='sudo systemctl stop $2'
alias str='sudo systemctl start $2'
alias rst='sudo systemctl restart $2'
alias sta='sudo systemctl status $2'
alias sn='sudo nano $2'
How to use them?
After editing your .bashrc do a
source .bashrc
To use these aliases you type the aliasname, a blank and the path to the file like for example for editing a file als sudo with nano try:
sn /etc/rc.local
or, to retrieve the status of php-fpm with just a few keystrokes:
sta php-fpm
I copied /etc/php8/php.ini to "php.ini.commented" and deleted all comments and non required options in the original
I also copied /etc/php8/cli/php.ini to php.ini.commented and deleted all
comments and non required options in the original
I did the same with /etc/php8/fpm/php-fpm.d/www.conf
for avoiding conflicts:
Before any other software operation, make sure that your system is running without errors.
Use
dmesg -l err
or
journalctl -b |grep error
Solve found errors first!
After verification you should execute a
sudo zypper dup
do not change more than 1 parameter per trial, when testing/modifying your configuration.
Check for result of modifications in logfiles after each step.
write comments in the modified config and -if using an advice from a website- paste the web-address as a comment since in a few days you might not remember why you configured as you did.
avoid multiple blanks in comments in configuration files, this can lead to a "parse error".
I use the pathnames as they are being configured by setup.
Do it like this, it will prevent problems after software-updates.
I did not use the original Tumbleweed user/group "wwwrun" and "www", instead I created a user "www-data" in group "www-data" exactly as in Raspberry debian 10.
with following commands
sudo chown -R www-data:www-data /srv
sudo chmod -R 755 /srv
I have changed ownership and permissions of all contents, that will be accessed by php-fpm.
In case you place symlinks in /srv/www/public to files elsewhere, you need to change the permissions in the files, the link is pointing to. For example if you create a symlink in /srv/www/public to your phpmyadmin data, you need to change the permissions for all files in /usr/share/mysql/phpmyadmin.
The user of the data in your pool /srv/www/public must be the same as the user, defined in /etc/nginx/nginx.conf, and
when using a pool named "public", user and group in the section [public] in /etc/php8/fpm/php-fpm.d/www.conf must also be the same .
This is crucial, most problems at startup of nginx are caused by wrong permissions.
STEP BY STEP
Begin with a basic setup, without any special features.
On request of friends I added my functional configuration files below
Do not copy configurations from it-specialists in the web, who might do complicated or exotic things, proxies, remote servers etc.
Especially if in those configurations there are expressions you don't understand , better don't use them.
Just get started, undo temporary solutions as soon as nginx is operational and make a backup of the first working basic configuration.
After that -but not earlier- you can start experimenting
Never use chmod 777 in any of the above directories, because that's is an invitation to get your system hacked.
Never change the mod 644, owner root:root in /var/log
The logfiles of php-fpm are being created and modified by root. Logfiles contain sensitive info.
Verify correct setup with:
ps -aux |grep php
The result should be similar to following lines. This means that php-fpm is being run by root:
root 1262 0.0 0.3 54024 13260 ? Ss 06:12 0:01 php-fpm: master process (/etc/php8/fpm/php-fpm.conf)
www-data 1335 0.0 0.2 54172 9576 ? S 06:12 0:00 php-fpm: pool public
Allowing access to anybody else is opening the doors for hackers. Keep in mind that you are using a browser to see your data, but other people may be able to browse them as well.
After having a running system it is easy to add further steps.
To start up there is no need for using sites-enabled in nginx
and you need to create just one pool in /etc/php8/fpm/php-fpm.d/www.conf
TROUBLESHOOTING FREQUENT ERRORS:
MySql-errors:
I presume here, that your mariadb/mysql has been setup correctly.
Missing or wrong permissions will cause "not found" errors.
Troubleshooting in mysql is documented very well and mysql has an interactive help function. Read the documentation and test access following steps of the mysql manuals. It would lead too far, to add a guide for that to this document.
php-fpm not starting:
failed to open configuration file '/etc/php8/fpm/php-fpm.conf': Permission denied (13)
With
sudo systemctl status php-fpm
you will find more details about what and how.
Possibly there is an access-issue when php-fpm tries creating a logfile "access.public.log" in /var/log by following the line access.log = "access.$pool.log" (look in file www.conf).
This error can be caused/suppressed by settings in apparmor.
Options are:
temporary disable apparmor
sudo systemctl stop apparmor
sudo systemctl disable apparmor
In openSUSE You can use Yast to configure apparmor
In case you made modifications the result can be found as below in:
/etc/apparmor.d/php-pfm
vim: ft=apparmor
profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected, complain) {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/openssl>
include <abstractions/php>
include <abstractions/ssl_certs>
include if exists <local/php-fpm>
include if exists <php-fpm.d>
capability chown,
capability dac_override,
capability kill,
capability net_admin,
capability setgid,
capability setuid,
signal send peer=php-fpm//*,
deny / rw,
/etc/php8/fpm/php-fpm.conf r,
/etc/php{,5,7}/* r,
/usr/sbin/php-fpm* rix,
owner /var/log/php*-fpm.log rw,
owner /var/log/public.acess.log rw,
#{PROC}/#{pid}/attr/{apparmor/,}current rw,
#{run}/php{,-fpm}/php*-fpm.pid rw,
#{run}/php{,-fpm}/php*-fpm.sock rwlk,
owner /etc/php8/fpm/php-fpm.d/www.conf r,
change_profile -> php-fpm//*,
}
or temporary comment the line
access.log = /var/log/$pool.access.log in your www.conf
To get started this file is not absolutely required
and commenting it helped me to suppress the "php-fpm could not be started" error.
The most important and detailed logfile is
/var/log/nginx/error.log
To debug, after every modification You should use
sudo tail -1 /var/log/nginx/error.log
You will see that most errors are permission errors either because mysql can't access your database or php-fpm can't use your php/html-files!
here my /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
#pid /run/nginx.pid; not required when using tcp
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etch/nginx/conf.d/*.conf;
server {
listen 80;
server_name 127.0.0.1;
root /srv/www/public; # without this root instruction nqinx will use /usr/ as prefix and you will get a not found error!
error_page 500 502 503 504 /50x.html; # redirect server error pages to the static page /50x.html
location = /50x.html {
root /srv/www/htdocs/;
}
location ~ \.php$ { # 404
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
# default fastcgi_params
# fastcgi settings
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT /srv/www/public;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /srv/www/public;
try_files $uri $uri/ =404;
index index.nginx-debian.html index.php index.html index.htm;
}
location ~ /\.ht {
# deny access to .htaccess files, if Apache's document root concurs with nginx's one
deny all;
}
include vhosts.d/*.conf;
}
}
filecontents of /etc/php8/fpm/php-fpm.d/www.conf
[public]
prefix = /srv/www/$pool
user = www-data
group = www-data
listen = 127.0.0.1:9000
;use these settings only if a socket is used
;listen.owner = www-data
;listen.group = www_data
;listen.mode = 0660
pm = static
pm.max_children = 1
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
; this optional feature is well documented in the file and further instructions for how to set it up can be found on the web
pm.status_path = /status
; if fpm-phm cannot start, temporary comment the two lines access.log, but reactivate the instructions as soon as php-fpm is operational
; if there are wrong permission-settings, php-fpm will not start
access.log = /var/log/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
catch_workers_output = yes
security.limit_extensions = .php .html
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 32M
file /etc/php8/fpm/php-fpm.conf
; FPM Configuration ;
[global]
process_control_timeout = 10
process.max = 128
daemonize = no
rlimit_core = 0
rlimit_files = 1024
events.mechanism = epoll
systemd_interval = 10
include=/etc/php8/fpm/php-fpm.d/*.conf
With this configuration I run several mysql-databases and content management as well as phpmyadmin.
The picture below is a screenshot of my Content Management System using a mysql database and self-designed forms in php-format.
In the location definitions there are no further instructions required, neither for loading stylesheets nor for pictures/movies.
A check with Google's developer tools in Chrome proofs, that all references and links to stylesheets, json-files and further directories have been found and that there are no errors.
Of course it took me some time to get all this running.
This answer may help everybody who wants to set up nginx and save time.
The documentation of nginx and php is complete and excellent. For most commands there is a --help option, man pages and a webpage.....
Yes, I know!
Help and man-pages are written by excellent IT-engineers,
some of these hexadecimal-thinking people might have difficultes
to translate their digital slang to human-understandable language.
That's why some pages are more confusing than helping.
Anyway, press the F1-key, try the help and forgive them.
Where would we be without them?
In my little network here, I am using a 24/7 running Raspberry Pi 3 B+ with 64 bit OS as server, that stores data on two USB drives.
The configuration for accessing local files on this server is nearly the same as the configuration on my laptop.
There are just two little differences:
On "debian buster" the application php8 is named php8.0 and a few directories have different names, so you can use above configuration files for Raspberry debian buster with the following restriction: the pertinent 'include' lines are different and need to be altered according to the location-names of the config-files .
My nginx.conf on the Raspberry-server has a few lines of extra code, in order to enable access to contents via DDNS, but that is a different chapter.
I would like to emphasize that I am not an IT-specialist. I have collected some experience in computing during my professional activities as mechanical engineer, all further know-how came from pressing the F1-key, reading forum-contributions, manuals, helpfiles, webpages and -not to forget- from made mistakes.
I hope that this may encourage others, to keep trying. Linux is structured very clearly and can be understood easily. Google errors, watch your logfiles attentively and enjoy the fun of finally running a fully operational php-fpm/nginx.
I need to remind you once more:
Don't forget to reset all temporary solutions.
Cheers
This is related to apparmor settings. Please edit /etc/apparmor.d/php-fpm:
19 /etc/php{,5,7,8}/** r,
to allow access to directory /etc/php8/ by php-fpm process.
I'm trying to start a Wordpress site on my Debian server, using Nginx and php5. I followed different tutorials but stuck : the server is responding 200 http responses to any url typed from the domain name, mes-affaires doot xyz . My browser is showing a blank page, but no error too.
As the server is responding 200 responses I'm not getting any error log in the Nginx log files which is a problem to know what to do.
Any idea why it's showing a blank screen or how I could spot the current error?
Thanks
Your problem can be caused by many factors:
1. A poorly configured nginx (Read Configuring Nginx)
2. A permission problem (Read step 5 of Configuring Nginx)
3. A missing php module that you can find out enabling PHP error_reporting (Read Pages are still blank? Php error_reporting
September)
Configuring Nginx
Nginx works a little differently from Apache and if you do not use a management panel, the procedure is a bit complicated.
1. sudo apt-get install nginx php5-fpm mysql mysql-dev next activate mysql sudo mysql_install_dband run the setup script sudo /usr/bin/mysql_secure_installation
2. Create a folder in /var/www with your site name (mkdir mess-affaires)
3. go to /etc/nginx/sites-available and create a file with the same name as your domain (touch mess-affaires.xyz)
4. Open your new file with an editor (nano mess-affaires.xyz) and add these lines:
server {
listen 80;
root /var/www/mess-affaires;
index index.html index.htm index.php;
server_name www.mess-affaires.xyz mess-affaires.xyz;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
}
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
4.1. After this you need to link it to your sites-enabled folder using:
sudo ln -s /etc/nginx/sites-available/mess-affaires.xyz /etc/nginx/sites-enabled/mess-affaires.xyz
Nginx set a default file for example in your sites-available, delete it to avoid the "conflicting server name error":
sudo rm /etc/nginx/sites-enabled/default
4.2. Restart your nginx installation with sudo service nginx restart
5. Set permission to your folder sudo chown -R www-data:www-data /var/www/mess-affaires/ and make sure that everyone is able to read your new files sudo chmod 755 /var/www o to your folder /var/www/mess-affaires and upload the wordpress installation, now you see the website.
If you still don't see anything, see the point 6
6. If you do not see anything, go to your terminal and type:
chmod -R 777 /var/www/mess-affaires
Configuring mysql/phpmyadmin with nginx
Wordpress is a web application that require a mysql database, go to install it!
1. sudo apt-get install phpmyadmin
2. sudo ln -s /usr/share/phpmyadmin /usr/share/nginx/html
3. Now we must now allow the mcrypt module in php sudo php5enmod mcrypt
4. restart phpfpm sudo service php5-fpm restart
5. visit http://YOUR_SERVER_IP/phpmyadmin, log-in and create a new database for your wordpress installation
Pages are still blank? Set php error_reporting
If your pages are still blank, enable php error_reporting.
To do this you can try two ways:
Set error_reporting from your php files
Open your Wordpress index.php and put these lines to the very top of your page (after
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);
Set error_reporting from php5-fpm.conf
Open with an editor your php5-fpm-conf, try one of these directories:
/etc/php-fpm.d/mydomain.conf
/etc/php-fpm.conf
If you sing my guide, you have not the native php installation but php5-fpm and you can configure your .conf file error params like this:
; enable display of errors
php_flag[display_errors] = on
php_flag[display_startup_errors] = on
If you use a native php installation, set your config error_reporting like this:
; enable display of errors
display_errors = On
display_startup_errors = On
I have created a fresh Laravel application by using composer create-project command. Then I put all the folders and files in /usr/share/nginx/html/, which is the default document root for my nginx server. However everytime I runs the http://localhost, it keeps displaying 403 Forbiden. I tried creating a testing index.php (<? php_info();) and it worked fine.
I've read somewhere that I need to set the containing folder (/html), as well as the app/storage folder permission to 777 but still no luck.
Please help me. Thank you in advance.
Here is the nginx default.conf
Laravel projects serve from the <projectName>/public directory. Make sure your nginx config is set up to look there for your index file and NOT in your <projectName> folder only.
Would you edit your question and paste your server config there?
I think it may because index.php is not in the index file list. check these lines:
index index.html index.php;
or
try_files $uri $uri/ =404;
The accepted answer is correct - Laravel services from the public folder and you need to tell nginx to look there - but also a little vague if you're bumping up against this problem. When you create new sites on a Homestead installation by adding them to your .yaml file and using vagrant provision or vagrant up --provision, the created nginx conf file will need editing before Laravel will serve files correctly.
Go to your CLI, and enter Homestead using vagrant ssh or homestead ssh. It will ask for your password, which by default is "vagrant".
Once you're in the virtual machine, type the following commands:
sudo nano /etc/nginx/sites-enabled/your-site-name-here
Then add /public to the end of the existing root near the top of the file (it'll be something like /home/vagrant/projects/your-site to begin with and save in Nano (ctrl+s), then exit nano (ctrl+x).
Once you've exited Nano, restart nginx using sudo nginx -s reload. Your routing will now work!
We have websites running on a linux server with apache httpd and php. On that server a certain directory from a windows server is mounted as let's say /mnt/some_directory/. I can browse this directory with both WinSCP or SSH, using my own user account.
I can also perform the following in SSH:
php -r "print_r(file_get_contents('/mnt/some_directory/file_name.txt'));"
and see contents of that file.
We need to read a file and parse from that directory in order to import it in the database that is used by the website. But when an fopen or a file_get_contents on the website we get a permission denied error.
I have limited access to the web server (and limited knowledge of *nix and apache configuration), but the administrator that is supposed to resolve this apparently is also lacking this knowledge and I need to have this task resolved,that's why I am asking here.
What the admin did was to set the group and ownership of the mounted directory to"apache", which is the user the httpd process is running as. But that didn't help.
As far as I know access to files outside of the webroot is disallowed by default. Would it be sufficient to set a DIRECTORY directive in httpd.conf for /mnt/some_directory/? Or is there anything else that has to be done?
our team had the same issue, my team-mate was able to resolve this by adding context to mount options.
we are using the following format for mounting windows shared folder to linux that apache will be able to access:
mount -v -t cifs <//$hostname/$(windows shared dir)> <mount directory> -o username="<username>",password=<password>,domain=<domain name>,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"
For example:
mount -v -t cifs //192.168.1.19/sample_dir /mnt/mount_dir -o username="admin",password=adminpwd,domain=MIINTER,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"
Link the mounted directory to your www root dir and name the link "share"
ln -s /mnt/some_directory /path/to/your/www/root/directory/share
than try reading the file
php -r "print_r(file_get_contents('/path/to/your/www/root/directory/share/file_name.txt'));"
...or you can allow (if you have enough privileges to edit the webserver's configuration)
<Directory /mnt/somedirectory >
Allow from All
</Directory>
i have seen the same problem with a cifs mount
linux/unix apache that user can have access to the mounted volume, but not apache.
see also this: EnableSendfile off
but when turned off, apache may work slowly,
in .htaccess, only for the cifs mount path, it should work ... .
http://httpd.apache.org/docs/current/en/mod/core.html
best regards
L.Tomas
I get a 502 Bad Gateway with nginx when using spawn fcgi to spawn php5-cgi.
I use this to span an instance on server start using the following line in rc.local
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid
presumably I'm getting the error because the spawn-fcgi / php5-cgi dies and there is nothing listening there anymore to parse php.
I get nothing in the logs that I can see anywhere, I'm out of ideas (and new to this setup with nginx)
I executed my localhost and the page displayed the 502 bad gateway message. This helped me:
Edit /etc/php5/fpm/pool.d/www.conf
Change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
Ensure the location is set properly in nginx.conf.
Run sudo service php5-fpm restart
Maybe it will help you.
Source from: http://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm
The 502 error appears because nginx cannot hand off to php5-cgi. You can try reconfiguring php5-cgi to use unix sockets as opposed to tcp .. then adjust the server config to point to the socket instead of the tcp ...
ps auxww | grep php5-cgi #-- is the process running?
netstat -an | grep 9000 # is the port open?
Go to /etc/php5/fpm/pool.d/www.conf and if you are using sockets or this line is uncommented
listen = /var/run/php5-fpm.sock
Set couple of other values too:-
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Don't forget to restart php-fpm and nginx. Make sure you are using the same nginx owner and group name.
You have to match the settings for PHP-FPM and Nginx to communicate over sockets or TCP.
So go to /etc/php5/fpm/pool.d/www.conf and look for this line:
listen = /var/run/php5-fpm.sock
Then go to /etc/nginx/nginx.conf
Look for this:
upstream php {
server unix:/var/run/php5-fpm.socket;
}
Match those values and you should be all set.
If running a linux server, make sure that your IPTABLES configuration is correct.
Execute sudo iptables -L -n , you will recieve a listing of your open ports. If there is not an Iptables Rule to open the port serving the fcgi script you will receive a 502 error. The Iptables Rule which opens the correct port must be listed before any rule which categorically rejects all packets (i.e. a rule of the form "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable or similar)
On my configuration, to properly open the port, I had to execute this command (assume my fcgi server is running at port 4567):
sudo iptables -I INPUT 1 -p tcp --dport 4567 -j ACCEPT
WARNING: This will open port 4567 to the whole world.
So it might be better to do something like this:
sudo iptables-save >> backup.iptables
sudo iptables -D INPUT 1 #Delete the previously entered rule
sudo iptables -I INPUT 1 -p tcp --dport 8080 -s localhost -j ACCEPT # Add new rule
Doing this removed the 502 error for me.
change
fastcgi_pass unix:/var/run/php-fpm.sock;
to
fastcgi_pass unix:/var/run/php5-fpm.sock;
When I did sudo /etc/init.d/php-fpm start I got the following error:
Starting php-fpm: [28-Mar-2013 16:18:16] ERROR: [pool www] cannot get uid for user 'apache'
I guess /etc/php-fpm.d/www.conf needs to know the user that the webserver is running as and assumes it's apache when, for nginx, it's actually nginx, and needs to be changed.
You can make nginx ignore client aborts using:
location / {
proxy_ignore_client_abort on;
}
I had the same problem while setting up an Ubuntu server. Turns out I was having the problem due to incorrect permissions on socket file.
If you are having the problem due to a permission problem, you can uncomment the following lines from: /etc/php5/fpm/pool.d/www.conf
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Alternatively, although I wouldn't recommend, you can give read and write permissions to all groups by using the following command.
sudo chmod go+rw /var/run/php5-fpm.sock
Try disabling the xcache or apc modules. Seems to cause a problem with some versions are saving objects to a session variable.
Hope this tip will save someone else's life. In my case the problem was that I ran out of memory, but only slightly, was hard to think about it. Wasted 3hrs on that. I recommend running:
sudo htop
or
sudo free -m
...along with running problematic requests on the server to see if your memory doesn't run out. And if it does like in my case, you need to create a swap file (unless you already have one).
I have followed this tutorial to create swap file on Ubuntu Server 14.04 and it worked just fine:
http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/
If you're on Ubuntu, and all of the above has failed you, AppArmor is most likely to blame.
Here is a good guide how to fix it: https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04
Long story short:
vi /etc/apparmor.d/nginx
Or
sudo aa-complain nginx
sudo service nginx restart
See everything working nicely... then
sudo aa-logprof
I still had problems with Nginx not being able to read error.log, even though it had all the permissions possible, including in Apparomor. I'm guessing it's got something to do with the order of the entries, or some interaction with Passenger or PHP-Fpm... I've run out of time to troubleshoot this and have gone back to Apache for now. (Apache performs much better too FYI.)
AppArmor just lets Nginx do whatever it wants if you just remove the profile:
rm /etc/apparmor.d/nginx
service apparmor reload
Shockingly, but hardly surprising, a lot of posts on fixing Nginx errors resorts to completely disabling SELinux or removing AppArmor. That's a bad idea because you lose protection from a whole lot of software. Just removing the Nginx profile is a better way to troubleshoot your config files. Once you know that the problem isn't in your Nginx config files, you can take the time to create a proper AppArmor profile.
Without an AppArmor profile, especially if you run something like Passenger too, I give your server about a month to get backdoored.
For me the error was in default file of Nginx
located at /etc/nginx/sites-available/default
I noticed the version of php-fpm used was 7.0 and the php version i downloaded was 7.2
I simply changed the version to 7.2 and it worked.
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
Similar setup here and looks like it was just a bug in my code. At the start of my app I looked for the offending URL and this worked: echo '<html>test</html>'; exit();
In my case, turns out the problem was an uninitialized variable that only failed under peculiar circumstances.