I fail to connect to php5-fpm.sock. I have tried many solutions but still getting this error:
2017/11/20 11:17:21 [crit] 9670#9670: *1 connect() to unix:/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.224.8, server: babylon, request: "GET /webmail/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "babylon"
My configuration is like this:
location /webmail {
alias /srv/roundcubemail;
index index.php index.html;
# Favicon
location ~ ^/webmail/favicon.ico$ {
root /srv/roundcubemail/skins/classic/images;
log_not_found off;
access_log off;
expires max;
}
# Robots file
location ~ ^/webmail/robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny Protected directories
location ~ ^/webmail/(config|temp|logs)/ {
deny all;
}
location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/webmail/(bin|SQL)/ {
deny all;
}
# Hide .md files
location ~ ^/webmail/(.+\.md)$ {
deny all;
}
# Hide all dot files
location ~ ^/webmail/\. {
deny all;
access_log off;
log_not_found off;
}
#Roundcube fastcgi config
location ~ /webmail(/.*\.php)$ {
error_log /var/log/nginx/x.log error;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Is it maybe a problem with permissions over directories? I don't think so.
The attempts that I made were:
I change the listen of my www.conf, for socket and IP but still not working
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
I have restarted php5-fm and nginx and still nothing.
Any ideas how I can fix that?
First, ensure that php-fpm is installed, you could use this to check the current version if any:
php-fpm -v
Second check the php-fpm.conf configuration, and search for this line:
listen = /tmp/php-fpm.socket
In case it doesn't exist just add it, it can be also something like:
listen = /var/run/php5-fpm.sock
In some Linux distros normally this is used:
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
In case you want to use a TCP socket:
Listen 127.0.0.1:9000
Restart php-fpm and check that the socket has been created in case of using a Unix domain socket, this can be done by doing this:
$ file /var/run/php5-fpm.sock
If socket exists if should print out something like this:
/var/run/php5-fpm.sock: socket
Could you please ensure those settings on your PHP-fpm/www.conf file
.....
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data
......
Then Restart PHP-fpm under root user.
listen.owner = nginx
listen.group = nginx
Related
I was running Ubuntu server 20.04 quite successfully with Ired mail and 2 websites, one of them with WordPress.
I wanted to install Nextcloud, to do that I had to reinstall php-fpm to generate php7.4-fpm.sock. After this Nextcloud worked, but my other websites stopped working with error '502 Bad Gateway'.
So to say the least, I'm very confused!
I followed this article to install Nextcloud and set up the sites-enabled .conf file as per instructions: https://www.linuxbabe.com/ubuntu/install-nextcloud-ubuntu-20-04-nginx-lemp-stack/amp
I think I understand that the .conf file used to listen on 127.0.0.1:XXXX and now listens on php7.4-fpm.sock?
Here is the .conf file that I have put together for my website after re-installing php-fpm:
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name SOMEWEBSITE www.SOMEWEBSITE;
error_log /var/log/nginx/localhost.error_log info;
root /var/www/SOMEWEBSITE/html;
index index.php index.html;
include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
include /etc/nginx/templates/netdata.tmpl;
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/stub_status.tmpl;
location / {
try_files $uri $uri/ /index.php?q=$uri$args;
}
# PHP handling
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /etc/letsencrypt/live/SOMEWEBSITE/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/SOMEWEBSITE/privkey.pem; # managed by Certbot
}
# Redirect http to https
server {
listen 80;
listen [::]:80;
server_name SOMEWEBSITE www.SOMEWEBSITE;
return 301 https://$host$request_uri;
}
I have checked the file permissions for php7.4-fpm.sock
ll /var/run/php/ | grep php
-rw-r--r-- 1 root root 3 May 22 21:13 php7.4-fpm.pid
srw-rw---- 1 www-data www-data 0 May 22 21:13 php7.4-fpm.sock=
lrwxrwxrwx 1 root root 30 May 22 21:13 php-fpm.sock -> /etc/alternatives/php-fpm.sock=
and I think it looks ok.
here is the log file:
2021/05/23 20:32:52 [error] 43596#43596: *305 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xxx.xxx, server: SOMEWEBSITE, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9999", host: "SOMEWEBSITE"
2021/05/23 20:32:53 [info] 43596#43596: *305 client xx.xx.xxx.xxx closed keepalive connection
Any Ideas? Need any more information? Thank you in advance for looking.
PHP-FPM can listen using two method for accepting fastcgi request. using TCP Socket or with Unix Socket.
You can sepecify it in php-fpm configuration, In Ubuntu the configuration is in /etc/php/7.4/fpm/pool.d/www.conf and check listen configuration.
If you want to use unix socket, use configuration below.
listen = /run/php/php7.4-fpm.sock
For TCP Socket.
listen = 127.0.0.1:9000
Next in nginx you can specify fastcgi_pass based on fpm configuration. If you using Unix socket, all your website, include Nextcloud must be using Unix Socket.
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
If you using TCP Socket, you must change the nginx configuration for Nextcloud to pass from TCP Socket.
fastcgi_pass 127.0.0.1:9000;
I have faced this issue as well. the problem is php-fpm didnt listen port 9999 (In my case i use port 9999). To make /mail/ work. u need to change below config file. change ip:port change to socket
/etc/php/fpm/pool.d/www.conf
listen = /var/run/php/php7.2-fpm.sock
/etc/nginx/templates/fastcgi_php.tmpl
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
I am running alpine 3.12 container with a few custom configuration like so:
FROM alpine:3.12
[some irrelevant stuff]
# Switch to use a non-root user from here on
USER nobody
# Expose the port nginx is reachable on
EXPOSE 8080
# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --fail http://127.0.0.1:8080/fpm-ping
I have my nginx.conf with the following data:
worker_processes 1;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
keepalive_timeout 65;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Default server definition
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
sendfile off;
root /var/www/html/public;
index index.php index.html;
location / {
# try_files $uri $uri/ /index.php?q=$uri&$args;
try_files $uri $uri/ /index.php$is_args$args;
}
# Redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html/public;
}
# Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires 5d;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
gzip_vary on;
gzip_disable "msie6";
# Include other server configs
include /etc/nginx/conf.d/*.conf;
}
and my supervisord config such as:
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:php-fpm]
command=php-fpm7 -F
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
[program:nginx]
command=nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
and in my php-fpm/www.conf:
[global]
; Log to stderr
error_log = /dev/stderr
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Enable status page
pm.status_path = /fpm-status
; Ondemand process manager
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 100
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 1000
; Make sure the FPM workers can reach the environment variables for configuration
clear_env = no
; Catch output from PHP
catch_workers_output = yes
; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
decorate_workers_output = no
; Enable ping page to use in healthcheck
ping.path = /fpm-ping
So my question: Where is this error log coming from???
[crit] 9#9: *2 connect() to unix:/var/run/php7.3-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 172.17.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.3-fpm.sock:", host: "127.0.0.1:8080"
It should really not be triggered, since I never specify php-fpm to listen to this socket. Where does it come from???
I have been struggling lately on installing latest nginx 1.14, php 7.2.5 and mariaDB 10.3.7 on CentOS 7 on virtualbox on macOS.
Finally php is working, I have already tested php_info(), index.php, testDBconnection.php successfully and even redirecting to a /public folder.
However, when copying my Slim 3 application to folder, I get this error:
access denied
I access the log via # tail /var/log/nginx/error.log and the output is the following:
PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /var/opt/remi/php72/lib/php/session) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5" while reading response header from upstream, client: 192.168.1.71, server: slim3.local, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "slim3.local"
2018/06/23 01:27:40 [error] 2514#2514: *5 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/var/opt/remi/php72/lib/php/session/sess_1ncvjg5us9384bs0m6vo0m46k7, O_RDWR) failed: Permission denied (13) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5
PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /var/opt/remi/php72/lib/php/session) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5" while reading response header from upstream, client: 192.168.1.71, server: slim3.local, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "slim3.local"
Line 5 of app.php is:
session_start();
Moreover, it looks weird to see the ip address http://192.168.1.71/ when it is actually http://192.168.1.76/
I have changed permissions in /var/opt/remi/php72/lib/php to folders session, opcache, & wsdlcache by using the following command:
# chown nginx:nginx /var/opt/remi/php72/lib/php/session
I have restarted all:
# systemctl restart php72-php-fpm
# systemctl restart nginx
Also I have tried:
# grep session.save_path /etc/opt/remi/php72/php.ini
; session.save_path = "N;/path"
; session.save_path = "N;MODE;/path"
;session.save_path = "/tmp"
; (see session.save_path above), then garbage collection does *not*
I reload the page "http://slim3.local" and I still get the same access denied error!
:(
# ls -la
returns
# ls -lah /var/opt/remi/php72/lib/php/
total 0
drwx------. 5 nginx nginx 53 jun 19 19:51 .
drwxr-xr-x. 7 root root 71 jun 19 19:51 ..
drwx------. 3 nginx nginx 46 jun 25 19:02 opcache
drwxrwx---+ 2 nginx nginx 84 jun 25 19:02 session
drwx------. 2 nginx nginx 6 may 23 01:59 wsdlcache
the www.conf file
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
...
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = nginx
...
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
...
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path] = /var/opt/remi/php72/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/opt/remi/php72/lib/php/wsdlcache
php_value[opcache.file_cache] = /var/opt/remi/php72/lib/php/opcache
In the php.ini file i got:
...
cgi.fix_pathinfo=1
...
session.save_path = "/var/opt/remi/php72/lib/php/session"
...
nginx default.conf file:
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
#root /usr/share/nginx/html;
index index.html index.htm index.php;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri = 404;
include /etc/nginx/fastcgi_params;
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
my nginx virtual.conf
server {
server_name slim3.local;
root /usr/share/nginx/html/slim3nc.local/public;#without this line, it throws NOT FOUND
location / {
index index.html index.htm index.php;
}
location ~ \.php$ {
try_files $uri = 404;
include /etc/nginx/fastcgi_params;
root /usr/share/nginx/html/slim3nc.local/public;#Esta carpeta influye más
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#include /etc/nginx/fastcgi_params;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/slim3nc.dev$fastcgi_script_name;
}
}
and the command
# lsattr /var/opt/remi/php72/lib/php/session
returns
---------------- /var/opt/remi/php72/lib/php/session/sess_1ncvjg5us9384bs0m6vo0m46k7
---------------- /var/opt/remi/php72/lib/php/session/sess_923979fqgr7r807majmn114vuk
Testing sestatus
# sestatus
It returns
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
And if I apply
# setenforce 0
it returns
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Moreover, I have tried to change the setup in path for cache right on Slim3 container settings and nothing works :(
$container['view'] = function ($container) {
$view = new \Slim\Views\Twig(__DIR__ . '/../resources/views', [
'cache' => false,/*__DIR__ .'/../cache/views', *//* todo 'path/to/cache' on production, we need to set up a directory to cache the views*/
'debug' => false, /*todo Turn this off in production*/
]);
...
return $view;
};
I still get the message in a blank page
access denied
This slim 3 web app I got does not work in any server: centOS 7 production, laravel homestead, ubuntu 16, ... it simply doesn't work!!!
What am I missing?
How do I fix this??
-> Meanwhile I am using Laravel ...
I got error message:
FastCGI sent in stderr: "Unable to open primary script: /home/messi/web/wordpress/index.php (No such file or directory)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.domain.com
here are my configuration files:
/etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
doc_root =
user_dir =
....
/etc/php5/fpm/php-fpm.conf
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf
/etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
security.limit_extensions = .php .php3 .php4 .php5
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server_tokens off;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/wordpress
server {
listen 80;
server_name www.domain.com;
root /home/messi/web/wordpress;
error_log /var/log/nginx/err.wordpress.log;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Setup user permission:
#adduser www-data messi
#chown -R www-data:www-data /home/messi/web
#chmod -R 664 /home/messi/web/wordpress
How can I resolve this?
Thanks
SELinux will cause this error on CentOS/RHEL 7+ by default :(
To test if SELinux is the source of your woes, do
setenforce 0
... and see if everything works. If that fixed it, you can leave SELinux off (weak, you're better than that), or you can turn it back on with
setenforce 1
... and then properly fix the issue.
If you do
tail -f /var/log/audit/audit.log
... you'll see the SELinux issue. In my case, it was denying PHP-FPM access to web files. You can run the following directives to fix it:
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_network_connect 1
This actually didn't fix it for me at first, but then restoring SELinux context did it
restorecon -R -v /var/www
Hope that helps.
This is likely a permissions problem.
Make sure that every parent directory has +x permissions for the user (the nginx user and/or php-fpm user).
You can check these permissions with: namei -om /path/to/file.
If you have symlinks, make sure they point to a valid path.
Make sure chroots have access to the right paths.
Make sure SELinux (e.g. Fedora / Centos) or AppArmor (e.g. Ubuntu) or any other MAC security systems are not interfering with the file access.
For SeLinux:
Check /var/log/audit/audit.log or /var/log/messages
For AppArmor:
Im not a Ubuntu user and as far as I understand the logging for AppArmor isnt always easy to figure out. You might check here for info: http://ubuntuforums.org/showthread.php?t=1733231
It was SELinux in my case as well. I read some documentation found here:
https://wiki.centos.org/HowTos/SELinux
https://linux.die.net/man/1/chcon
and ended up with the command:
chcon -R -v --type=httpd_sys_content_t html/
....this changed the context of the files to the httpd type which is what my web server (Nginx) was running as.
You can find what context your web server runs as using:
ps axZ | grep nginx
....which in my case gave me:
system_u:system_r:**httpd_t**:s0 6246 ? Ss 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
system_u:system_r:**httpd_t**:s0 6249 ? S 0:00 nginx: worker process
Seeing the context of the running service was httpd_t I changed the context of my web site's root folder to that (recursively)
The point of SELinux is to only allow services and processes to access files of the same type as them. Since the web server ran as httpd_t than it made sense to set the context of the files/folder in the site to the same.
I'm new at this by the way.... But this seemed to be the best approach to me. It kept SELinux enabled, didn't lessen the security of what it does, nad matched up context of the files with the process/service.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ->
fastcgi_param SCRIPT_FILENAME/home/messi/web/wordpress$fastcgi_script_name;
My first time using Nginx, but I am more than familiar with Apache and Linux. I am using an existing project and when ever I am trying to see the index.php I get a 404 File not found.
Here is the access.log entry:
2013/06/19 16:23:23 [error] 2216#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.ordercloud.lh"
And here is the sites-available file:
server {
# Listening on port 80 without an IP address is only recommended if you are not running multiple v-hosts
listen 80;
# Bind to the public IP bound to your domain
#listen 127.0.0.11:80;
# Specify this vhost's domain name
server_name www.ordercloud.lh;
root /home/willem/git/console/frontend/www;
index index.php index.html index.htm;
# Specify log locations for current site
access_log /var/log/access.log;
error_log /var/log/error.log warn;
# Typically I create a restrictions.conf file that I then include across all of my vhosts
#include conf.d/restrictions.conf;
# I've included the content of my restrictions.conf in-line for this example
# BEGIN restrictions.conf
# Disable logging for favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Disable logging for robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# END restrictions.conf
# Typically I create a yiiframework.conf file that I then include across all of my yii vhosts
#include conf.d/yiiframework.conf;
# I've included the content of my yiiframework.conf in-line for this example
# BEGIN yiiframework.conf
# Block access to protected, framework, and nbproject (artifact from Netbeans)
location ~ /(protected|framework|nbproject) {
deny all;
access_log off;
log_not_found off;
}
# Block access to theme-folder views directories
location ~ /themes/\w+/views {
deny all;
access_log off;
log_not_found off;
}
# Attempt the uri, uri+/, then fall back to yii's index.php with args included
# Note: old examples use IF statements, which nginx considers evil, this approach is more widely supported
location / {
try_files $uri $uri/ /index.php?$args;
}
# END yiiframework.conf
# Tell browser to cache image files for 24 hours, do not log missing images
# I typically keep this after the yii rules, so that there is no conflict with content served by Yii
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
# Block for processing PHP files
# Specifically matches URIs ending in .php
location ~ \.php$ {
try_files $uri =404;
fastcgi_intercept_errors on;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
include fastcgi_params;
#fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
fastcgi_pass 127.0.0.1:9000;
}
}
My /home/willem/git/console is owned by www-data:www-data (my web user running php etc) and I have given it 777 permissions out of frustration...
Can anybody advise?
That message from the fastcgi server usually means that the SCRIPT_FILENAME that it was given was not found or inaccessible as a file on its filesystem.
Checkout file permissions on /home/willem/git/console/frontend/www/index.php
Is it 644?
And /home/willem/git/console/frontend/www/
Is it 755?
Ok, so 3 things I found after a day of struggling
For some reason I had already something running on port 9000 so I
changed to 9001
My default site was intercepting my new one, once again I don't
under stand why since it shouldn't, but I just unlinked it
Nginx doesn't automatically do the sym link for sites-available to
site-enabled.
Hope this saves someone some trouble!
Here is a more detailed link in server fault: https://serverfault.com/questions/517190/nginx-1-fastcgi-sent-in-stderr-primary-script-unknown/517207#517207
In case anyone had the same error: in my case the problem was the missing root directive inside the location block in nginx.conf, as explained in the Arch wiki
"Primary script unknown" is caused by SELinux security context.
client get the response
File not found.
nginx error.log has the following error message
*19 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
so just change security context type of web root folder to httpd_sys_content_t
chcon -R -t httpd_sys_content_t /var/www/show
there are 3 users for nginx/php-fpm config
/etc/nginx/nginx.conf
user nobody nobody; ### `user-1`, this is the user run nginx woker process
...
include servers/*.conf;
/etc/nginx/servers/www.conf
location ~ \.php$ {
# fastcgi_pass 127.0.0.1:9000; # tcp socket
fastcgi_pass unix:/var/run/php-fpm/fpm-www.sock; # unix socket
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
/etc/php-fpm.d/www.conf
[www]
user = apache ### `user-2`, this is the user run php-fpm pool process
user = apache
;listen = 127.0.0.1:9000 # tcp socket
listen = /var/run/php-fpm/fpm-www.sock # unix socket
listen.onwer = nobody ### `user-3`, this is the user for unix socket, like /var/run/php-fpm/fpm-www.sock
listen.group = nobody # for tcp socket, these lines can be commented
listen.mode = 0660
user-1 and user-2 is not necessary to be the same.
for unix socket, user-1 need to be the same as user-3,
as nginx fastcgi_pass must have read/write permission on the unix socket.
otherwise nginx will get 502 Bad Gateway, and nginx error.log has the following error message
*36 connect() to unix:/var/run/php-fpm/fpm-www.sock failed (13: Permission denied) while connecting to upstream
I dont know how the $document_root is calculated but I resolved the issue , by
really making sure that my document root is at /usr/share/nginx/ just wher the html folder exist