I cannot launch php-fpm on OpenSUSE.
When I run systemctl restart php-fpm.service
I receive the following error, after copying etc/php8/fpm/php-fpm.conf.default to etc/php8/fpm/php-fpm.conf
[25-Apr-2021 12:52:18] ERROR: failed to open configuration file '/etc/php8/fpm/php-fpm.conf': Permission denied (13)
[25-Apr-2021 12:52:18] ERROR: failed to load configuration file '/etc/php8/fpm/php-fpm.conf'
[25-Apr-2021 12:52:18] ERROR: FPM initialization failed
I had to switch to php7-fpm to make it works.
It seems that php-fpm does not work properly on OpenSUSE Tumbleweed.
No problem with apache mod php.
I had some of the issues as can be found in your post.
My setup:
php8 with nginx (fast-cgi NOT USING SOCK) works fine on my laptop
hardware: HP mobile workstation Compaq 8510w
Yes, I know, that is not the latest gear, but its very solid and stable.
It looks like it has been made for Linux!
Micros....urged me to upgrade it from W7 to W10
but left me alone with unsolvable issues. Their Troubleshooter told me
"Ask a friend" and that is what I did.
The friend said, try linux and that is why I am here now.
I never regretted and this is the only reason to say "Thank you Micros..."
Operating System: openSUSE Tumbleweed 20210
KDE Plasma Version: 5.22.5
KDE Frameworks Version: 5.85.0
Qt Version: 5.15.2
Kernel Version: 5.13.8-1-default (64-bit)
Graphics Platform: X11
Processors: 2 × Intel® Core™2 Duo CPU T9300 # 2.50GHz
Memory: 3.8 GiB of RA
Graphics Processor: AMD RV630
for peace of mind:
nginx and php have numerous safety-features.
Safety is very important, so keep an eye on the common IT-safety rules,
but be aware, that safety-rules can lock you out, if not implemented correctly.
Before doing any editing make backups of all original configuration files
for convenience:
I installed mc (Midnight Commander) and use nano as editor.
I added myself to the group wheel, so that I can use sudo without having to enter my password.
mc is very convenient for changing directories, jumping from file to file and editing configuration files, because you can use mc as root. Besides that you can easily change to the shell and back i.E to modify permissions or to use other shell-commands.
Further:
I created aliases in .bashrc enabling starting, stopping and checking
services with shortcuts.
alias sto='sudo systemctl stop $2'
alias str='sudo systemctl start $2'
alias rst='sudo systemctl restart $2'
alias sta='sudo systemctl status $2'
alias sn='sudo nano $2'
How to use them?
After editing your .bashrc do a
source .bashrc
To use these aliases you type the aliasname, a blank and the path to the file like for example for editing a file als sudo with nano try:
sn /etc/rc.local
or, to retrieve the status of php-fpm with just a few keystrokes:
sta php-fpm
I copied /etc/php8/php.ini to "php.ini.commented" and deleted all comments and non required options in the original
I also copied /etc/php8/cli/php.ini to php.ini.commented and deleted all
comments and non required options in the original
I did the same with /etc/php8/fpm/php-fpm.d/www.conf
for avoiding conflicts:
Before any other software operation, make sure that your system is running without errors.
Use
dmesg -l err
or
journalctl -b |grep error
Solve found errors first!
After verification you should execute a
sudo zypper dup
do not change more than 1 parameter per trial, when testing/modifying your configuration.
Check for result of modifications in logfiles after each step.
write comments in the modified config and -if using an advice from a website- paste the web-address as a comment since in a few days you might not remember why you configured as you did.
avoid multiple blanks in comments in configuration files, this can lead to a "parse error".
I use the pathnames as they are being configured by setup.
Do it like this, it will prevent problems after software-updates.
I did not use the original Tumbleweed user/group "wwwrun" and "www", instead I created a user "www-data" in group "www-data" exactly as in Raspberry debian 10.
with following commands
sudo chown -R www-data:www-data /srv
sudo chmod -R 755 /srv
I have changed ownership and permissions of all contents, that will be accessed by php-fpm.
In case you place symlinks in /srv/www/public to files elsewhere, you need to change the permissions in the files, the link is pointing to. For example if you create a symlink in /srv/www/public to your phpmyadmin data, you need to change the permissions for all files in /usr/share/mysql/phpmyadmin.
The user of the data in your pool /srv/www/public must be the same as the user, defined in /etc/nginx/nginx.conf, and
when using a pool named "public", user and group in the section [public] in /etc/php8/fpm/php-fpm.d/www.conf must also be the same .
This is crucial, most problems at startup of nginx are caused by wrong permissions.
STEP BY STEP
Begin with a basic setup, without any special features.
On request of friends I added my functional configuration files below
Do not copy configurations from it-specialists in the web, who might do complicated or exotic things, proxies, remote servers etc.
Especially if in those configurations there are expressions you don't understand , better don't use them.
Just get started, undo temporary solutions as soon as nginx is operational and make a backup of the first working basic configuration.
After that -but not earlier- you can start experimenting
Never use chmod 777 in any of the above directories, because that's is an invitation to get your system hacked.
Never change the mod 644, owner root:root in /var/log
The logfiles of php-fpm are being created and modified by root. Logfiles contain sensitive info.
Verify correct setup with:
ps -aux |grep php
The result should be similar to following lines. This means that php-fpm is being run by root:
root 1262 0.0 0.3 54024 13260 ? Ss 06:12 0:01 php-fpm: master process (/etc/php8/fpm/php-fpm.conf)
www-data 1335 0.0 0.2 54172 9576 ? S 06:12 0:00 php-fpm: pool public
Allowing access to anybody else is opening the doors for hackers. Keep in mind that you are using a browser to see your data, but other people may be able to browse them as well.
After having a running system it is easy to add further steps.
To start up there is no need for using sites-enabled in nginx
and you need to create just one pool in /etc/php8/fpm/php-fpm.d/www.conf
TROUBLESHOOTING FREQUENT ERRORS:
MySql-errors:
I presume here, that your mariadb/mysql has been setup correctly.
Missing or wrong permissions will cause "not found" errors.
Troubleshooting in mysql is documented very well and mysql has an interactive help function. Read the documentation and test access following steps of the mysql manuals. It would lead too far, to add a guide for that to this document.
php-fpm not starting:
failed to open configuration file '/etc/php8/fpm/php-fpm.conf': Permission denied (13)
With
sudo systemctl status php-fpm
you will find more details about what and how.
Possibly there is an access-issue when php-fpm tries creating a logfile "access.public.log" in /var/log by following the line access.log = "access.$pool.log" (look in file www.conf).
This error can be caused/suppressed by settings in apparmor.
Options are:
temporary disable apparmor
sudo systemctl stop apparmor
sudo systemctl disable apparmor
In openSUSE You can use Yast to configure apparmor
In case you made modifications the result can be found as below in:
/etc/apparmor.d/php-pfm
vim: ft=apparmor
profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected, complain) {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/openssl>
include <abstractions/php>
include <abstractions/ssl_certs>
include if exists <local/php-fpm>
include if exists <php-fpm.d>
capability chown,
capability dac_override,
capability kill,
capability net_admin,
capability setgid,
capability setuid,
signal send peer=php-fpm//*,
deny / rw,
/etc/php8/fpm/php-fpm.conf r,
/etc/php{,5,7}/* r,
/usr/sbin/php-fpm* rix,
owner /var/log/php*-fpm.log rw,
owner /var/log/public.acess.log rw,
#{PROC}/#{pid}/attr/{apparmor/,}current rw,
#{run}/php{,-fpm}/php*-fpm.pid rw,
#{run}/php{,-fpm}/php*-fpm.sock rwlk,
owner /etc/php8/fpm/php-fpm.d/www.conf r,
change_profile -> php-fpm//*,
}
or temporary comment the line
access.log = /var/log/$pool.access.log in your www.conf
To get started this file is not absolutely required
and commenting it helped me to suppress the "php-fpm could not be started" error.
The most important and detailed logfile is
/var/log/nginx/error.log
To debug, after every modification You should use
sudo tail -1 /var/log/nginx/error.log
You will see that most errors are permission errors either because mysql can't access your database or php-fpm can't use your php/html-files!
here my /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
#pid /run/nginx.pid; not required when using tcp
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etch/nginx/conf.d/*.conf;
server {
listen 80;
server_name 127.0.0.1;
root /srv/www/public; # without this root instruction nqinx will use /usr/ as prefix and you will get a not found error!
error_page 500 502 503 504 /50x.html; # redirect server error pages to the static page /50x.html
location = /50x.html {
root /srv/www/htdocs/;
}
location ~ \.php$ { # 404
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
# default fastcgi_params
# fastcgi settings
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT /srv/www/public;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /srv/www/public;
try_files $uri $uri/ =404;
index index.nginx-debian.html index.php index.html index.htm;
}
location ~ /\.ht {
# deny access to .htaccess files, if Apache's document root concurs with nginx's one
deny all;
}
include vhosts.d/*.conf;
}
}
filecontents of /etc/php8/fpm/php-fpm.d/www.conf
[public]
prefix = /srv/www/$pool
user = www-data
group = www-data
listen = 127.0.0.1:9000
;use these settings only if a socket is used
;listen.owner = www-data
;listen.group = www_data
;listen.mode = 0660
pm = static
pm.max_children = 1
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
; this optional feature is well documented in the file and further instructions for how to set it up can be found on the web
pm.status_path = /status
; if fpm-phm cannot start, temporary comment the two lines access.log, but reactivate the instructions as soon as php-fpm is operational
; if there are wrong permission-settings, php-fpm will not start
access.log = /var/log/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
catch_workers_output = yes
security.limit_extensions = .php .html
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 32M
file /etc/php8/fpm/php-fpm.conf
; FPM Configuration ;
[global]
process_control_timeout = 10
process.max = 128
daemonize = no
rlimit_core = 0
rlimit_files = 1024
events.mechanism = epoll
systemd_interval = 10
include=/etc/php8/fpm/php-fpm.d/*.conf
With this configuration I run several mysql-databases and content management as well as phpmyadmin.
The picture below is a screenshot of my Content Management System using a mysql database and self-designed forms in php-format.
In the location definitions there are no further instructions required, neither for loading stylesheets nor for pictures/movies.
A check with Google's developer tools in Chrome proofs, that all references and links to stylesheets, json-files and further directories have been found and that there are no errors.
Of course it took me some time to get all this running.
This answer may help everybody who wants to set up nginx and save time.
The documentation of nginx and php is complete and excellent. For most commands there is a --help option, man pages and a webpage.....
Yes, I know!
Help and man-pages are written by excellent IT-engineers,
some of these hexadecimal-thinking people might have difficultes
to translate their digital slang to human-understandable language.
That's why some pages are more confusing than helping.
Anyway, press the F1-key, try the help and forgive them.
Where would we be without them?
In my little network here, I am using a 24/7 running Raspberry Pi 3 B+ with 64 bit OS as server, that stores data on two USB drives.
The configuration for accessing local files on this server is nearly the same as the configuration on my laptop.
There are just two little differences:
On "debian buster" the application php8 is named php8.0 and a few directories have different names, so you can use above configuration files for Raspberry debian buster with the following restriction: the pertinent 'include' lines are different and need to be altered according to the location-names of the config-files .
My nginx.conf on the Raspberry-server has a few lines of extra code, in order to enable access to contents via DDNS, but that is a different chapter.
I would like to emphasize that I am not an IT-specialist. I have collected some experience in computing during my professional activities as mechanical engineer, all further know-how came from pressing the F1-key, reading forum-contributions, manuals, helpfiles, webpages and -not to forget- from made mistakes.
I hope that this may encourage others, to keep trying. Linux is structured very clearly and can be understood easily. Google errors, watch your logfiles attentively and enjoy the fun of finally running a fully operational php-fpm/nginx.
I need to remind you once more:
Don't forget to reset all temporary solutions.
Cheers
This is related to apparmor settings. Please edit /etc/apparmor.d/php-fpm:
19 /etc/php{,5,7,8}/** r,
to allow access to directory /etc/php8/ by php-fpm process.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I'm trying to setup a web interface for some controlled plug sockets I have, the sockets are controlled by a Raspberry Pi. I want to have a couple of links on a web page that I can use to turn the switches on and off. I've been trying to use PHP to do this and for some reason it just won't work.
I've tried various suggestions (see below links). All I'm getting is a white page whenever I click the link, and it doesn't do what its supposed to i.e. turn the switch on and off. Running the PHP script from the command line works as expected, the issue seems to be only when trying to run it from the webpage.
I've looked at the permissions and for the script I've set the permissions with:
chmod 777 /path/to/script
I've tried storing the script in my home folder and in the /var/www/html folder with no joy. Nothing appears in the NGINX logs or PHP-FPM log to indicate any error.
I've tried editing the sudoers file to give www-data access to the script (www-data ALL:=/path/to/script/ and even tried it with all permissions for www-data (www-data ALL=(ALL:ALL) ALL) neither have worked.
I did think it might be because the script I'm trying to run involves starting an SSH session but I can't even get a local command to work to create a blank file either in the /home/pi/ directory or /var/www/html.
I've put the script I'm trying to run below along with the PHP I'm using to call the script and a second PHP file I've used to try other commands.
Any help or pointers in the right direction would be appreciated. I think the script is running but its failing somewhere and I can't work out where. The only thing I get back in a web browser is the echo $username line so I know its working in part but when I try to execute a command nothing happens.
PHP SCRIPT:
<?php
$username = posix_getpwuid(posix_geteuid())['name'];
echo $username;
exec("/home/pi/scripts/switch2off");
?>
TEST SCRIPT:
<?php
exec("touch /var/www/html/s/test.txt");
?>
SWITCH2OFF SCRIPT
#! /bin/bash
ssh pi#example 'python /home/pi/switches/switch_2_off.py'
NGINX CONFIG:
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location /.well-known/ {
allow all;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
include snippets/ssl-example.conf;
include snippets/ssl-params.conf;
root /var/www/html;
location / {
limit_req zone=one burst=5;
root /var/www/html;
auth_basic "Please Log In";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header X-Content-Type-Options: nosniff;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options "allow-from example.com";
}
location /.well-known/ {
allow all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
error_page 401 403 404 /404.html;
}
PHP-FPM LOG:
[03-Aug-2020 05:00:01] NOTICE: Terminating ...
[03-Aug-2020 05:00:01] NOTICE: exiting, bye-bye!
[03-Aug-2020 05:00:29] NOTICE: fpm is running, pid 620
[03-Aug-2020 05:00:29] NOTICE: ready to handle connections
[03-Aug-2020 05:00:29] NOTICE: systemd monitor interval set to 10000ms
MY RESEARCH/THINGS I'VE TRIED:
Nginx serves .php files as downloads, instead of executing them - I started here as initially I had a config issue when instead of running the PHP scripts it served them as a download instead.
Run a shell script with an html button - this is where I got the code from for the PHP script
PHP code is not being executed, instead code shows on the page - not quite the same issue as I'm seeing. The web browser doesn't display any code from the php file even when going to view source
https://askubuntu.com/questions/520566/why-wont-this-php-script-execute-bash-script
https://unix.stackexchange.com/questions/115054/php-shell-exec-permission-on-linux-ubuntu
https://www.linode.com/docs/web-servers/nginx/serve-php-php-fpm-and-nginx/
Thanks for all the help. I found the issue. It wasn't with PHP or NGINX. The owner on /var/www/.ssh was set to pi for some reason. I've changed it to www-data and the script has started working now from the webpage. I'm still not sure why my second script to create a file wouldn't work (probably a permissions issue) but I was experimenting and found that other commands would work (like ls) which brought me back to thinking it had to be a permissions error somewhere.
So I went back through all the scripts and folders and checked and it was the .ssh folder. A quick chown fixed the problem.
Thank you again for all your suggestions and help!
I'm running a new install of Windows 10. I need to create a local testing environment for PHP. I've set up and run NginX/PHP servers on Ubuntu Linux before, but never on Windows. I've installed the NginX and PHP binaries for Windows.
After I've booted up and logged in, if I cd to C:\nginx and run nginx.exe, the Nginx server starts up and runs fine, and I get the "Welcome to NginX" screen at http://127.0.0.1.
Then, if I cd to C:\nginx\php and run php-cgi.exe -b 127.0.0.1:9000 -c c:/nginx/php/php.ini, the PHP server runs, and I can access http://127.0.0.1/php.info and get the output of php_info();. So it seems everything is installed okay.
My goal now, is to to have the PHP server autostart when I boot the machine. I downloaded the Non-Sucking Service Manager, and opened a command prompt in Administraror mode, and ran nssm edit nginx. I filled out the screens as follows:
Then I did the same for PHP:
However, while NginX seems to be starting at boot, PHP does not. After a boot, without manually starting anything at the command line, I get the NginX welcome screen. However, if I try to view the PHP info page, I get the following message:
Unable to connect
Firefox can’t establish a connection to the server at 127.0.0.1.
How do I get PHP to autostart on boot?
This is my nginx.conf file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type text/html;
sendfile on;
keepalive_timeout 65;
server {
#Uncomment and edit the line below if you want to use a custom domainname
#server_name your.domain.com;
listen 80;
root c:/nginx/html;
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME c:/nginx/html/$fastcgi_script_name;
include fastcgi_params;
}
}
}
Your nginx.conf seems OK.
... However, while NginX seems to be starting at boot ...
I wouldn't trust NGINX welcome page, it most likely comes from cache. I also don't trust a service status Running unless there are nginx processes started by nssm.
In my tests both nginx and php services were not started properly.
I needed to set AppNoConsole=1 for both services to make them work.
According to the author(s) this is a known issue with Windows 10 Creators Update.
2017-04-26: Users of Windows 10 Creators Update should use prelease
build 2.2.4-101 to avoid an issue with services failing to start. If
for some reason you cannot use that build you can also set
AppNoConsole=1 in the registry, noting that applications which expect
a console window may behave unexpectedly.
You can change this setting via NSSM Service Editor GUI > Process > Console window. Just clear the checkbox and click Edit service. It's done.
The same operation can be done with commands too.
net stop php
net stop nginx
nssm set php AppNoConsole 1
nssm set nginx AppNoConsole 1
net start nginx
net start php
I am using Envoyer and can any one explain me why do we need to restart PHP FPM when deploying.
It's because your new deployment is created in a different directory to the one currently being served by php. The release is symlinked from the directory specified in the nginx config.
In order for php to load the new deployment it must be restarted so it follows the updated symlink in your project folder.
You probably need to update your nginx configuration to add/change these lines. It's my understanding that neither php-fpm nor opcache knows any file paths other than the paths that were set when the web server started running. By default, they are set to use $document_root.
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
Having $document_root set is fine for apps that do not get redeployed. The original symlink is captured by php-fpm and/or opcache. Since that path doesn't change, the deployment does not trigger any cache busting.
However, using the $realpath_root, the path to the files change after a deployment and are reexamined upon HTTP request.
For anyone having the same problem like me. I just forgot to change the php version in the projects server setting in envoyer. So it was restarting the wrong php-fpm process.
Apache 2.4+
If you are using Apache, reset the opcache instead of reloading php-fpm:
/usr/bin/cachetool opcache:reset --fcgi=/run/php/php8.1-fpm.sock
You need to install cachetool for this:
https://github.com/gordalina/cachetool
This solution doesn't require sudo and it doesn't cause downtimes.
Nginx
If you are using Nginx, just do the fastcgi_param SCRIPT_FILENAME trick from Jeff Harris' answer.
env:
ubuntu 9.10 /
use gotdeb source /
php version 5.3.1 /
php5-fpm installed /
php5-fpm is running , and listening 9000 port test by 2 commands below
pgrep php5-fpm
telnet localhost 9000
however if I visit from anthor computer in LAN ,using this address
http://192.168.1.103/index.php
the browser ask me to save this index.php , but if visit index.php , everything goes well
sites-enabled/default file content
env:
ubuntu 9.10 /
use gotdeb source /
php version 5.3.1 /
php5-fpm installed /
php5-fpm is running , and listening 9000 port test by 2 commands below
pgrep php5-fpm
telnet localhost 9000
however if I visit from anthor computer in LAN ,using this address
http://192.168.1.103/index.php
the browser ask me to save this index.php , but if visit index.html , everything goes well
sites-enabled/default file content
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000
fastcgi_index index.php
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name
include fastcgi_params
}
A common pitfall is when your code is using short open tags <? instead of <?php and it's not enabled in php.ini on a fresh install so it won't get parsed.
To enable it set short_open_tag=On
It seems you need to set your website's index.
You can see a full example on nginx's official wiki, but here's the relevant part:
location / {
index index.html index.htm index.php;
}
As you see, the virtual host needs to know it's supposed to process index.php when accessing the website via it's root dir (i.e. http://domain.com/ or http://domain.com/site/), with no file specified.
I do have an index:
location / {
index index.php;
}
I am not using <? PHP tags.