I got error message:
FastCGI sent in stderr: "Unable to open primary script: /home/messi/web/wordpress/index.php (No such file or directory)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.domain.com
here are my configuration files:
/etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
doc_root =
user_dir =
....
/etc/php5/fpm/php-fpm.conf
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf
/etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
security.limit_extensions = .php .php3 .php4 .php5
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server_tokens off;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/wordpress
server {
listen 80;
server_name www.domain.com;
root /home/messi/web/wordpress;
error_log /var/log/nginx/err.wordpress.log;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Setup user permission:
#adduser www-data messi
#chown -R www-data:www-data /home/messi/web
#chmod -R 664 /home/messi/web/wordpress
How can I resolve this?
Thanks
SELinux will cause this error on CentOS/RHEL 7+ by default :(
To test if SELinux is the source of your woes, do
setenforce 0
... and see if everything works. If that fixed it, you can leave SELinux off (weak, you're better than that), or you can turn it back on with
setenforce 1
... and then properly fix the issue.
If you do
tail -f /var/log/audit/audit.log
... you'll see the SELinux issue. In my case, it was denying PHP-FPM access to web files. You can run the following directives to fix it:
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_network_connect 1
This actually didn't fix it for me at first, but then restoring SELinux context did it
restorecon -R -v /var/www
Hope that helps.
This is likely a permissions problem.
Make sure that every parent directory has +x permissions for the user (the nginx user and/or php-fpm user).
You can check these permissions with: namei -om /path/to/file.
If you have symlinks, make sure they point to a valid path.
Make sure chroots have access to the right paths.
Make sure SELinux (e.g. Fedora / Centos) or AppArmor (e.g. Ubuntu) or any other MAC security systems are not interfering with the file access.
For SeLinux:
Check /var/log/audit/audit.log or /var/log/messages
For AppArmor:
Im not a Ubuntu user and as far as I understand the logging for AppArmor isnt always easy to figure out. You might check here for info: http://ubuntuforums.org/showthread.php?t=1733231
It was SELinux in my case as well. I read some documentation found here:
https://wiki.centos.org/HowTos/SELinux
https://linux.die.net/man/1/chcon
and ended up with the command:
chcon -R -v --type=httpd_sys_content_t html/
....this changed the context of the files to the httpd type which is what my web server (Nginx) was running as.
You can find what context your web server runs as using:
ps axZ | grep nginx
....which in my case gave me:
system_u:system_r:**httpd_t**:s0 6246 ? Ss 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
system_u:system_r:**httpd_t**:s0 6249 ? S 0:00 nginx: worker process
Seeing the context of the running service was httpd_t I changed the context of my web site's root folder to that (recursively)
The point of SELinux is to only allow services and processes to access files of the same type as them. Since the web server ran as httpd_t than it made sense to set the context of the files/folder in the site to the same.
I'm new at this by the way.... But this seemed to be the best approach to me. It kept SELinux enabled, didn't lessen the security of what it does, nad matched up context of the files with the process/service.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ->
fastcgi_param SCRIPT_FILENAME/home/messi/web/wordpress$fastcgi_script_name;
Related
I am running alpine 3.12 container with a few custom configuration like so:
FROM alpine:3.12
[some irrelevant stuff]
# Switch to use a non-root user from here on
USER nobody
# Expose the port nginx is reachable on
EXPOSE 8080
# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --fail http://127.0.0.1:8080/fpm-ping
I have my nginx.conf with the following data:
worker_processes 1;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
keepalive_timeout 65;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Default server definition
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
sendfile off;
root /var/www/html/public;
index index.php index.html;
location / {
# try_files $uri $uri/ /index.php?q=$uri&$args;
try_files $uri $uri/ /index.php$is_args$args;
}
# Redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html/public;
}
# Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires 5d;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
gzip_vary on;
gzip_disable "msie6";
# Include other server configs
include /etc/nginx/conf.d/*.conf;
}
and my supervisord config such as:
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:php-fpm]
command=php-fpm7 -F
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
[program:nginx]
command=nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
and in my php-fpm/www.conf:
[global]
; Log to stderr
error_log = /dev/stderr
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Enable status page
pm.status_path = /fpm-status
; Ondemand process manager
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 100
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 1000
; Make sure the FPM workers can reach the environment variables for configuration
clear_env = no
; Catch output from PHP
catch_workers_output = yes
; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
decorate_workers_output = no
; Enable ping page to use in healthcheck
ping.path = /fpm-ping
So my question: Where is this error log coming from???
[crit] 9#9: *2 connect() to unix:/var/run/php7.3-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 172.17.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.3-fpm.sock:", host: "127.0.0.1:8080"
It should really not be triggered, since I never specify php-fpm to listen to this socket. Where does it come from???
I fail to connect to php5-fpm.sock. I have tried many solutions but still getting this error:
2017/11/20 11:17:21 [crit] 9670#9670: *1 connect() to unix:/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.224.8, server: babylon, request: "GET /webmail/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "babylon"
My configuration is like this:
location /webmail {
alias /srv/roundcubemail;
index index.php index.html;
# Favicon
location ~ ^/webmail/favicon.ico$ {
root /srv/roundcubemail/skins/classic/images;
log_not_found off;
access_log off;
expires max;
}
# Robots file
location ~ ^/webmail/robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny Protected directories
location ~ ^/webmail/(config|temp|logs)/ {
deny all;
}
location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/webmail/(bin|SQL)/ {
deny all;
}
# Hide .md files
location ~ ^/webmail/(.+\.md)$ {
deny all;
}
# Hide all dot files
location ~ ^/webmail/\. {
deny all;
access_log off;
log_not_found off;
}
#Roundcube fastcgi config
location ~ /webmail(/.*\.php)$ {
error_log /var/log/nginx/x.log error;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /srv/roundcubemail/index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Is it maybe a problem with permissions over directories? I don't think so.
The attempts that I made were:
I change the listen of my www.conf, for socket and IP but still not working
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
I have restarted php5-fm and nginx and still nothing.
Any ideas how I can fix that?
First, ensure that php-fpm is installed, you could use this to check the current version if any:
php-fpm -v
Second check the php-fpm.conf configuration, and search for this line:
listen = /tmp/php-fpm.socket
In case it doesn't exist just add it, it can be also something like:
listen = /var/run/php5-fpm.sock
In some Linux distros normally this is used:
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
In case you want to use a TCP socket:
Listen 127.0.0.1:9000
Restart php-fpm and check that the socket has been created in case of using a Unix domain socket, this can be done by doing this:
$ file /var/run/php5-fpm.sock
If socket exists if should print out something like this:
/var/run/php5-fpm.sock: socket
Could you please ensure those settings on your PHP-fpm/www.conf file
.....
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data
......
Then Restart PHP-fpm under root user.
listen.owner = nginx
listen.group = nginx
I already setting up Nginx RTMP in ubuntu linux hosted by DigitalOcean. And currently running my laravel web application in localhost mode in my desktop. Everything seems work fine for the live streaming. I'm testing with my localhost JWPlayer and Open Broadcaster Software(OBS) for live streaming. It works. But whenever I need to record the streaming video to linux directory (/var/www), seems like nothing happen and no error at all after I hit stop streaming button in OBS.
I'm don't know how does the recording works, I try record manual and it has the link on it. I click start record, it comes out /var/rec/{mystream}.flv
This manual version of recording link embed in laravel website:
rtmp {
server {
listen 1935;
chunk_size 4096;
application live {
live on;
recorder rec1 {
record all manual;
record_suffix all.flv;
record_path /var/rec;
record_unique on;
}
}
}
}
Start Recording:
Start rec1
nginx config for http:
access_log logs/rtmp_access.log;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
root /var/www/;
}
location /control {
rtmp_control all;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
By the way
Plan B: I plan to store my recorded stream files to Amazon AWS s3. Anyone know how to do this with RTMP Nginx instead of using Wowza Amazon.
You can run inside shell script nginx conf. Check the permission first:
chown -R nobody:nogroup foldername
chmod -R 700 foldername
Shell script:
ffmpeg -v error -y -i "$1" -vcodec libx264 -acodec aac -f mp4 -movflags +faststart "/tmp/recordings/$2.mp4"
aws s3 cp "/tmp/recordings/$basname.mp4" "s3://bucketname/"
exec_record_done bash -c "/home/ubuntu/script/record.sh $path $basname";
You should check the permissions on the directory you're trying to record to (/var/rec in your case). Nginx, even though started up with sudo, spawns worker processes as user "nobody" by default. You can also try changing the user that the worker processes spawn as: https://serverfault.com/a/534512/102045
When i did this with my partner I would use
record_path /tmp/rec;
Then in the file I would set a crontab that permanently tries to send new files(videos) to his NextCloud FTP(In this case could be your amazon aws)
It seems like bhh1998 and akash jakhad answers are correct, although it seems that nowadays the nginx.conf file comes with nginx user as default, so instead of using nobody and nogroup, use only nginx instead. The command mentioned in previous answers would be like this:
chown -R nginx:nginx foldername
To be sure of the correct username, check your configuration file and see which user is being specified.
In addition to the user permission settings mentioned in other answers, I also had to change the path to end with a trailing slash i.e. /var/rec/ instead of /var/rec.
I am trying to configure my webserver using Nginx and php-fpm
I have successfully configured before in my local computer and dev server, but not now in AWS.
The only difference is I installed Nginx from a source in production server
It gives an error like these in my /var/log/nginx/error.log
2014/03/11 11:09:19 [error] 11138#0: *1 FastCGI sent in stderr: "Access to the script '/home/ambassador-portal/ambassador-api/web' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 202.62.16.225, server: brandapi.whatiwear.com, request: "GET /app_dev.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "brandapi.whatiwear.com", referrer: "http://brandapi.whatiwear.com/"
While the error log in php-fpm gives no error
Here is my nginx.conf
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include /usr/local/nginx/conf/sites-enabled/*.conf;
}
Here is my nginx_host.conf
server {
server_name brandapi.whatiwear.com;
access_log /var/log/nginx/brandapi_access.log;
error_log /var/log/nginx/brandapi_error.log;
root /home/ambassador-portal/ambassador-api/web;
disable_symlinks off;
autoindex on;
location / {
try_files $uri $uri/ /app.php$uri?$args;
}
location ~ \.htaccess {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^((?U).+\.php)(.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include /usr/local/nginx/conf/fastcgi_params;
}
}
Here is my /etc/php5/fpm/conf/www.conf
; Start a new pool named 'www'.
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = ec2-user
group = ec2-user
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
security.limit_extensions = .php .php3 .php4 .php5 .html .htm
php_admin_value[error_log] = /var/log/php-fpm/5.5/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/5.5/session
I've read from access denied on nginx and php and try to chmod and I've tried the solution from Nginx 403 forbidden for all files and here is my result
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x ec2-user ec2-user ambassador-portal
drwxr-xr-x ec2-user ec2-user ambassador-api
drwxr-xr-x ec2-user ec2-user web
I turned the autoindex on just for seeing if my root directory is right, the weird thing is I can open all files except PHP files
You can see a live example at http://brandapi.whatiwear.com/
What is wrong with my webserver..?
I removed these two configurations from the nginx.conf file.
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
It works.
The problem is in this line
(in your /etc/php5/fpm/conf/www.conf)
security.limit_extensions = .php .php3 .php4 .php5 .html .htm
Just add the extension .pl after .htm.
Cheers.
My first time using Nginx, but I am more than familiar with Apache and Linux. I am using an existing project and when ever I am trying to see the index.php I get a 404 File not found.
Here is the access.log entry:
2013/06/19 16:23:23 [error] 2216#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.ordercloud.lh"
And here is the sites-available file:
server {
# Listening on port 80 without an IP address is only recommended if you are not running multiple v-hosts
listen 80;
# Bind to the public IP bound to your domain
#listen 127.0.0.11:80;
# Specify this vhost's domain name
server_name www.ordercloud.lh;
root /home/willem/git/console/frontend/www;
index index.php index.html index.htm;
# Specify log locations for current site
access_log /var/log/access.log;
error_log /var/log/error.log warn;
# Typically I create a restrictions.conf file that I then include across all of my vhosts
#include conf.d/restrictions.conf;
# I've included the content of my restrictions.conf in-line for this example
# BEGIN restrictions.conf
# Disable logging for favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Disable logging for robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# END restrictions.conf
# Typically I create a yiiframework.conf file that I then include across all of my yii vhosts
#include conf.d/yiiframework.conf;
# I've included the content of my yiiframework.conf in-line for this example
# BEGIN yiiframework.conf
# Block access to protected, framework, and nbproject (artifact from Netbeans)
location ~ /(protected|framework|nbproject) {
deny all;
access_log off;
log_not_found off;
}
# Block access to theme-folder views directories
location ~ /themes/\w+/views {
deny all;
access_log off;
log_not_found off;
}
# Attempt the uri, uri+/, then fall back to yii's index.php with args included
# Note: old examples use IF statements, which nginx considers evil, this approach is more widely supported
location / {
try_files $uri $uri/ /index.php?$args;
}
# END yiiframework.conf
# Tell browser to cache image files for 24 hours, do not log missing images
# I typically keep this after the yii rules, so that there is no conflict with content served by Yii
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
# Block for processing PHP files
# Specifically matches URIs ending in .php
location ~ \.php$ {
try_files $uri =404;
fastcgi_intercept_errors on;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
include fastcgi_params;
#fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
fastcgi_pass 127.0.0.1:9000;
}
}
My /home/willem/git/console is owned by www-data:www-data (my web user running php etc) and I have given it 777 permissions out of frustration...
Can anybody advise?
That message from the fastcgi server usually means that the SCRIPT_FILENAME that it was given was not found or inaccessible as a file on its filesystem.
Checkout file permissions on /home/willem/git/console/frontend/www/index.php
Is it 644?
And /home/willem/git/console/frontend/www/
Is it 755?
Ok, so 3 things I found after a day of struggling
For some reason I had already something running on port 9000 so I
changed to 9001
My default site was intercepting my new one, once again I don't
under stand why since it shouldn't, but I just unlinked it
Nginx doesn't automatically do the sym link for sites-available to
site-enabled.
Hope this saves someone some trouble!
Here is a more detailed link in server fault: https://serverfault.com/questions/517190/nginx-1-fastcgi-sent-in-stderr-primary-script-unknown/517207#517207
In case anyone had the same error: in my case the problem was the missing root directive inside the location block in nginx.conf, as explained in the Arch wiki
"Primary script unknown" is caused by SELinux security context.
client get the response
File not found.
nginx error.log has the following error message
*19 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
so just change security context type of web root folder to httpd_sys_content_t
chcon -R -t httpd_sys_content_t /var/www/show
there are 3 users for nginx/php-fpm config
/etc/nginx/nginx.conf
user nobody nobody; ### `user-1`, this is the user run nginx woker process
...
include servers/*.conf;
/etc/nginx/servers/www.conf
location ~ \.php$ {
# fastcgi_pass 127.0.0.1:9000; # tcp socket
fastcgi_pass unix:/var/run/php-fpm/fpm-www.sock; # unix socket
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
/etc/php-fpm.d/www.conf
[www]
user = apache ### `user-2`, this is the user run php-fpm pool process
user = apache
;listen = 127.0.0.1:9000 # tcp socket
listen = /var/run/php-fpm/fpm-www.sock # unix socket
listen.onwer = nobody ### `user-3`, this is the user for unix socket, like /var/run/php-fpm/fpm-www.sock
listen.group = nobody # for tcp socket, these lines can be commented
listen.mode = 0660
user-1 and user-2 is not necessary to be the same.
for unix socket, user-1 need to be the same as user-3,
as nginx fastcgi_pass must have read/write permission on the unix socket.
otherwise nginx will get 502 Bad Gateway, and nginx error.log has the following error message
*36 connect() to unix:/var/run/php-fpm/fpm-www.sock failed (13: Permission denied) while connecting to upstream
I dont know how the $document_root is calculated but I resolved the issue , by
really making sure that my document root is at /usr/share/nginx/ just wher the html folder exist