We Keep Coding

Nginx + Passenger 403 error

I have a hybrid php/Rails app sitting on one AWS ec2 server. I am hosting a Mediawiki installation and using Rails as a frontend to it. For the Rails app, I am using Passenger as a server. I would like location / to serve the Rails app, and anything at location /w or any .php files to be served by Mediawiki (php5-fpm).
I used to have a working configuration, but it was hacked together and I would like to refactor it.
My current working implementation gives me a 403 Forbidden error when I try to access the Rails app at /.
The error I get (from rails_error.log): 2017/10/24 20:08:31 [error] 14947#14947: *2 directory index of "/var/www/myapp/public/" is forbidden, client: xx.yy.zz.aa, server: myapp.amazonaws.com, request: "GET / HTTP/1.1", host: "myapp.amazonaws.com"
I would like to be able to access only the Rails app at / for now; I am not focused on the php5-fpm configurations yet.
Here are my .conf files:
sites-available/myapp.conf:
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=mw_cache:10m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name myapp.com;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
root /var/www/myapp/public;
passenger_enabled on;
location /w {
alias /var/www/mediawiki-1.28.0;
index index.php index.html index.htm;
charset utf-8;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_cache mw_cache;
fastcgi_cache_valid 200 60m;
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
error_log /var/log/nginx/mediawiki_error.log;
access_log /var/log/nginx/mediawiki_access.log;
}
error_log /var/log/nginx/rails_error.log;
access_log /var/log/nginx/rails_access.log;
}
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/gems/passenger-5.1.1;
passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/wrappers/ruby;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I have a suspicion it has to do with how Passenger is installed or running, or it could be that I am running Passenger not as www-data but as ubuntu.
/var/www/myapp/ is also owned by ubuntu, though I have tried chown -R www-data /var/www/myapp and chown -R ubuntu:www-data /var/www/myapp to no avail.
Does anyone have any pointers from here?
Thanks.

Your config works for me: the app is started successfully, at least, if I start Nginx as root (how it usually is done).
Note that the user directive from your config tells Nginx what user to run its workers as, it does not specify what user to run the Passenger core as (that is inherited from what Nginx was started with).
My pointers would be as follows:
Usually the first thing to do is to check the logs.
Your config declares logfiles, but doesn't set the top level error log, so you're missing the Passenger log output.
To solve this, move the error_log /var/log/nginx/error.log; to above the http { line in your nginx.conf.
If needed, you can also set passenger_log_level 7; (in the http block) to get very detailed logs.
By changing the log level and observing the result you can also ensure that the config you think is being used, is actually the one that is used, on the URL that you are querying (i.e. you can see requests coming in).
Passenger has some troubleshooting tools, e.g. passenger-status can be used to inspect if it's running successfully. Note that you haven't declared a passenger_pre_start url, so your app won't be started by Passenger until the first request is routed to it.

The nginx only load the index.php

I have a problem with my nginx configuration. We have a Vagrant box at the firm. In this vagrant we have LXC containers for services like nginx container, php-fpm container, memcached container, mysql container... These are connecting to each other, nginx use php-fpm, php-fpm use memcached and mysql. I have access to the nginx outside the vagrant through https. Here is my nginx configuration:
nginx.conf:
user nginx nginx;
worker_processes 4;
pid /var/run/nginx.pid;
worker_rlimit_nofile 1024;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
access_log "/var/log/nginx/access.log";
error_log "/var/log/nginx/error.log";
keepalive_timeout 120;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
deault.conf:
server {
listen *:80;
server_name vagrant.ceg.com;
return 301 'https://$server_name$request_uri';
}
https.conf:
server {
listen *:443;
ssl on;
ssl_certificate ....crt;
ssl_certificate_key ....key;
server_name vagrant.ceg.com www.vagrant.ceg.com;
root "/srv/www";
index index.php;
location / {
autoindex on;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param ENVIRONMENT dev;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
if (-f $request_filename) {
fastcgi_pass 192.168.42.114:9000;
}
}
}
When I open it in the browser I get the index.php, but very slowly, and I got same errors on the console like this:
https://www.vagrant.ceg.com/cdn/util/scale/320/320/dev-employer-images/0636443e3076af9d24ba2b1711f57fb47b60f289.jpg Failed to load resource: net::ERR_CONNECTION_TIMED_OUT

Nginx downloads php instead of running it

Iv'e setup an Nginx php server on a linux REHL machine.
When accessing html files all goes well, but trying to access php file, the file is downloaded instead of being executed.
This is my nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
...and this is the server block:
server {
listen 80;
server_name {mywebsitename};
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html/{mywebsitename}/;
}
location /ngx_status_2462 {
stub_status on;
access_log off;
allow all;
}
location ~ \.php$ {
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/{mywebsitename}$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

It might be because of the mimetype you're sending:
default_type application/octet-stream;
See: http://mimeapplication.net/octet-stream

I just had this exact same problem. I was using Ubuntu 12.04 and Linux Mint 14 so different OS but likely to have the same issues.
A couple of issues may happening. Firstly, you need to have php5-fpm installed (FastCGI Process Manager). I was trying to run it with my standard version of PHP but it was not working - http://www.php.net/manual/en/install.fpm.php
I also had Apache installed, and even if it weren't running it must have had some conflict because once I uninstalled Apache I was able to execute the PHP files.
I would also look at this line
fastcgi_pass 127.0.0.1:9000;
And consider changing it to
fastcgi_pass unix:/var/run/php5-fpm.sock;
Here is a detailed guide to installation of Nginx and PHP5-FPM for RHEL (and other OS's)
http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/

You need to change the user to nginx instead of apache in this file a/etc/php-fpm.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = nginx
and of course restart service php-fpm restart and service nginx restart

Comment out default_type application/octet-stream;

Nginx and FastCGI downloads PHP files instead of processing them

I'm running on Windows 7 (64-bit), with PHP 5.4.12, and Nginx 1.5.8.
I have read many tutorials on setting this up, and troubleshooting this issue, which is that when requesting a PHP file from my localhost, it downloads it as a file instead of displaying the PHP page. Below is my nginx.conf file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8081;
server_name localhost;
access_log C:/nginx/logs/access.log;
error_log C:/nginx/logs/error.log;
root C:/nginx/html;
fastcgi_param REDIRECT_STATUS 200;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
I'm running nginx.exe manually through the command prompt.
I've also tried starting php-cgi.exe manually first at a separate command prompt, like so:
C:\php5.4.12\php-cgi.exe -b 127.0.0.1:9000
The php file I'm requesting is within C:/nginx/html, and I'm requesting it as:
http://localhost:8081/info.php
And it downloads it. The contents of this PHP file are:
<?php
phpinfo();
?>
How can I possibly get my PHP scripts to run in this environment. Anyone have experience with this?

Try to change default_type application/octet-stream; to default_type text/html;
Maybe your php-script does not set a content MIME type and it goes from nginx.

It was http2 enabled on port 80 for me too. Disabling it solved the issue.

Try placing " * " here
location ~* \.php$ {
There is something wrong with your paths, and nginx does not know the path accessed via URL is the path it should pass through "fastcgi_pass". Therefore, it gives the file for download.
Check your error log from :
C:/nginx/logs/error.log;
Do you have a "C:/nginx/html/info.php;"?

I found that if you have the http2 directive for port 80 on the server.
http2 works only under https. Therefore, if you remove http2, it should solve your issue.

$_SERVER['REMOTE_ADDR'] doesn't work with php-fpm and nginx

I don't know why with nginx this variable $_SERVER['REMOTE_ADDR'] doesn't echo an IP. On every other web server it works as it should.
Any suggestions?

I suspect it has something to do with the interface between nginx (the webserver) and fastcgi, which is the API in which PHP is running.
According to your info provided, the Server API is: FPM/FastCGI
I suggest you take a hard look at the details of how PHP is installed with nginx (you have not provided any).
If you do not require the performance of nginx, then you may find a pragmatic solution is to just use apache. I use nginx as a reverse proxy in front of apache, but that introduces some additional issues with getting the REMOTE_ADDR passed to PHP (notably, mod_rpaf).
Good luck!

#Michael, here is a project I maintain which provides the proper fastcgi parameters for interfacing Nginx with FPM. Hope it helps.
fastcgi_params on Github

These are from the conf file from nginx
user http;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server {
listen 80;
server_name www.fireangel.ro fireangel.ro;
access_log /var/log/nginx/localhost.access.log;
Default location
location / {
root /var/www/html/fireangel.ro/public_html;
index index.php;
}
Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
root /var/www/html/fireangel.ro/public_html;
}
Parse all .php file in the /srv/http directory
location ~ .php$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/fireangel.ro/public_html$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
Disable viewing .htaccess & .htpassword
location ~ /\.ht {
deny all;
}
}
upstream backend {
server 127.0.0.1:9000;
}
}