I get a 502 Bad Gateway with nginx when using spawn fcgi to spawn php5-cgi.
I use this to span an instance on server start using the following line in rc.local
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid
presumably I'm getting the error because the spawn-fcgi / php5-cgi dies and there is nothing listening there anymore to parse php.
I get nothing in the logs that I can see anywhere, I'm out of ideas (and new to this setup with nginx)
I executed my localhost and the page displayed the 502 bad gateway message. This helped me:
Edit /etc/php5/fpm/pool.d/www.conf
Change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
Ensure the location is set properly in nginx.conf.
Run sudo service php5-fpm restart
Maybe it will help you.
Source from: http://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm
The 502 error appears because nginx cannot hand off to php5-cgi. You can try reconfiguring php5-cgi to use unix sockets as opposed to tcp .. then adjust the server config to point to the socket instead of the tcp ...
ps auxww | grep php5-cgi #-- is the process running?
netstat -an | grep 9000 # is the port open?
Go to /etc/php5/fpm/pool.d/www.conf and if you are using sockets or this line is uncommented
listen = /var/run/php5-fpm.sock
Set couple of other values too:-
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Don't forget to restart php-fpm and nginx. Make sure you are using the same nginx owner and group name.
You have to match the settings for PHP-FPM and Nginx to communicate over sockets or TCP.
So go to /etc/php5/fpm/pool.d/www.conf and look for this line:
listen = /var/run/php5-fpm.sock
Then go to /etc/nginx/nginx.conf
Look for this:
upstream php {
server unix:/var/run/php5-fpm.socket;
}
Match those values and you should be all set.
If running a linux server, make sure that your IPTABLES configuration is correct.
Execute sudo iptables -L -n , you will recieve a listing of your open ports. If there is not an Iptables Rule to open the port serving the fcgi script you will receive a 502 error. The Iptables Rule which opens the correct port must be listed before any rule which categorically rejects all packets (i.e. a rule of the form "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable or similar)
On my configuration, to properly open the port, I had to execute this command (assume my fcgi server is running at port 4567):
sudo iptables -I INPUT 1 -p tcp --dport 4567 -j ACCEPT
WARNING: This will open port 4567 to the whole world.
So it might be better to do something like this:
sudo iptables-save >> backup.iptables
sudo iptables -D INPUT 1 #Delete the previously entered rule
sudo iptables -I INPUT 1 -p tcp --dport 8080 -s localhost -j ACCEPT # Add new rule
Doing this removed the 502 error for me.
change
fastcgi_pass unix:/var/run/php-fpm.sock;
to
fastcgi_pass unix:/var/run/php5-fpm.sock;
When I did sudo /etc/init.d/php-fpm start I got the following error:
Starting php-fpm: [28-Mar-2013 16:18:16] ERROR: [pool www] cannot get uid for user 'apache'
I guess /etc/php-fpm.d/www.conf needs to know the user that the webserver is running as and assumes it's apache when, for nginx, it's actually nginx, and needs to be changed.
You can make nginx ignore client aborts using:
location / {
proxy_ignore_client_abort on;
}
I had the same problem while setting up an Ubuntu server. Turns out I was having the problem due to incorrect permissions on socket file.
If you are having the problem due to a permission problem, you can uncomment the following lines from: /etc/php5/fpm/pool.d/www.conf
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Alternatively, although I wouldn't recommend, you can give read and write permissions to all groups by using the following command.
sudo chmod go+rw /var/run/php5-fpm.sock
Try disabling the xcache or apc modules. Seems to cause a problem with some versions are saving objects to a session variable.
Hope this tip will save someone else's life. In my case the problem was that I ran out of memory, but only slightly, was hard to think about it. Wasted 3hrs on that. I recommend running:
sudo htop
or
sudo free -m
...along with running problematic requests on the server to see if your memory doesn't run out. And if it does like in my case, you need to create a swap file (unless you already have one).
I have followed this tutorial to create swap file on Ubuntu Server 14.04 and it worked just fine:
http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/
If you're on Ubuntu, and all of the above has failed you, AppArmor is most likely to blame.
Here is a good guide how to fix it: https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04
Long story short:
vi /etc/apparmor.d/nginx
Or
sudo aa-complain nginx
sudo service nginx restart
See everything working nicely... then
sudo aa-logprof
I still had problems with Nginx not being able to read error.log, even though it had all the permissions possible, including in Apparomor. I'm guessing it's got something to do with the order of the entries, or some interaction with Passenger or PHP-Fpm... I've run out of time to troubleshoot this and have gone back to Apache for now. (Apache performs much better too FYI.)
AppArmor just lets Nginx do whatever it wants if you just remove the profile:
rm /etc/apparmor.d/nginx
service apparmor reload
Shockingly, but hardly surprising, a lot of posts on fixing Nginx errors resorts to completely disabling SELinux or removing AppArmor. That's a bad idea because you lose protection from a whole lot of software. Just removing the Nginx profile is a better way to troubleshoot your config files. Once you know that the problem isn't in your Nginx config files, you can take the time to create a proper AppArmor profile.
Without an AppArmor profile, especially if you run something like Passenger too, I give your server about a month to get backdoored.
For me the error was in default file of Nginx
located at /etc/nginx/sites-available/default
I noticed the version of php-fpm used was 7.0 and the php version i downloaded was 7.2
I simply changed the version to 7.2 and it worked.
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
Similar setup here and looks like it was just a bug in my code. At the start of my app I looked for the offending URL and this worked: echo '<html>test</html>'; exit();
In my case, turns out the problem was an uninitialized variable that only failed under peculiar circumstances.
Related
I have nginx installed with PHP-FPM on a CentOS 5 box, but am struggling to get it to serve any of my files - whether PHP or not.
Nginx is running as www-data:www-data, and the default "Welcome to nginx on EPEL" site (owned by root:root with 644 permissions) loads fine.
The nginx configuration file has an include directive for /etc/nginx/sites-enabled/*.conf, and I have a configuration file example.com.conf, thus:
server {
listen 80;
Virtual Host Name
server_name www.example.com example.com;
location / {
root /home/demo/sites/example.com/public_html;
index index.php index.htm index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /home/demo/sites/example.com/public_html$fastcgi_script_name;
include fastcgi_params;
}
}
Despite public_html being owned by www-data:www-data with 2777 file permissions, this site fails to serve any content -
[error] 4167#0: *4 open() "/home/demo/sites/example.com/public_html/index.html" failed (13: Permission denied), client: XX.XXX.XXX.XX, server: www.example.com, request: "GET /index.html HTTP/1.1", host: "www.example.com"
I've found numerous other posts with users getting 403s from nginx, but most that I have seen involve either more complex setups with Ruby/Passenger (which in the past I've actually succeeded with) or are only receiving errors when the upstream PHP-FPM is involved, so they seem to be of little help.
Have I done something silly here?
One permission requirement that is often overlooked is a user needs x permissions in every parent directory of a file to access that file. Check the permissions on /, /home, /home/demo, etc. for www-data x access. My guess is that /home is probably 770 and www-data can't chdir through it to get to any subdir. If it is, try chmod o+x /home (or whatever dir is denying the request).
EDIT: To easily display all the permissions on a path, you can use namei -om /path/to/check
If you still see permission denied after verifying the permissions of the parent folders, it may be SELinux restricting access.
To check if SELinux is running:
# getenforce
To disable SELinux until next reboot:
# setenforce Permissive
Restart Nginx and see if the problem persists. To allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, setenforce Enforcing)
# chcon -Rt httpd_sys_content_t /path/to/www
See my answer here for more details
I solved this problem by adding user settings.
in nginx.conf
worker_processes 4;
user username;
change the 'username' with linux user name.
I've got this error and I finally solved it with the command below.
restorecon -r /var/www/html
The issue is caused when you mv something from one place to another. It preserves the selinux context of the original when you move it, so if you untar something in /home or /tmp it gets given an selinux context that matches its location. Now you mv that to /var/www/html and it takes the context saying it belongs in /tmp or /home with it and httpd is not allowed by policy to access those files.
If you cp the files instead of mv them, the selinux context gets assigned according to the location you're copying to, not where it's coming from. Running restorecon puts the context back to its default and fixes it too.
I've tried different cases and only when owner was set to nginx (chown -R nginx:nginx "/var/www/myfolder") - it started to work as expected.
If you're using SELinux, just type:
sudo chcon -v -R --type=httpd_sys_content_t /path/to/www/
This will fix permission issue.
Old question, but I had the same issue. I tried every answer above, nothing worked. What fixed it for me though was removing the domain, and adding it again. I'm using Plesk, and I installed Nginx AFTER the domain was already there.
Did a local backup to /var/www/backups first though. So I could easily copy back the files.
Strange problem....
We had the same issue, using Plesk Onyx 17. Instead of messing up with rights etc., solution was to add nginx user into psacln group, in which all the other domain owners (users) were:
usermod -aG psacln nginx
Now nginx has rights to access .htaccess or any other file necessary to properly show the content.
On the other hand, also make sure that Apache is in psaserv group, to serve static content:
usermod -aG psaserv apache
And don't forget to restart both Apache and Nginx in Plesk after! (and reload pages with Ctrl-F5)
I was facing the same issue but above solutions did not help.
So, after lot of struggle I found out that sestatus was set to enforce which blocks all the ports and by setting it to permissive all the issues were resolved.
sudo setenforce 0
Hope this helps someone like me.
I dug myself into a slight variant on this problem by mistakenly running the setfacl command. I ran:
sudo setfacl -m user:nginx:r /home/foo/bar
I abandoned this route in favor of adding nginx to the foo group, but that custom ACL was foiling nginx's attempts to access the file. I cleared it by running:
sudo setfacl -b /home/foo/bar
And then nginx was able to access the files.
If you are using PHP, make sure the index NGINX directive in the server block contains a index.php:
index index.php index.html;
For more info checkout the index directive in the official documentation.
I've been using Ampps with no problem until I installed Laravel.
Once I did, Apache in Ampps doesn't start. I suppose it's a conflict on port 80 but I don't know how to solve it.
When I execute:
sudo /Applications/AMPPS/apache/bin/httpd
I get:
(48)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(48)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Any ideas?
This was exactly what happened to me and #anexo answer solved the issue.
For some reasons though, the Terminal requires a root access.
Incase anyone have issue with that, just use:
sudo apachectl stop
This would prompt for your password, after which it would complete the operation.
NB: I couldn't add this as comment to #anexo answer due to low rep.
I got it!
When you serve apache through laravel:
php artisan serve
Ctrl + C doesn't kill. You need to kill it through:
apachectl stop
or
/etc/init.d/http stop
Hope someone finds this useful
XAMPP 5.6.3-0
Mac Yosemite 10.10.5
I ran sudo lsof -nP -iTCP:81 and found that Dropbox was blocking it first, so I unlinked that (never use it). Now, when I run that command, it is empty.
If I run sudo lsof -nP -iTCP:80 I get:
httpd 75 root 4u IPv6 0xaac1841fb411203d 0t0 TCP *:80 (LISTEN)
httpd 532 _www 4u IPv6 0xaac1841fb411203d 0t0 TCP *:80 (LISTEN)
Which I think is okay, since it's on a different port, right?
If I look inside the /Applications/XAMPP/logs for the error_log, ssl_request_log, and access_log there isn't anything logged since two months ago.
If I look inside the php_error_log I see this:
[08-Jan-2016 16:13:43 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/Applications/XAMPP/xamppfiles/lib/php/extensions/no-debug-non-zts-20131226/php_pdo_mysql.dll' - dlopen(/Applications/XAMPP/xamppfiles/lib/php/extensions/no-debug-non-zts-20131226/php_pdo_mysql.dll, 9): image not found in Unknown on line 0
I found a similar problem in this question. I ran the command in the top answer (but obviously changed the dir path to mine), and it didn't work. I read the forum with the link he attached and someone said that on Mac is is DYLD_LIBRARY_PATH not LD_LIBRARY_PATH, so i tried that as well, and it still doesn't work. I've tried restarting my computer and the osx-manager multiple times.
If I look inside the /Applications/XAMPP/xamppfiles/lib/php/extensions/no-debug-non-zts-20131226/ directory, it doesn't have php_pdo_mysql.dll in there. Is it supposed to be in there already, or is it trying to load the library in there, and it's not working?
I get the dynamic library error every time I try to start it, so I'm guessing that is the issue, but I'm not sure how to fix it.
For clarity, I have these lines in my httpd.conf file:
Listen 81
ServerName localhost:81
And in my php.ini file I have the extension=php_pdo_mysql.dll line uncommented, and it's the only extension uncommented. Does it depend on another extension? I'm so lost.
Update
$ . /Applications/XAMPP/xamppfiles/xampp stopapache
$ XAMPP: Stopping Apache...not running
$ . /Applications/XAMPP/xamppfiles/xampp startapache
$ XAMPP: Starting Apache...fail.
$ XAMPP: Another web server is already running.
But running lsof -nP -i :81 still gives me no results! =(
Well, I had to shut down the Apache server running on port 80 for this to work. I thought I wouldn't have to, since I had it configured to run on port 81. My only guess to why this happened is that I had it configured on port 80, started it, and then changed the configuration to 81 before shutting it down. I also had to comment out the php_pdo_mysql extension. I couldn't figure out that issue.
I'm running Wordpress with: Nginx + PHP-FPM + APC + W3 Total Cache + PageSpeed.
After 3 days researching and configuring, I succeeded to make it work.
I configured PHP-FPM to run via 127.0.0.1:9000. But now I want to configure via Socket.
The problem is that I can't find the socket path in my server. I just found /var/run/php-fpm/php-fpm.pid, but php-fpm.sock was not there.
Running whereis php-fpm the output is:
php-fpm: /usr/sbin/php-fpm /etc/php-fpm.d /etc/php-fpm.conf /usr/share/man/man8/php-fpm.8.gz
But there isn't any php-fpm.sock there.
How can I find php-fpm.sock?
My specs:
Amazon Micro EC2
Linux version 3.4.48-45.46.amzn1.x86_64 Red Hat 4.6.3-2 (I think it's based on CentOS 5)
PHP 5.3.26 (fpm-fcgi)
I know this is old questions but since I too have the same problem just now and found out the answer, thought I might share it. The problem was due to configuration at pool.d/ directory.
Open
/etc/php5/fpm/pool.d/www.conf
find
listen = 127.0.0.1:9000
change to
listen = /var/run/php5-fpm.sock
Restart both nginx and php5-fpm service afterwards and check if php5-fpm.sock already created.
I faced this same issue on CentOS 7 years later
Posting hoping that it may help others...
Steps:
FIRST, configure the php-fpm settings:
-> systemctl stop php-fpm.service
-> cd /etc/php-fpm.d
-> ls -hal (should see a www.conf file)
-> cp www.conf www.conf.backup (back file up just in case)
-> vi www.conf
-> :/listen = (to get to the line we need to change)
-> i (to enter VI's text insertion mode)
-> change from listen = 127.0.0.1:9000 TO listen = /var/run/php-fpm/php-fpm.sock
-> Esc then :/listen.owner (to find it) then i (to change)
-> UNCOMMENT the listen.owner = nobody AND listen.group = nobody lines
-> Hit Esc then type :/user = then i
-> change user = apache TO user = nginx
-> AND change group = apache TO group = nginx
-> Hit Esc then :wq (to save and quit)
-> systemctl start php-fpm.service (now you will have a php-fpm.sock file)
SECOND, you configure your server {} block in your /etc/nginx/nginx.conf file. Then run:systemctl restart nginx.service
FINALLY, create a new .php file in your /usr/share/nginx/html directory for your Nginx server to serve up via the internet browser as a test.
-> vi /usr/share/nginx/html/mytest.php
-> type o
-> <?php echo date("Y/m/d-l"); ?> (PHP page will print date and day in browser)
-> Hit Esc
-> type :wq (to save and quite VI editor)
-> open up a browser and go to: http://yourDomainOrIPAddress/mytest.php
(you should see the date and day printed)
Check the config file, the config path is /etc/php5/fpm/pool.d/www.conf, there you'll find the path by config and if you want you can change it.
EDIT:
well you're correct, you need to replace listen = 127.0.0.1:9000 to listen = /var/run/php5-fpm/php5-fpm.sock, then you need to run sudo service php5-fpm restart, and make sure it says that it restarted correctly, if not then make sure that /var/run/ has a folder called php5-fpm, or make it listen to /var/run/php5-fpm.sock cause i don't think the folder inside /var/run is created automatically, i remember i had to edit the start up script to create that folder, otherwise even if you mkdir /var/run/php5-fpm after restart that folder will disappear and the service starting will fail.
Solved in my case, i look at
sudo tail -f /var/log/nginx/error.log
and error is php5-fpm.sock not found
I look at sudo ls -lah /var/run/
there was no php5-fpm.sock
I edit the www.conf
sudo vim /etc/php5/fpm/pool.d/www.conf
change
listen = 127.0.0.1:9000
for
listen = /var/run/php5-fpm.sock
and reboot
When you look up your php-fpm.conf
example location:
cat /usr/src/php/sapi/fpm/php-fpm.conf
you will see, that you need to configure the PHP FastCGI Process Manager to actually use Unix sockets. Per default, the listen directive` is set up to listen on a TCP socket on one port. If there's no Unix socket defined, you won't find a Unix socket file.
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all IPv4 addresses on a
; specific port;
; '[::]:port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
I encounter this issue when I first run LEMP on centos7 refer to this post.
I restart nginx to test the phpinfo page, but get this
http://xxx.xxx.xxx.xxx/info.php is not unreachable now.
Then I use tail -f /var/log/nginx/error.log to see more info. I find is the
php-fpm.sock file not exist. Then I reboot the system, everything is OK.
Here may not need to reboot the system as Fath's post, just reload nginx and php-fpm.
restart php-fpm
reload nginx config
I am trying to set up nginx server to run a php app in debian. I followed this tutorial among others. Most seems the same. My recent configuration is based on the link above. When I try to run this php script,
<?php
phpinfo();
?>
I get the same output on the browser instead of php info result. Kindly someone help me figure out where I went wrong.
Note: My error logs are clean,contains details on nginx server start only.
Thank you.
You might want to make sure php5-fpm is listening on the correct port you're expecting it to be using. Do a netstat listing and see if php-fpm is listening on port 9000:
netstat -tulpn
You should see a line that looks something like this:
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2390/php-fpm.conf
If not, check your www.conf file (in /etc/php5/fpm/pool.d/www.conf) and look for the "listen = ..." line and make sure it says:
listen = 127.0.0.1:9000
I have seen default configurations of php5-fpm use a socket instead of a tcp port.