Nginx 1.6 + php5-fpm socket communication fail - sockets

I have problem with Nginx and PHP5-fpm, if I configure Nginx 1.2.1 everything is fine, but if I upgrade to 1.6 I have only blank page. Cany anyone say why?
Socket is created fine.
Html pages working
If i see network in Chrome i have 200OK
In PHP is only:
<?php
phpinfo();
?>
My confing files:
/etc/nginx/conf.d/web.conf
server {
listen 192.168.99.127:8080;
server_name sub.localhost;
root /home/clients_ssl/sub/www;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass unix:/etc/php5/fpm/socks/ssl_sub.sock;
include fastcgi_params;
fastcgi_param HTTPS on;
}
location ~ /\. {
deny all;
}
access_log /home/clients_ssl/sub/logs/access.log;
error_log /home/clients_ssl/sub/logs/error.log;
error_page 404 /404.html;
}
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
/etc/php5/fpm/pool.d/web.conf
[ssl_sub]
listen = /etc/php5/fpm/socks/ssl_sub.sock
user = nginx
group = nginx
pm = dynamic
pm.max_children = 50
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 0
php_admin_value[open_basedir]=/
php_admin_value[session.save_path]=/home/clients_ssl/sub/tmp
php_admin_value[upload_tmp_dir]=/home/clients_ssl/sub/tmp
php_admin_value[disable_functions]=dl
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
((( if i change lister.owner/group and user/group to other system user for example USER0 i have error 502 bad gateway, where is problem? ))))
/etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

If you have upgraded nginx by including
deb http://nginx.org/packages/debian/ wheezy nginx
deb-src http://nginx.org/packages/debian/ wheezy nginx
in your /etc/apt/sources.list file, you won't have a copy of fastcgi.conf in your /etc/nginx folder.
Find the file fastcgi_params in /etc/nginx and add this line:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
to the top of the file. Rename the file to fastcgi.conf
Then, you can replace include fastcgi_params; to include fastcgi.conf; in your .conf file's php location block.

I had also some problems after update nginx 1.2 to 1.6
I got this information (see below), when I install wheezy-backports main contrib non-free
I put to this list: /etc/apt/sources.list
that source:
deb http://ftp.de.debian.org/debian/ wheezy-backports main contrib non-free
Information by the installation:
Fastcgi configuration issues ============================
nginx shipped a modified fastcgi_params, which declared
SCRIPT_FILENAME fastcgi_param. This line has now been removed.
From now on we are also shipping fastcgi.conf from the upstream
repository, which includes a sane SCRIPT_FILENAME parameter value.
So, if you are using fastcgi_params, you can try switching to
fastcgi.conf or manually set the relevant params.
So I made a change in etc/nginx/conf.d/default.conf
I changed include fastcgi_params; to include fastcgi.conf;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 600;
}
Afterwards, restart php5-fpm and nginx
My php formular / form now works again in nginx 1.6.2

Related

nginx config - negative condition

I make HTTP authorization in nginx config for all files, exclude index.php:
server {
listen 80;
root /var/www/site;
index index.php;
charset utf-8;
location ~ /(?!index.php) {
auth_basic "Unauthorized";
auth_basic_user_file /var/www/site/htpasswd;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 3000;
}
}
As a result, nginx instead of executing PHP files, begins to give them to download. Without location ~ /(?! index.php) - files are normally executed.
How to make a negative condition correctly?

How to remove trailing slash from URL in nginx only if directory doesn't exist?

I am running a server on nginx 1.4.1 with PHP-FastCGI. Currently I have it setup so that it removes trailing slashes from my URLs and issues a 301 redirect. However, when I visit a directory that exists, I am forced into a redirect loop. My current document root looks like this:
- index.php (app)
- webgrind
- index.php
- static
- css
Currently I cannot visit example.com/webgrind or any other directory. My access logs repeatedly read similar to:
GET /webgrind/ HTTP/1.1" 301 178 "-"
GET /webgrind HTTP/1.1" 301 178 "-"
This is the server block in my nginx.conf:
server {
listen 80;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$args;
root /var/www/example/public;
index index.php index.html index.htm;
}
rewrite ^/(.*)/$ /$1 permanent;
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
root /var/www/example/public;
index index.php index.html index.htm;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example/public$fastcgi_script_name;
fastcgi_param APPLICATION_ENV testing;
fastcgi_param PATH /usr/bin:/bin:/usr/sbin:/sbin;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
I am aware that rewrite ^/(.*)/$ /$1 permanent; is the offending line. If I remove it and visit example.com/webgrind, a 301 is issued for me to redirect to example.com/webgrind/ since it is a directory. However, my application will now accept both trailing and non-trailing slashes (i.e. example.com/users/ and example.com/users) and this is not what I want.
Wrapping the 'if' directive around my rewrite as follows still creates a redirect loop for my directories (if is evil, apparently, but a rewrite directive in this case is considered safe):
if (!-d $request_filename) {
rewrite ^/(.*)/$ /$1 permanent;
}
(I know that visiting webgrind/index.php would solve my problem, but I'd like to avoid costly and unprofessional redirect loops when my production directories are pushed live.)
So how can I conditionally strip trailing slashes only for resources that don't exist (my web application paths)?
UPDATE: My (unaltered) fastcgi_params config:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
Putting the root directive outside of the location block as a direct child of the server block fixed the issue.
server {
listen 80;
server_name example.com;
# This WORKS!
root /var/www/example/public;
location / {
try_files $uri $uri/ /index.php?$args;
index index.php index.html index.htm;
}
if (!-d $request_filename) {
rewrite ^/(.*)/$ /$1 permanent;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
index index.php index.html index.htm;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example/public$fastcgi_script_name;
fastcgi_param APPLICATION_ENV testing;
fastcgi_param PATH /usr/bin:/bin:/usr/sbin:/sbin;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
Apparently it is a pitfall that the Nginx wiki recommends to avoid.

nginx php5-fpm failed (2: No such file or directory)

QUESTION: What am I missing or doing wrong?
I'm trying to migrate fully functional Zend Framework application from Apache2 with mod_php5 to nginx with php5-fpm. I get this kind of errors:
2012/06/27 12:08:04 [error] 1986#0: *1 open() "/var/www/public/sales/live-trials-json" failed (2: No such file or directory), client: *.*.*.*, server: www.mydomain.com, request: "POST /sales/live-trials-json HTTP/1.1", host: "www.mydomain.com", referrer: "https://www.mydomain.com/sales/live-trials"
Here are my configuration files:
a) /etc/nginx/sites-enabled/www
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location = /(favicon.ico|robots.txt) {
access_log off;
log_not_found off;
}
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
b) /etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
c) /etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 20
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
chdir = /
d) ls -al /var/www
drwxr-xr-x 7 www-data www-data 4096 Jun 27 10:52 application
drwxr-xr-x 5 www-data www-data 4096 Jun 27 10:52 library
drwxr-xr-x 10 www-data www-data 4096 Jun 27 12:05 public
e) nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments:
--prefix=/etc/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--lock-path=/var/lock/nginx.lock
--pid-path=/var/run/nginx.pid
--with-debug
--with-http_addition_module
--with-http_dav_module
--with-http_geoip_module
--with-http_gzip_static_module
--with-http_image_filter_module
--with-http_realip_module
--with-http_stub_status_module
--with-http_ssl_module
--with-http_sub_module
--with-http_xslt_module
--with-ipv6
--with-sha1=/usr/include/openssl
--with-md5=/usr/include/openssl
--with-mail
--with-mail_ssl_module
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-auth-pam
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-echo
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-dav-ext-module
f) php -v (this is cli version, but I swear I am running nginx with fpm:)
PHP 5.3.10-1ubuntu3 with Suhosin-Patch (cli) (built: Apr 11 2012 17:25:33)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Alright, after long and exhausting struggles, I've managed to figure out this madness. So, I've started everything from scratch and here is what I've learned:
Entire weirdness is somewhere in location ~* ... { ... }, so whoever have better experience, please explain why :-) Meanwhile I'll manage assets and caching on application layer.
My functional configuration file looks like this:
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
Thanks for trying, especially #sarnold and #sergei-lomakov!
Your nginx configuration is little wrong.
Because agree with your rules, nginx tries to access /var/www/public/sales/live-trials-json
which doesn't exist.
Because I don't know which endpoints your application use, I suggest you to make two nginx locations. First , for all static files (with regexp) create this location:
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
All another queries should be proxied to apache:
location / {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
Make little change with this rule:
location ~* ^/(favicon.ico|robots.txt)$ {
access_log off;
log_not_found off;
}
Of course, you can leave ".ht settings" untouched:
location ~ /\.ht {
deny all;
}
So, Final config will be:
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location ~* ^/(favicon.ico|robots.txt)$ {
access_log off;
log_not_found off;
}
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
fastcgi_pass 127.0.0.1:9000;
# I'm not sure that this setting is needed:
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
As you noted, your problem is with
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
This matches your POST uri of /sales/live-trials-json because it hasn't been anchored to the end of the uri path, and . matches any character. This means that '-js' matches. To fix this, you just need to add a \ (to match a literal '.') and a $ (to anchor the match at the end of the uri path):
location ~* \.(css|js|jpeg|jpg|gif|png|ico|xml)$ {
access_log off;
expires 30d;
}

How to use sockets with nginx and fastcgi

I am trying to use sockets rather than tcp for nginx and fastcgi.
Below is my config for nginx. It works if I use 127.0.0.1:9001 i.e. tcp connection.
Here is the error log.
2012/03/06 22:04:53 [crit] 19328#0: *1 connect() to unix:/tmp/nginx9001.socket failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: 127.0.0.1, request: "GET /pixel/ HTTP/1.1", upstream: "fastcgi://unix:/tmp/nginx9001.socket:", host: "127.0.0.1"
The nginx conf:
location /pixel/ {
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
#fastcgi_pass 127.0.0.1:9001;
fastcgi_pass unix:/tmp/nginx9001.socket;
}
Here is my spawn-fcgi script
exec spawn-fcgi -n -d /home/ubuntu/workspace/rtbopsConfig/rtbServers/ -s /tmp/nginx9001.socket -f /home/ubuntu/workspace/rtbopsConfig/rtbServers/index.py >> /var/log/test.sys.log 2>&1
PHP isn't configured to listen on the unix socket, it's configured to listen on the tcp socket. Change your PHP config to match what you you want it to be.

Nginx + Php-fpm + Zend Framework 1.11 strange rewrite error

I have strange rewrite problem with nginx & php5-fpm on an *nix platform. I'm using a Router.php class as app resource and there are lot of routes in this file which generates user-friendly uri's for corresponding modules & controllers. Now, i want to move some of this regex based application routes to nginx level and when i move a route to nginx config, i'm getting "invalid controller specified" error.
Simply, when a user requests a /foo URI, i want to trigger BarController's bazAction(). It's successfully working on application level (via Router resource)
public function init() {
$router = Zend_Controller_Front::getInstance()->getRouter();
$f = new Zend_Controller_Router_Route_Static('foo',
array( 'controller' => 'Bar',
'action' => 'baz'));
$router->addRoute( 'foo', $f);
...
When i try to do this using nginx rewrite rules like this
rewrite ^/foo /index.php/bar/baz?$args last;
I'm getting Invalid controller specified (foo) error. How can i handle this rewrite rules correctly?
My server.config is:
server {
listen 80;
server_name www.dummy.com;
root /Users/foozy/Sites/dummy.com/public;
index index.php;
location / {
try_files $uri $uri/ #rewrites;
}
location #rewrites {
rewrite ^/foo /index.php/bar/baz?$args last;
# i also tried :
# rewrite ^/foo /bar/baz?$args last;
rewrite ^ /index.php?$args;
}
location ~ ^.+\.php {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
My fastcgi_params file is:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
... nginx's default params here ...
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
...
fastcgi_param APPLICATION_ENV development;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
And in php.ini fix_pathinfo is set to 0:
cgi.fix_pathinfo=0
PHP v5.3.8, Nginx v1.0.10
I used this manual to make routers worked NGINX + PHP-FPM + Zend_Framework Infinite 30x redirect loop