Unix nginx错误连接到php5-fpm.sock失败(13:权限被拒绝)
我将nginx更新为1.4.7,将php更新为5.5.12,之后我得到了502错误。在我更新之前,一切正常 nginx-error.logUnix nginx错误连接到php5-fpm.sock失败(13:权限被拒绝),unix,nginx,php,Unix,Nginx,Php,我将nginx更新为1.4.7,将php更新为5.5.12,之后我得到了502错误。在我更新之前,一切正常 nginx-error.log 2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost,
2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"
nginx.conf
user www www;
worker_processes 1;
location / {
root /usr/home/user/public_html;
index index.php index.html index.htm;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/home/user/public_html$fastcgi_script_name;
include fastcgi_params;
}
user www-data;
worker_processes 1;
location / {
root /usr/home/user/public_html;
index index.php index.html index.htm;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/home/user/public_html$fastcgi_script_name;
include fastcgi_params;
}
php更新后,我也出现了类似的错误。PHP修复了一个where
o
对套接字文件拥有rw
权限的问题
/etc/php5/fpm/pool.d/www.conf
或/etc/php/7.0/fpm/pool.d/www.conf
,具体取决于您的版本李>
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
sudo服务php5 fpm重新启动
或sudo服务php7.0-fpm重新启动
注意:如果您的Web服务器以非www数据的用户身份运行,则需要相应地更新
www.conf
文件@Xander的解决方案可以工作,但在重新启动后不会持续
我发现我必须在/etc/php5/fpm/pool.d/www.conf
中将listen.mode
更改为0660
来自www.conf的示例:
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
编辑:根据@Chris Burgess,我已将此更改为更安全的方法
我删除了listen.mode、.group和.owner的注释:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
/var/run仅保存自上次引导以来运行的系统的信息,例如,当前登录的用户和正在运行的守护进程。()
旁注:
我的
php5 fpm-v
报告:php5.4.28-1+deb.sury.org~precise+1
。这个问题也发生在最近的一次更新之后。这里提到的所有修复基本上再次启用了安全漏洞
我最后做的是将以下几行添加到我的PHP-FPM配置文件中
listen.owner = www-data
listen.group = www-data
确保www数据实际上是运行nginx worker的用户。对于debian,默认情况下是www数据
这样做不会启用。事实上,“listen.mode”应该是:“0660”而不是“0666”,因为其他可写或其他可读的模式在这里永远不是一个好的选择
因此,请尝试找出您的Web服务器运行的用户/组。我使用CentOs,它作为用户“nginx”运行
因此,将以下内容添加到php-fpm.conf中:
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
最后重新启动php fpm除了在php配置中扩展权限之外,您还可以更改nginx配置中指定的用户 在上面nginx.conf摘录的第一行中,用户和组分别指定为www和www
user www www;
同时,您的php配置可能会指定一个用户和一组www数据:
listen.owner = www-data
listen.group = www-data
您可以将nginx.conf中的行更改为以下任意一项,然后:
user www-data www;
user www-data www-data; # or any group, really, since you have the user matching
user www www-data; # requires that your php listen.mode gives rw access to the group
还必须考虑您的个人FPM池(如有) 我不明白为什么这些答案今天都不适用于我。对于我来说,这是一个设置并忘记的场景,我忘记了listen.user和listen.group是在每个池的基础上复制的 如果您像我一样为不同的用户帐户使用池,其中每个用户帐户都拥有其FPM进程和套接字,那么仅将默认的listen.owner和listen.group配置选项设置为“nginx”将根本不起作用。显然,让“nginx”拥有它们也是不可接受的 对于每个池,请确保
listen.group = nginx
否则,您可以将池的所有权等问题放在一边。今天我更新了运行Ubuntu 14.04的机器(带有PHP更新),再次遇到了这个错误。分发配置文件
/etc/php5/fpm/pool.d/www.conf
很好,目前不需要任何更改
我发现了以下错误:
dmesg | grep php
[...]
[ 4996.801789] traps: php5-fpm[23231] general protection ip:6c60d1 sp:7fff3f8c68f0 error:0 in php5-fpm[400000+800000]
[ 6788.335355] traps: php5-fpm[9069] general protection ip:6c5d81 sp:7fff98dd9a00 error:0 in php5-fpm[400000+7ff000]
奇怪的是,我在这台机器上运行了两个使用PHP-FPM的站点,一个运行得很好,另一个(一个小小的RSS安装)给了我一个502,这两个站点以前都运行得很好
我比较了两个配置文件,发现fastcgi\u param SCRIPT\u FILENAME$document\u root$fastcgi\u SCRIPT\u name受影响站点缺少代码>
这两个配置文件现在都包含以下块,并且再次正常运行:
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/snippets/fastcgi-php.conf;
}
更新
需要注意的是,Ubuntu提供了两个与fastcgi相关的参数文件和一个配置代码段,该代码段自Vivid以来一直可用,并且也在版本中。相应地更新了解决方案
fastcgi参数文件的差异:
$ diff -up fastcgi_params fastcgi.conf
--- fastcgi_params 2015-07-22 01:42:39.000000000 +0200
+++ fastcgi.conf 2015-07-22 01:42:39.000000000 +0200
@@ -1,4 +1,5 @@
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
/etc/nginx/snippets/fastcgi php.conf
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
如果您已经尝试了本文中的所有内容,但没有成功地使PHP正常工作,那么这就是为我的案例修复它的原因:
确保在/etc/php5/fpm/pool.d/www.conf中未注释这些行:
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
确保/etc/nginx/fastcgi_参数如下所示:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
我的/etc/nginx/fastcgi_参数中缺少这两行,请确保它们在那里
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
然后,重新启动php5 fpm和nginx。应该这样做。检查哪个用户运行nginx。从Ubuntu 12.04开始,nginx由nginx用户运行,该用户不是www数据组的成员
usermod-a-G www-data-nginx
重新启动nginx和php5 fpm守护进程可以解决问题。只需添加,在CentOS(可能还有Red Hat和Fedora)上,要更改权限的文件位于:
/etc/php-fpm.d/www.conf
user = nginx
group = nginx
...
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
为了得到最舒适的系统,我在服务器上更改了很多次操作系统
它过去大部分时间都工作得很好,但最后我遇到了502网关错误
我为每个帐户使用一个php fpm套接字,而不是为所有帐户保留相同的套接字。因此,如果一个应用程序崩溃,至少其他应用程序会继续运行
我曾经有用户和组www数据。但在我的Debian 8上,最新的Nginx 1.8和php5 fpm改变了这一点
默认用户是nginx,组也是。为了确保这一点,最好的方法是检查/etc/group和/etc/passwd文件。这些不能撒谎
就是在那里,我发现现在我在这两个方面都使用了nginx,而不再使用www数据
也许这可以帮助一些人
service nginx restart
add-apt-repository ppa:ondrej/php
apt-get purge php5-common
apt-get update
apt-get install php5.6
user = [pool-user]
group = [pool-group]
listen.owner = [nginx-user]
listen.group = [nginx-group]
listen.owner = nginx
listen.group = nginx
chown nginx:nginx /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
user = nginx
group = nginx
# getenforce
# setenforce 0
user www-data;
worker_processes 1;
location / {
root /usr/home/user/public_html;
index index.php index.html index.htm;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/home/user/public_html$fastcgi_script_name;
include fastcgi_params;
}
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
$ sudo chown nginx:nginx /var/run/php/php7.2-fpm.sock
user = nginx
group = nginx
...
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
[www] # WRONG | IN MY CASE I WAS UNDER www POOL SO IT WASNT WORKING FOR ME.
[foo] # CORRECT | THE POOL AND THE USER MATCHES.
listen.owner = foo
listen.group = foo
listen.mode = 0660
user = foo
group = foo
listen.owner = foo
listen.group = foo
listen.mode = 0660
listen.acl_users = nginx
group = nginx