Page 1 of 1
PHP5-FPM socket error.
Posted: Mon Nov 23, 2015 2:41 pm
by Neso
Hey,
i have the latest Vesta (0.9.8-15) installed on Debian 8.2. I have created a new Package with Nginx template set on Default on PHP5-FPM template on socket. First problem is that when I click on edit it still shows that both are on default template, and if I change it to socket again it says that changes have been saved but it's still on default (listening on tcp).
Now I have made a user with that package and created a website, again setting the PHP5-FPM template to socket, the default index.html displays fine, but when I upload Koken index.php I get error 500 and in /home/neso/web/xxx.xx/logs/xxx.xx.error.log:
Code: Select all
2015/11/23 16:24:32 [crit] 7950#0: *6 connect() to unix:/var/run/php5-xxx.xx.sock failed (13: Permission denied) while connecting to upstream, client: 85.253.128.22, server: xxx.xx, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-xxx.xx.sock:", host: "xxx.xx"
I found the problem in /etc/php5/fpm/pool.d/xxx.xx.conf:
Code: Select all
listen.owner = neso
listen.group = nginx
when I changed both to www-data the error disappeared and everything was working, is it a bug or have I messed something up with the custom package etc? I changed both to www-data because thats what the user was set on /etc/nginx/nginx.conf
Best regards,
Neso
Re: PHP5-FPM socket error.
Posted: Mon Nov 23, 2015 2:49 pm
by Neso
/etc/nginx/nginx.conf
Code: Select all
# Server globals
user www-data;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Worker config
events {
worker_connections 1024;
use epoll;
}
http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 1m;
client_body_timeout 1m;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 256m;
large_client_header_buffers 4 8k;
send_timeout 30;
keepalive_timeout 60 60;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
#access_log /var/log/nginx/access.log main;
access_log off;
# Mime settings
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_comp_level 9;
gzip_http_version 1.0;
gzip_vary on;
gzip_min_length 50;
gzip_buffers 16 8k;
gzip_types
text/css
text/plain
text/javascript
application/javascript
application/json
application/x-javascript
application/xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/rss+xml
application/atom_xml;
gzip_proxied any;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
#set_real_ip_from 2400:cb00::/32;
#set_real_ip_from 2606:4700::/32;
#set_real_ip_from 2803:f800::/32;
#set_real_ip_from 2405:b500::/32;
#set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 3m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
# Error pages
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 502 503 504 /error/50x.html;
# Cache
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_temp_path /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 3d;
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# Wildcard include
include /etc/nginx/conf.d/*.conf;
}
/etc/php5/fpm/pool.d/xxx.xx.conf
Code: Select all
[xxx.xx]
listen = /var/run/php5-xxx.xx.sock
listen.allowed_clients = 127.0.0.1
user = neso
group = neso
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 50
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 10
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
/home/neso/conf/web/nginx.conf
Code: Select all
server {
listen xxx.xxx.xxx.xxx:80;
server_name xxx.xx www.xxx.xx;
root /home/neso/web/xxx.xx/public_html;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/xxx.xx.log combined;
access_log /var/log/nginx/domains/xxx.xx.bytes bytes;
error_log /var/log/nginx/domains/xxx.xx.error.log error;
location / {
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/var/run/php5-xxx.xx.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias /home/neso/web/xxx.xx/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include /home/neso/conf/web/nginx.xxx.xx.conf*;
}
Re: PHP5-FPM socket error.
Posted: Sat Jan 09, 2016 3:50 am
by spell
Yes. Adding lines
listen.owner = www-data
listen.group = www-data
instead of
listen.owner = admin
listen.group = nginx
and deleting sock file and restarting services worked for me as well.
I guess it's a bug. Don't know how to file an issue.
Re: PHP5-FPM socket error.
Posted: Sat Jan 09, 2016 5:45 am
by joem
spell wrote:Yes. Adding lines
listen.owner = www-data
listen.group = www-data
instead of
listen.owner = admin
listen.group = nginx
and deleting sock file and restarting services worked for me as well.
I guess it's a bug. Don't know how to file an issue.
You can report this issue on bugs.vestacp.com or on github
https://github.com/serghey-rodin/vesta/
Re: PHP5-FPM socket error.
Posted: Sun Jan 10, 2016 4:10 pm
by grenadecx
To solve this in the meanwhile, you could edit the template file being used (For Ubuntu 14.04 at least. Webserver might run under different user on another dist...):
/usr/local/vesta/data/templates/web/php5-fpm/socket.tpl
And change
Code: Select all
listen.owner = %user%
listen.group = nginx
to
Code: Select all
listen.owner = %user%
listen.group = www-data