What needs to be fixed so that php-fpm looks for the correct path?

V

VicTHOR2020-08-28 09:53:05

Nginx

VicTHOR, 2020-08-28 09:53:05

php fpm conf

[somephpservice]
listen = /run/php-fpm/somephpservice.sock
listen.owner = www
listen.group = www
listen.mode = 0660

user = phpfpm
group = www

pm = ondemand
pm.max_children = 50
pm.process_idle_timeout = 10s
pm.max_requests = 500

request_slowlog_timeout = 5s
slowlog = /var/log/php-fpm/somephpservice.slowlog.log
access.log = /var/log/php-fpm/somephpservice.access.log

; php.ini override
request_terminate_timeout = 120s
php_admin_value[session.save_path] = /srv/.tmp/php_sessions/somephpservice
php_admin_value[upload_tmp_dir] = /srv/.tmp/php_upload/somephpservice
php_admin_value[upload_max_filesize] = 100M
php_admin_value[post_max_size] = 100M

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
;php_admin_value[memory_limit] = 32M
;php_admin_value[open_basedir] = /srv
;php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source,stream_set_write_buffer,stream_socket_sendto,highlight_file,com_load_typelib
;php_admin_value[soap.wsdl_cache_dir] = /var/www/{{ username }}/tmp


; $_ENV['env']
;env[TMP] = /tmp

nginx server conf

#localhost:12345
server {
    listen 12345 default_server;

    error_log /dev/null crit;
    access_log /var/log/nginx/12345.access.log;

    error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /;

    location / {
        root /srv/noindex;
        index index.html;
    }

    location ^~ /somephpservice/ {
        access_log   off;
        error_log    /var/log/nginx/somephpservice.error.log;

        try_files $uri $uri/ =404;
        server_tokens off;
        client_max_body_size 3m;
        client_body_buffer_size 128k;
        root         /srv/;
        index        index.php index.html;

        location ~ \.php$ {
            try_files $uri $uri/ =404;
            server_tokens off;
            client_max_body_size 3m;
            client_body_buffer_size 128k;

            fastcgi_intercept_errors on;
            fastcgi_index  index.php;
            include        fastcgi_params;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO $fastcgi_path_info;

            fastcgi_pass   unix:/var/run/php-fpm/somephpservice.sock;
        }
    }
}

accordingly, some blocks are include snippet, 12345 and somephpservice are fake values.
in the php-fpm access logs the request is

- -  28/Aug/2020:09:27:03 +0300 "GET /somephpservice/index.php" 404

If done cgi.fix_pathinfo=0, I will - - 28/Aug/2020:09:27:03 +0300 "GET " 404

get Other files, for example localhost:12345/somephpservice/123.txt
But I can’t get the index neither localhost:12345/somephpservice/ nor localhost:12345/somephpservice/index.php

any comments on configs are welcome :)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

VicTHOR, 2020-08-28
@VicTHOR

In general, I do not fully understand how ACL works, I changed it to such values

getfacl: Removing leading '/' from absolute path names
# file: srv/somephpservice/index.php
# owner: root
# group: root
user::rw-
user:www:rwx                    #effective:rw-
group::r--
group:www:rwx                   #effective:rw-
mask::rw-
other::---

now everything works, despite the fact that nginx and php-fpm are not running as root, but with the www group (as planned)

Z

Zerg89, 2020-08-28
@Zerg89

it looks like the problem here is try_files $uri $uri/ =404; I didn’t find syntax = in nginx, but I assume that, if it matches, it sends to 404