access denied on nginx and php

Question

Using nginx web server and php. nginx is working, I see 'Welcome to nginx!' but I get 'access denied' when trying to access a php page. I also installed php-fastcgi.

Here is my nginx default conf:

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
    root   /usr/share/nginx/html;
    fastcgi_index  index.php;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    include fastcgi_params;
   # fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    include        fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny  all;
}

I activited security.limit_extensions = .php .php3 .php4 .php5 .html and listen = /var/run/php5-fpm.sock in /etc/php-fpm.d/www.conf and cgi.fix_pathinfo = 0 in /etc/php5/fpm/php.ini

I restarted nginx and php5-fpm.

Thanks for helping.

Answer 1

In the event that you are trying to use NGINX to parse HTML as PHP and you are getting an Access denied error, you need to change a PHP configuration setting.

On Ubuntu 16, the file you need to update is in /etc/php/7.0/fpm/pool.d/www.conf.

Go to the line where it says ;security.limit_extensions = .php .php3 .php4 .php5 .php7

Replace that with this security.limit_extensions = .php .html. Notice that the leading semi-colon has been removed.

Then restart PHP sudo systemctl restart php7.0-fpm. The issue should be fixed.

For more information please see this more detailed guide: Fix "access denied" error when parsing HTML as PHP with Nginx

Answer 2

Do like this where you have your secondary location

location / {

        try_files $uri $uri/ =404;  

        root /path/to/your/www;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

        fastcgi_param   PATH_INFO         $fastcgi_path_info;
            fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;

    }

These 2 parameters are the magic sauce:

fastcgi_param   PATH_INFO         $fastcgi_path_info;
fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;

Answer 3

I know some possible scenarios when nginx and php cannot access files:

1. Most likely php-fpm process is run by user that does not have read permission on corresponding .php files. This gives plain error Access denied.

2. nginx process does not have read and traverse permissions on root directory containing the sites files. This gives 403 Forbidden error.

3. php-fpm process cannot traverse the absolute path to root directory. This gives File not found error.

Since author mentions, that problem appears only when accessing php files, I would say that first scenario applies here.

I believe the case is that nginx is run as one user and php-fpm as another, only the php-fpm user has been forgotten to give read access.

Answer 4

Please check your fastcgi_params file and change it accordingly to this post https://askubuntu.com/questions/164627/nginx-php-fpm-access-denied-error

I solved my problem by using the above method.