I update nginx to 1.4.7 and php to 5.5.12, After that I got the 502 error. Before I update everything works fine.
nginx-error.log
2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"
nginx.conf
user www www;
worker_processes 1;
location / {
root /usr/home/user/public_html;
index index.php index.html index.htm;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/home/user/public_html$fastcgi_script_name;
include fastcgi_params;
}
I had a similar error after php update. PHP fixed a security bug where o
had rw
permission to the socket file.
/etc/php5/fpm/pool.d/www.conf
or /etc/php/7.0/fpm/pool.d/www.conf
, depending on your version. Uncomment all permission lines, like:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Restart fpm - sudo service php5-fpm restart
or sudo service php7.0-fpm restart
Note: if your webserver runs as user other than www-data, you will need to update the www.conf
file accordingly
All the fixes currently mentioned here basically enable the security hole all over again.
What I ended up doing is adding the following lines to my PHP-FPM configuration file.
listen.owner = www-data
listen.group = www-data
Make sure that www-data is actually the user the nginx worker is running as. For debian it's www-data by default.
Doing it this way does not enable the security problem that this change was supposed to fix.
@Xander's solution works, but does not persist after a reboot.
I found that I had to change listen.mode
to 0660
in /etc/php5/fpm/pool.d/www.conf
.
Sample from www.conf:
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
Edit: Per @Chris Burgess, I've changed this to the more secure method.
I removed the comment for listen.mode, .group and .owner:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
/var/run Only holds information about the running system since last boot, e.g., currently logged-in users and running daemons. (http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard#Directory_structure).
Side note:
My php5-fpm -v
Reports: PHP 5.4.28-1+deb.sury.org~precise+1
. The issue did happen after a recent update as well.
If you have tried everything in this post but are not having success getting PHP to work, this is what fixed it for my case:
Make sure you have these lines uncommented in /etc/php5/fpm/pool.d/www.conf:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Make sure /etc/nginx/fastcgi_params looks like this:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there!
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
Then, restart php5-fpm and nginx. Should do the trick.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With