Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Nginx error FastCGI sent in stderr: "Access to the script [folder] has been denied (see security.limit_extensions)"

I am trying to configure my webserver using Nginx and php-fpm
I have successfully configured before in my local computer and dev server, but not now in AWS.
The only difference is I installed Nginx from a source in production server

It gives an error like these in my /var/log/nginx/error.log

2014/03/11 11:09:19 [error] 11138#0: *1 FastCGI sent in stderr: "Access to the script '/home/ambassador-portal/ambassador-api/web' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 202.62.16.225, server: brandapi.whatiwear.com, request: "GET /app_dev.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "brandapi.whatiwear.com", referrer: "http://brandapi.whatiwear.com/"

While the error log in php-fpm gives no error

Here is my nginx.conf

user  root;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
        include /usr/local/nginx/conf/sites-enabled/*.conf;
}

Here is my nginx_host.conf

server {
    server_name brandapi.whatiwear.com;
    access_log /var/log/nginx/brandapi_access.log;
    error_log /var/log/nginx/brandapi_error.log;
    root /home/ambassador-portal/ambassador-api/web;
    disable_symlinks off;
    autoindex on;

    location / {
            try_files $uri $uri/ /app.php$uri?$args;
    }

    location ~ \.htaccess {
            deny all;
    }


    location ~ \.php$ {
            fastcgi_split_path_info ^((?U).+\.php)(.+)$;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO        $fastcgi_path_info;
            fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
            include /usr/local/nginx/conf/fastcgi_params;
    }
}

Here is my /etc/php5/fpm/conf/www.conf

; Start a new pool named 'www'.
[www]

listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1

user = ec2-user
group = ec2-user

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35

slowlog = /var/log/php-fpm/www-slow.log

security.limit_extensions = .php .php3 .php4 .php5 .html .htm
php_admin_value[error_log] = /var/log/php-fpm/5.5/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/5.5/session

I've read from access denied on nginx and php and try to chmod and I've tried the solution from Nginx 403 forbidden for all files and here is my result

dr-xr-xr-x  root        root  /
drwxr-xr-x root        root  home
drwxr-xr-x ec2-user ec2-user ambassador-portal
drwxr-xr-x ec2-user ec2-user ambassador-api
drwxr-xr-x ec2-user ec2-user web

I turned the autoindex on just for seeing if my root directory is right, the weird thing is I can open all files except PHP files

You can see a live example at http://brandapi.whatiwear.com/

What is wrong with my webserver..?

like image 571
Ihsan Kurniawan Avatar asked Mar 11 '14 11:03

Ihsan Kurniawan


1 Answers

I removed these two configurations from the nginx.conf file.

fastcgi_param  PATH_INFO  $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;

It works.

like image 50
张光应 Avatar answered Oct 24 '22 05:10

张光应