发表新帖
发表新帖

nginx and php-fpm socket owner

前端 未结
关注
7 1337
孤城傲影
孤城傲影 2020-12-24 14:27

After an update of my system I ran into a bad gateway error of my PHP apps running on Nginx.

1 connect() to unix:/var/run/php-fcgi-vhostname-php-fcgi-

相关标签:
7条回答
  • 失恋的感觉
    2020-12-24 15:03

    everybody! That's my issue too. I just changed my fpm user to vagrant, restart my pools and ... it's done! Here comes my conf:

    user = vagrant
group = nginx

listen.owner = vagrant
listen.group = nginx
listen.mode = 0660

    Hope it can help someone.

    0 讨论(0)
  • 死守一世寂寞
    2020-12-24 15:04

    Just do it anything else

    My Config Vagrant / Ubuntu 16 / Nginx 1.13 / PHP-FPM 7.1

    sudo vi /etc/nginx/nginx.conf

    Change first line user nginx => user www-data

    service nginx restart
    0 讨论(0)
  • 滥情空心
    2020-12-24 15:05

    On my installation, Centos 7.5, Apache with php 7.1 and php 5.6 I had the same problem where I had to manually fix the permissions on the php56-php.fpm.sock (owned by root) after every reboot.

    My config for php56 was here and may be different on your install: /opt/remi/php56/root/etc/php-fpm.d/www.conf

    I changed this commented section in the file:

    listen.owner = nginx
listen.group = nginx
listen.mode = 0666

    Now after restart everything is fine with correct permissions on the socket file. Not sure about the listen.mode. I think 0660 also works.

    0 讨论(0)
  • 北荒
    2020-12-24 15:13

    NGINX runs as user nginx and php5-fpm as user www-data. Just add nginx to group www-data and the problem is solved, and nginx can access /var/run/php5-fpm.sock. Works great with Ubuntu 14.04, nginx 1.7.10, PHP 5.5.9-1ubuntu4.6 (fpm-fcgi):

    $ sudo usermod -aG www-data nginx
    0 讨论(0)
  • 轮回少年
    2020-12-24 15:16

    Config files FPM will read

    /etc/php-fpm.conf is the config file FPM will read (on CentOS). If you want FPM to read other config files as well, you need to tell it that.

    You can do this by placing the line include=/etc/php-fpm.d/*.conf at the bottom of /etc/php-fpm.conf. It will then read everything in the directory /etc/php-fpm.d (that ends with .conf).

    Then place the global directives and the include line in /etc/php-fpm.conf. This could look something like this:

    [global]

pid = /var/run/php-fpm/php-fpm.pid
error_log = /var/log/php5-fpm.log

include=/etc/php-fpm.d/*.conf

    And have a separate file in /etc/php-fpm.d for each pool.

    Example /etc/php-fpm.d/global.conf:

    [global-pool]

user = www-data
group = www-data

listen = /var/run/php-fcgi.sock

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

pm = dynamic
pm.start_servers = 1
pm.max_children = 5
pm.min_spare_servers = 1
pm.max_spare_servers = 5

    Example /etc/php-fpm.d/vhostname-0.conf:

    [vhostname-php-fcgi-0]

user = www-data
group = www-data

listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5

    Directives to pay attention to

    • Every pool should use a different socket. If you have multiple pools using the same socket you'll get issues.

    • The directives user and group control the user/group which the FPM process for that pool will run as. These do not specify the user/group of the socket.

    • The directives listen.owner and listen.group control the user/group the socket uses for that pool.

    • The pool directives (like listen.*) will only work for pools. So you can't use them in the global section, you have to specify them for each pool.

    Socket permissions

    The permissions 0660 are perfectly fine when listen.owner and listen.group are the same as the webserver. You could even use 0600, but one might argue that any user that can operate under the same group as the webserver can also use the socket, so I would use 0660.

    0 讨论(0)
  • 眼角桃花
    2020-12-24 15:16

    Just adding here that the listen.acl_users directive should be commented, otherwise, it will override the listen.owner and listen.group values:

    ; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users = apache,nginx
    0 讨论(0)
 看不清?
提交回复
热议问题