Nginx & PHP-FPM – .php File not found – Can't figure out why

johnnygear asked:

I have done days of reading on this issues, as admittedly, I am an Nginx newb. I have read official and unofficial documentation alike and can’t seem to solve my problem. Hopefully, someone here will be kind enought to help me out.

I can server my html pages, such as 403, 404 and 50x.html so I know nginx is working in some capacity. My https redirect also works.

I can telnet to PHP FPM on 9001.

All my permissions appear correct, at least to me.

I have included relavant configuration files and outputs below:

sites-available/default:

server
{
        listen                  [::]:80;
        server_name             domain.com;
        return                  301 https://domain.com$request_uri;
        #rewrite                ^ https://domain.com$request_uri? permanent;
}
server
{
        listen 443              default ssl;
        server_name             domain.com;
        ssl                     on;
        ssl_certificate         /etc/ss-certificates/ss-domain.com.crt;
        ssl_certificate_key     /etc/ss-certificates/ss-domain.com.key;

        root                    /var/www/domain.com/wwwroot;
        index                   index.php;
        access_log              /var/www/domain.com/logs/access.log combined;
        error_log               /var/www/domain.com/logs/error.log debug;

        error_page              404 /404.html;
        error_page              403 /403.html;
        error_page              500 502 503 504 /50x.html;

        location /
        {
                try_files       $uri $uri/ /index.php?q=$uri&$args;
        }

        location ~ .php$
        {
                try_files       $uri =404;
                include         fastcgi_params;
                fastcgi_param   HTTPS                   on;
                fastcgi_param   QUERY_STRING            $query_string;
                fastcgi_param   REQUEST_METHOD          $request_method;
                fastcgi_param   CONTENT_TYPE            $content_type;
                fastcgi_param   CONTENT_LENGTH          $content_length;
                fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
                fastcgi_param   REQUEST_URI             $request_uri;
                fastcgi_param   DOCUMENT_URI            $document_uri;
                fastcgi_param   DOCUMENT_ROOT           $document_root;
                fastcgi_param   SERVER_PROTOCOL         $server_protocol;
                fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
                fastcgi_param   SERVER_SOFTWARE         nginx;
                fastcgi_param   REMOTE_ADDR             $remote_addr;
                fastcgi_param   REMOTE_PORT             $remote_port;
                fastcgi_param   SERVER_ADDR             $server_addr;
                fastcgi_param   SERVER_PORT             $server_port;
                fastcgi_param   SERVER_NAME             $server_name;
                fastcgi_pass    127.0.0.1:9001;
        }

        location ~ /.ht
        {
                deny all;
        }

        location = /favicon.ico
        {
                log_not_found off;
                access_log off;
        }

}

pool.d/domain.com.conf:

[domain]
listen  = 127.0.0.1:9001
user    = www-data
group   = www-data
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
chroot = /var/www/domain.com/wwwroot/
chdir = /

web directory:

ll -s -R /var/www/domain.com/
/var/www/domain.com/:
total 16
4 drwxr-xr-x 4 www-data www-data 4096 Jul 23 22:48 ./
4 drwxr-xr-x 3 root     root     4096 Jul 22 22:49 ../
4 drwxr-xr-x 2 www-data www-data 4096 Jul 25 22:59 logs/
4 drwxr-xr-x 2 www-data www-data 4096 Jul 28 15:00 wwwroot/

/var/www/domain.com/logs:
total 516
  4 drwxr-xr-x 2 www-data www-data   4096 Jul 25 22:59 ./
  4 drwxr-xr-x 4 www-data www-data   4096 Jul 23 22:48 ../
 24 -rw-r--r-- 1 www-data www-data  18128 Jul 28 15:19 access.log
484 -rw-r--r-- 1 www-data www-data 490826 Jul 28 15:20 error.log

/var/www/domain.com/wwwroot:
total 28
4 drwxr-xr-x 2 www-data www-data 4096 Jul 28 15:00 ./
4 drwxr-xr-x 4 www-data www-data 4096 Jul 23 22:48 ../
4 -rw-r--r-- 1 www-data www-data   53 Jul 26 22:56 403.html
4 -rw-r--r-- 1 www-data www-data   53 Jul 26 22:55 404.html
4 -rw-r--r-- 1 www-data www-data  383 Jul 23 22:42 50x.html
4 -rw-r--r-- 1 www-data www-data 1406 Jul 25 21:46 favicon.ico
4 -rwxr-xr-x 1 www-data www-data   88 Jul 22 22:58 index.php*

nginx.conf:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
        ##

        #include /etc/nginx/naxsi_core.rules;

        ##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Thanks in advance for everyone help.

Regards,

JG

My answer:


The problem here is that you’re putting php-fpm in a chroot jail, but nginx is passing the full SCRIPT_FILENAME path to the PHP script.

In your nginx conf you have (among other things):

root /var/www/domain.com/wwwroot;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

For a request for /index.php his translates into /var/www/domain.com/wwwroot/index.php. But you have placed php-fpm into a chroot jail:

chroot = /var/www/domain.com/wwwroot/

So php-fpm sees the file at /index.php and not /var/www/domain.com/wwwroot/index.php.

Therefore, you must adjust the path for SCRIPT_FILENAME so that it matches what php-fpm will see in the chroot. Do this by stripping off $document_root.

fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.