nginx on fedora fastcgi not working

falkseidl asked:

I’m running nginx on Fedora Server 22 and fastcgi scripts are not working.

Under http://panel.minefight.org/ enter any login data, it doesn’t load the password fail or success site. The same thing happens with other login forms. The server isn’t redirecting the user, and I don’t know how to fix that. I hope this example is easy to understand.

The testpage is saying, that fastcgi is running and connected with nginx.

php-fpm.conf:

upstream php-fpm {
    server unix:/run/php-fpm/www.sock;
}

php.conf:

index index.php index.html index.htm;

location ~ .php$ {
try_files $uri =404;
fastcgi_intercept_errors on;
fastcgi_index  index.php;
include        fastcgi_params;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
fastcgi_pass   php-fpm;
}

The error log contains then the following (When trying to login into gamepanel):

    2015/05/30 22:15:57 [error] 1911#0: *1 FastCGI sent in stderr: "PHP    message: PHP Deprecated:  mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /mnt/ext/web/html/panel/includes/mysql.php on line 39
    PHP message: PHP Warning:  session_start(): open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in /mnt/ext/web/html/panel/include.php on line 52" while reading response header from upstream, client: 92.206.106.243, server: panel.minefight.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org"
    2015/05/30 22:15:57 [error] 1911#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in Unknown on line 0
    PHP message: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream, client: 92.206.106.243, server: panel.minefight.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org"
    2015/05/30 22:16:02 [error] 1911#0: *1 FastCGI sent in stderr: "PHP message: PHP Deprecated:  mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /mnt/ext/web/html/panel/includes/mysql.php on line 39
    PHP message: PHP Warning:  session_start(): open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in /mnt/ext/web/html/panel/include.php on line 52
    PHP message: PHP Warning:  Unknown: open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in Unknown on line 0
    PHP message: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading response header from upstream, client: 92.206.106.243, server: panel.minefight.org, request: "POST /loginprocess.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org", referrer: "http://panel.minefight.org/"
    2015/05/30 22:16:02 [error] 1911#0: *1 FastCGI sent in stderr: "PHP message: PHP Deprecated:  mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /mnt/ext/web/html/panel/includes/mysql.php on line 39
    PHP message: PHP Warning:  session_start(): open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in /mnt/ext/web/html/panel/include.php on line 52" while reading response header from upstream, client: 92.206.106.243, server: panel.minefight.org, request: "GET /login.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org", referrer: "http://panel.minefight.org/"
    2015/05/30 22:16:02 [error] 1911#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in Unknown on line 0
    PHP message: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream, client: 92.206.106.243, server: panel.minefight.org, request: "GET /login.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org", referrer: "http://panel.minefight.org/"

The strange thing is, that it’s working under apache.
A user in the gamepanel forums also reported this: “It appears to be an issue with redirection and storing sessions properly with nginx.”

The same thing happens with owncloud.
Error log when trying to login in owncloud:

2015/05/30 22:24:07 [error] 1953#0: *5 open() "/mnt/ext/web/html/owncloud/index.php/core/js/oc.js" failed (20: Not a directory), client: 92.206.106.243, server: minefight.org, request: "GET /owncloud/index.php/core/js/oc.js?v=daf8b986d2ba29cf78e2efc057a4a442 HTTP/1.1", host: "minefight.org", referrer: "http://minefight.org/owncloud/"
2015/05/30 22:24:07 [error] 1953#0: *5 open() "/mnt/ext/web/html/404.html" failed (2: No such file or directory), client: 92.206.106.243, server: minefight.org, request: "GET /owncloud/index.php/core/js/oc.js?v=daf8b986d2ba29cf78e2efc057a4a442 HTTP/1.1", host: "minefight.org", referrer: "http://minefight.org/owncloud/"
2015/05/30 22:24:14 [error] 1953#0: *4 open() "/mnt/ext/web/html/owncloud/index.php/core/js/oc.js" failed (20: Not a directory), client: 92.206.106.243, server: minefight.org, request: "GET /owncloud/index.php/core/js/oc.js?v=daf8b986d2ba29cf78e2efc057a4a442 HTTP/1.1", host: "minefight.org", referrer: "http://minefight.org/owncloud/"
2015/05/30 22:24:14 [error] 1953#0: *4 open() "/mnt/ext/web/html/404.html" failed (2: No such file or directory), client: 92.206.106.243, server: minefight.org, request: "GET /owncloud/index.php/core/js/oc.js?v=daf8b986d2ba29cf78e2efc057a4a442 HTTP/1.1", host: "minefight.org", referrer: "http://minefight.org/owncloud/"

If a user is accessing the phpinfo.php site with the parameter “?id=1” the error log contains the following:

2015/05/30 22:35:16 [crit] 2036#0: *7 open() "/var/lib/nginx/tmp/fastcgi/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 92.206.106.243, server: minefight.org, request: "GET /phpinfo.php?id=1 HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "minefight.org"

My answer:


The problem you are having is that PHP can’t write to the /var/lib/php/session directory:

PHP message: PHP Warning:  session_start(): open(/var/lib/php/session/sess_05tmojugo0peqvoevmlnk4ch36, O_RDWR) failed: Permission denied (13) in /mnt/ext/web/html/panel/include.php on line 52" while reading response header from upstream, client: 92.206.106.243, server: panel.minefight.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "panel.minefight.org"

If you look at the permissions of this directory, you will find something like this:

# ls -Zld /var/lib/php/session/
drwxrwx---. 2 system_u:object_r:httpd_var_run_t:s0 root apache 44 May 15 05:26 /var/lib/php/session/

But because you changed php-fpm’s user from apache to management, the new user can’t write to this directory.

To resolve the problem, you can either change the user and group that php-fpm runs as, or change the ownership of /var/lib/php/session. Be aware that if you do the latter, that the ownership will revert every time you upgrade PHP (as it is embedded into the RPM package) and will need to be corrected again.

I would recommend you set an ACL on this directory, as this won’t be disturbed by upgrades. For instance:

setfacl -m u:management:rwx,d:u:management:rwx /var/lib/php/session

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.