0

I have added two line in: "/etc/php5/fpm/php-fpm.conf". There are:

chroot = /home/user/www/public_html
chdir = /

In the server section of my: /etc/nginx/sites-available/default:

root /home/user/www/public_html/site.com;
location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param  DOCUMENT_ROOT    /site.com;
    fastcgi_param  SCRIPT_FILENAME  /site.com$fastcgi_script_name;
    fastcgi_param  PATH_TRANSLATED  /site.com$fastcgi_script_name;
}

nginx (or fpm I think) tells me: "File not found". Ok I do following:

root /home/user/www/public_html/site.com;
location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param  DOCUMENT_ROOT    /home/user/www/public_html/site.com;
    fastcgi_param  SCRIPT_FILENAME  /home/user/www/public_html/site.com$fastcgi_script_name;
    fastcgi_param  PATH_TRANSLATED  /home/user/www/public_html/site.com$fastcgi_script_name;
}

And now all works fine. What's wrong with the chroot in fpm? Yeah and by the way - why do it works now when I have set a chroot value! I thought it maybe uses another config but:

# ps aux | grep php
root      4696  0.0  1.3 221452 13768 ?        Ss   16:52   0:00 php-fpm: master process (/etc/php5/fpm/php-fpm.conf)

What's my fault? How to find out what's the root of a problem here? It looks like the chroot here doesn't chroot my system :) Do I need to do something else to get chroot working?

Also I have:

# cat /var/log/nginx/site.com-errors.com.log
2014/12/02 17:11:20 [error] 5472#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: ...., server: site.com, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "site.com"

Ubuntu 14.04:

# php5-fpm -v
PHP 5.5.9-1ubuntu4 (fpm-fcgi) (built: Apr  9 2014 17:11:57)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies

# nginx -v
nginx version: nginx/1.4.6 (Ubuntu)

Looks like the chroot doesn't work anymore in php5-fpm. It was working for me for a while before.

JavaRunner
  • 91
  • 3

2 Answers2

0

So you run a pool in chroot, but your paths are pointing to the directory tree without chroot. You should change the paths in the fastcgi_param options to reflect the actual path inside the chroot, so the chrooted php-fpm gets a proper understanding where to look for the php scripts.

drookie
  • 8,625
  • 1
  • 19
  • 29
  • You mean I need **root /site.com;**? It doen't work because since that I get an error "404 Not Found" from nginx. Not from php-fpm now. And yeah - html file also don't found. So I think the root path is right because when I place there full path - HTML files load fine. But the php-fpm can't load php scripts. I think it's not nginx's problem it's a php-fpm problem. – JavaRunner Dec 02 '14 at 18:20
  • Nah, I mistyped a bit (yeah, you're right). The paths related to the php-fpm. I edited the original answer. – drookie Dec 02 '14 at 18:38
  • But what's wrong with my **fastcgi_param**s? :) The full path is: /home/user/www/public_html/site.com and I've set for chroot-variable a value equals to: /home/user/www/public_html so I use for **fastcgi_param** a prefix: /site.com – JavaRunner Dec 02 '14 at 18:45
  • php-fpm runs chrooted in `/home/user/www/public_html`. Your nginx tells the php-fpm to look for the scripts in `/home/user/www/public_html/site.com` (according to yours nginx.conf), but nginx itself isn't chrooted. So php-fpm tries to look for the scripts in `/home/user/www/public_html/site.com`, and this is relative to it's `/`, which is `/home/user/www/public_html/site.com` itself. So php-fpm actually looks for the scripts in `/home/user/www/public_html/site.com/home/user/www/public_html/site.com` which doesn't exist. That's the reason for the `Primary script unknown`. – drookie Dec 02 '14 at 19:35
  • fastcgi_param is an array of variables which is passed to the php-fpm directly, without translation. that's why you have to translate them yourself between chrooted and non-chrooted environments. – drookie Dec 02 '14 at 19:41
0

I've solved the problem. I didn't make any changes to my configs. I've just done "aptitute update && aptitude upgrade" and voila - now it works with my configs listed above. So I think that was a bug.

JavaRunner
  • 91
  • 3
  • I seriously doubt you solved anything. I bet now your php-fpm just stopped being chrooted. – drookie Dec 03 '14 at 05:34
  • But how can I check it? I see the value of $_SERVER["SCRIPT_FILENAME"] variable from php-script and it tells me: "/site.com/test.php". I think it's chrooted now, right? – JavaRunner Dec 03 '14 at 12:04
  • Seems like it. However, the fastcgi variables array with values like `/home/user/www/public_html/site.com*` is still incorrect for chrooted php-fpm. Only if aptitude has somehow automagically cured your config, but this seems unlikely. – drookie Dec 03 '14 at 12:20
  • But how can I get values of those variables? I tried to find any occurrence something like "www" in the output of "phpinfo()" and there's no any occurence in it! I tried to find "www" because it contains in the full path: "/home/user/www/public_html". Maybe I check it wrong? – JavaRunner Dec 03 '14 at 16:42
  • You told that it's not correct but how the config should looks like? :) – JavaRunner Dec 03 '14 at 16:43
  • Well, the thing is, I can only interpret what you are writing here. According to it, some things just "cannot be". However, you may skip some important things unintentionally, and I can also make mistakes. The only thing still stands- paths inside the chroot eat some major part of host paths. You say you have two opposite alternatives: your php-fpm is running chrooted, and in the same time you are seeing the full non-chrooted paths in your phpinfo(), as the php-fpm sees them. This cannot be - so either I'm wrong in interpreting something, or you omited the part of your configs that changed. – drookie Dec 03 '14 at 16:49