502 - Bad Gateway / "connection refused while connecting to upstream" through a fully unrestricted unix socket

Question

TL;DR :

I have an application consisting in a nginx container linked to a php container and I get a connection refused (502 - Bad Gateway in the browser) if I try to reach my app while using a fully unrestricted (0777 mode) unix socket that both containers have access to.

I use docker-compose to manage my app and it runs on OSX with a docker-machine.

My problem :

I've set up a little project with two containers (nginx+php) and it works well with TCP sockets.

But I'd like to switch to unix sockets, and I get a 502 - Bad Gateway and the following logs when trying to reach my app :

nginx_1    | 2017/07/27 19:12:09 [error] 5#5: *1 connect() to unix:/sock/php.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.99.1, server: 192.168.99.100, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/sock/php.sock:", host: "192.168.99.100:10080"
nginx_1    | 192.168.99.1 - - [27/Jul/2017:19:12:09 +0000] "GET / HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0"
nginx_1    | 192.168.99.1 - - [27/Jul/2017:19:12:09 +0000] "GET /favicon.ico HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0"

I've made the directory containing the sockets a named volume mounted on both containers (cf. docker-compose.yml bellow)

I don't understand why since the unix socket is accessible from both containers and is fully unrestricted :

From the php container :

/sock # ls -la
total 8
drwxrwxrwx    2 root     root          4096 Jul 27 17:56 .
drwxr-xr-x   57 root     root          4096 Jul 27 17:33 ..
-rwxrwxrwx    1 root     root             0 Jul 27 17:30 php.sock

From the nginx container :

# cd /sock
# ls -la
total 8
drwxrwxrwx  2 root root 4096 Jul 27 17:56 .
drwxr-xr-x 31 root root 4096 Jul 27 17:33 ..
-rwxrwxrwx  1 root root    0 Jul 27 17:30 php.sock

I checked : modifying the /sock content in one container modifies also the content of the same directory in the other container.

What could the problem be?

Details about my project :

My project consists in the following arborescence :

.
├── docker-compose.yml
├── index.php
├── services
│   ├── app
│   │   └── Dockerfile
│   └── nginx
│       └── nginx.conf
├── [Other php sources files and directories]
└── static
    └── foo.html

Here is my docker-compose.yml :

version: '3'
services:
  db:   # I have no problem with the DB so far.
    image: mysql
    environment:
      - MYSQL_ROOT_PASSWORD=XXXXXXXX
      - MYSQL_USER=XXXXXXXX
      - MYSQL_PASSWORD=XXXXXXXX
      - MYSQL_DATABASE=XXXXXXXX
    volumes:
      - /var/lib/app/app_DB:/var/lib/mysql
  nginx:
    image: nginx
    volumes:
      - /var/lib/app/media:/var/www/media:ro
      - /Users/vmonteco/Code/web/app/static:/var/www/static:ro
      - /Users/vmonteco/Code/web/app/services/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /Users/vmonteco/Code/web/app:/var/www/html:ro
      - unix_socket:/sock
    ports:
      - "10080:80"
      - "10443:443"
  app:
    build:
      context: services/app
    # ports:
    #   - "19000:9000"
    links:
      - db
    volumes:
      - /var/lib/app/media:/var/www/media
      - /Users/vmonteco/Code/web/app/static:/var/www/static:ro
      - /Users/vmonteco/Code/web/app:/var/www/html:ro
      - unix_socket:/sock
    depends_on:
      - db

volumes:
  unix_socket:

Here is the app Dockerfile :

FROM php:7.1-fpm-alpine

RUN docker-php-ext-install pdo pdo_mysql
RUN mkdir /sock && chmod -R 777 /sock
VOLUME /sock
RUN sed -i '/;listen.mode = 0660/c\listen.mode = 0777' /usr/local/etc/php-fpm.d/www.conf && sed -i '/listen = 127.0.0.1:9000/c\listen = /sock/php.sock' /usr/local/etc/php-fpm.d/www.conf

The nginx configuration file :

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    root     /var/www/html/;

    server {
        listen              80;
        server_name         192.168.99.100;

        location /media/ {
            alias           /var/www/media/;
            autoindex       off;
        }

        location /static/ {
            alias           /var/www/static/;
            autoindex       off;
        }

        location / {
            try_files $uri $uri/ /index.php;
            index  index.html index.php;
        }

        location ~ \.php$ {
            #try_files $uri =404;
            #fastcgi_pass 192.168.99.100:19000;
            fastcgi_pass unix:/sock/php.sock;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param  HTTPS              off;
            fastcgi_index index.php;
        }
    }
}

(note that I have no problem to access /static/ or /media/ URLs.)

And all the uncommented lines in /usr/local/etc/php-fpm.d/www.conf file in the php container, that is modified at build :

[www]
user = www-data
group = www-data
listen = /sock/php.sock
listen.mode = 0777
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Answer 1

I finally found the explanation :

The file to configure the fpm service wasn't /usr/local/etc/php-fpm.d/www.conf (or at least not only), but it was /usr/local/etc/php-fpm.d/zz-docker.conf :

[global]
daemonize = no

[www]
listen = [::]:9000

Modifying the listen directive in this file solved the problem.