V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
NGINX
NGINX Trac
3rd Party Modules
Security Advisories
CHANGES
OpenResty
ngx_lua
Tengine
在线学习资源
NGINX 开发从入门到精通
NGINX Modules
ngx_echo
station
V2EX  ›  NGINX

连不上 PHP -fpm 还是怎么回事 ?

  •  
  •   station · 2020-02-13 19:52:03 +08:00 · 3226 次点击
    这是一个创建于 1772 天前的主题,其中的信息可能已经有所发展或是发生改变。
    文件权限什么的该检查的我都检查了
    https://s2.ax1x.com/2020/02/13/1LqrVA.png

    tail -f /var/log/nginx/error.log 看上去没错误


    nginx.conf

    user nginx;
    worker_processes 2;

    error_log /var/log/nginx/error.log debug;
    pid /var/run/nginx.pid;


    events {
    worker_connections 1024;
    use epoll;
    }


    http {
    include mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 65;

    #gzip on;
    charset utf-8;

    include /etc/nginx/conf.d/*.conf;
    }



    nextcloud.conf

    upstream php-handler {
    server unix:/run/php-fpm/fpm.sock;
    }

    server {
    listen 80;
    server_name localhost;
    # enforce https
    # return 301 https://$server_name:443$request_uri;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant

    #ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    #ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www;

    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last;

    # The following rule is only needed for the Social app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last;

    location = /.well-known/carddav {
    return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
    }
    location = /.well-known/caldav {
    return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
    }

    location /.well-known/acme-challenge { }

    location ^~ /nextcloud {

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location /nextcloud {
    rewrite ^ /nextcloud/index.php;
    }

    location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
    deny all;
    }
    location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
    }

    location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
    fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
    set $path_info $fastcgi_path_info;
    try_files $fastcgi_script_name =404;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    #fastcgi_pass unix:/run/php-fpm/fpm.sock;
    fastcgi_param PATH_INFO $path_info;
    #fastcgi_param HTTPS on;
    # Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    # Enable pretty urls
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
    }

    location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
    try_files $uri/ =404;
    index index.php;
    }

    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
    try_files $uri /nextcloud/index.php$request_uri;
    add_header Cache-Control "public, max-age=15778463";
    # Add headers to serve security related headers (It is intended
    # to have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read
    # into this topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Optional: Don't log access to assets
    access_log off;
    }

    location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
    try_files $uri /nextcloud/index.php$request_uri;
    # Optional: Don't log access to other assets
    access_log off;
    }
    }
    }
    19 条回复    2020-02-14 20:29:10 +08:00
    V69EX
        1
    V69EX  
       2020-02-13 20:04:46 +08:00
    如果所有的可能都排除了,那么,最大的可能就是 SELinux 的策略配置了……
    station
        2
    station  
    OP
       2020-02-13 20:10:21 +08:00
    @V69EX selinux 已经关了
    MeteorCat
        3
    MeteorCat  
       2020-02-13 20:16:13 +08:00 via Android
    是不是 session 用户有问题,检查是不是 yum/apt 安装 php-fpm 的用户组是不是 apache,而你的 nginx 没有修改 session 权限
    station
        4
    station  
    OP
       2020-02-13 20:23:45 +08:00
    @MeteorCat

    user = nginx
    ; RPM: Keep a group allowed to write in log dir.
    group = nginx

    ; The address on which to accept FastCGI requests.
    ; Valid syntaxes are:
    ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
    ; a specific port;
    ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
    ; a specific port;
    ; 'port' - to listen on a TCP socket to all addresses
    ; (IPv6 and IPv4-mapped) on a specific port;
    ; '/path/to/unix/socket' - to listen on a unix socket.
    ; Note: This value is mandatory.
    listen = /run/php-fpm/fpm.sock

    ; Set listen(2) backlog.
    ; Default Value: 511
    ;listen.backlog = 511

    ; Set permissions for unix socket, if one is used. In Linux, read/write
    ; permissions must be set in order to allow connections from a web server.
    ; Default Values: user and group are set as the running user
    ; mode is set to 0660
    listen.owner = nginx
    listen.group = nginx
    listen.mode = 0660
    micao
        5
    micao  
       2020-02-13 20:30:14 +08:00
    @station 看看 fpm.sock 文件在不在那儿?如果用的 php7 的话,sock 文件好像不是默认的。
    station
        6
    station  
    OP
       2020-02-13 20:34:13 +08:00
    @micao 在的

    ls -l /run/php-fpm/fpm.sock

    srw-rw---- 1 nginx nginx 0 2 月 13 07:09 /run/php-fpm/fpm.sock
    MeteorCat
        7
    MeteorCat  
       2020-02-13 20:48:05 +08:00 via Android
    @station 默认 session 目录看看权限组,在 /var/lib/php/session
    station
        8
    station  
    OP
       2020-02-13 20:56:23 +08:00
    @MeteorCat 此目录是空的,该文件夹权限默认 root:apache

    应该是我表达问题有误

    烦请您看一下这张图
    https://s2.ax1x.com/2020/02/13/1LqrVA.png
    MeteorCat
        9
    MeteorCat  
       2020-02-13 21:14:15 +08:00 via Android
    @station 这样信息好少呀,只知道 500 错误
    dilu
        10
    dilu  
       2020-02-14 09:15:42 +08:00
    1. 确认关闭 SeLinux
    2. 确认 nginx 的运行用户
    3. 确认 php-fpm 的运行用户要跟 nginx 一直
    4. 确认代码目录真是存在切存在 index.php 并且文件属于上面两条的用户或者用户组
    5. 确认 sock 文件存在并且上面的用户能 read
    6. server 换成 unix:///run/php-fpm/fpm.sock;
    7. 还是不行请贴一下 debug 下面的 error_log

    你这是在安装 nextcloud 我以前搞过 没遇到你这个问题
    encro
        11
    encro  
       2020-02-14 09:35:58 +08:00
    1,通过 ps 查看 php-fpm 进程的配置文件;
    2,查看 php-fpm 配置文件,开启 fpm 的 access 和 error 日志;
    3,重启 fpm,用 ps 看看是否运行成功;
    4,查看 fpm 日志,是否有请求过来,没有的话,修改监听方式为端口试试;

    一般就楼上的问题:
    1,关闭 SeLinux ;
    2,nginx,fpm,代码,sock 文件,log 目录所属用户一致;
    3,server 换成 unix:///run/php-fpm/fpm.sock;
    station
        12
    station  
    OP
       2020-02-14 17:53:02 +08:00
    @dilu

    1 .确认已关闭 selinux
    2. nginx 和 php-fpm 的运行用户确认一致
    3. nextcloud 的文件夹确实存在于 /var/www 目录下,且用户与用户组为 nginx
    4. sock 文件存在,权限正确
    5. server 换成 unix:///run/php-fpm/fpm.sock; 结果一样的

    2020/02/14 04:51:01 [notice] 1632#1632: start worker processes
    2020/02/14 04:51:01 [notice] 1632#1632: start worker process 1633
    2020/02/14 04:51:01 [notice] 1632#1632: start worker process 1634
    2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:06 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:06 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:06 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    2020/02/14 04:51:06 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
    station
        13
    station  
    OP
       2020-02-14 18:01:05 +08:00
    @encro

    - - 14/Feb/2020:04:45:19 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 61.445 4096 81.37%
    - - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 5.365 2048 0.00%
    - - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.944 2048 0.00%
    - - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.700 2048 0.00%
    - - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 1.014 2048 0.00%
    - - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 3.086 2048 324.04%
    - - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 0.341 2048 0.00%
    - - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 2.090 2048 0.00%
    - - 14/Feb/2020:04:51:06 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 0.343 2048 0.00%
    - - 14/Feb/2020:04:51:06 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.010 2048 0.00%
    station
        14
    station  
    OP
       2020-02-14 18:04:00 +08:00
    @encro

    [14-Feb-2020 04:32:54] NOTICE: fpm is running, pid 919
    [14-Feb-2020 04:32:54] NOTICE: ready to handle connections
    [14-Feb-2020 04:32:54] NOTICE: systemd monitor interval set to 10000ms
    [14-Feb-2020 04:43:39] NOTICE: Terminating ...
    [14-Feb-2020 04:43:39] NOTICE: exiting, bye-bye!
    [14-Feb-2020 04:43:39] NOTICE: fpm is running, pid 1607
    [14-Feb-2020 04:43:39] NOTICE: ready to handle connections
    [14-Feb-2020 04:43:39] NOTICE: systemd monitor interval set to 10000ms
    encro
        15
    encro  
       2020-02-14 18:05:14 +08:00
    @station 这是程序出错了,和 nginx 配置已经无关,开启 notice 级别错误提示
    msg7086
        16
    msg7086  
       2020-02-14 18:05:40 +08:00
    500 错误不就是连上了么……
    encro
        17
    encro  
       2020-02-14 18:26:40 +08:00
    500 应用程序错误,
    你开启 fpm 的 access log 看下。
    开启 php.ini 的 display_error=ON,error_reporting=E_ALL

    将 index.php 改为 <?php echo 'hello';exit; 测试

    如果不是很会环境配置的话,建议用宝塔吧。
    station
        18
    station  
    OP
       2020-02-14 18:36:59 +08:00
    @encro 上面贴出来的, 我看了下 php-fpm.conf 配置文件默认: log_level = notice


    @msg7086 不是专业的,所以不怎么懂( 已尽力百度 )
    encro
        19
    encro  
       2020-02-14 20:29:10 +08:00
    @station

    php-fpm.conf 还有一个 access log 默认是不开启的

    php_flag[display_errors] = on
    php_admin_value[error_log] = /var/log/php-fpm/www-error.log
    php_admin_flag[log_errors] = on


    access.log string
    Access log 文件。 默认值:不设置

    access.format string
    access log 的格式。 默认值: "%R - %u %t \"%m %r\" %s"

    access.log = log/$pool.access.log
    #每一个请求的访问日志,默认是关闭的。
    access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
    #设定访问日志的格式。

    [php-fpm 配置详解]( https://juejin.im/entry/5870bc8961ff4b005c3c47ec)
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2842 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 19ms · UTC 08:39 · PVG 16:39 · LAX 00:39 · JFK 03:39
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.