nginx 和 php-fpm 套接字所有者
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24325695/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
nginx and php-fpm socket owner
提问by Fez Vrasta
After an update of my system I ran into a bad gateway error of my PHP apps running on Nginx.
更新我的系统后,我遇到了在 Nginx 上运行的 PHP 应用程序的错误网关错误。
1 connect() to unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock:", host: "xx.xx.xx.xx"
1 connect() to unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock failed (13: Permission denied) 连接上游时,客户端:xx.xxx.xx.xx,服务器:localhost ,请求:“GET / HTTP/1.1”,上游:“fastcgi://unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock:”,主机:“xx.xx.xx. xx”
The problem is caused by bad permissions of the php-fpm sockets used, in fact I see /var/run/php-fcgi.sockowned by root:rootbut nginx and php-fpm use as user www-data.
问题是由使用的 php-fpm 套接字的权限错误引起的,实际上我看到/var/run/php-fcgi.sock属于root:root但 nginx 和 php-fpm 作为用户使用www-data。
I've already edited the php-fpm config at /etc/php-fpm.d/www.confwith:
我已经编辑了 php-fpm 配置/etc/php-fpm.d/www.conf:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
but it doesn't solve the problem and when i restart nginx and php-fpm the sockets are created with root:rootas user/group.
但这并没有解决问题,当我重新启动 nginx 和 php-fpm 时,套接字是root:root作为用户/组创建的。
The only way I've found to fix it is to change the owner of the sockets to www-data:www-data manually. But this is not a real solution because everytime I restart my services I've to apply it again.
我发现修复它的唯一方法是手动将套接字的所有者更改为 www-data:www-data。但这不是一个真正的解决方案,因为每次我重新启动我的服务时,我都必须再次应用它。
How can I fix this problem? I'm on CentOS 6.5
我该如何解决这个问题?我在 CentOS 6.5
Edit:
编辑:
I use Ajenti-V to configure my vhosts and my PHP-FPM. It creates a new socket for each website/vhost, and them are set in /etc/php-fpm.conf
我使用 Ajenti-V 来配置我的虚拟主机和 PHP-FPM。它为每个网站/虚拟主机创建一个新的套接字,并将它们设置在/etc/php-fpm.conf
They have this structure:
他们有这样的结构:
[vhostname-php-fcgi-0]
user = www-data
group = www-data
listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
If I add to each entry these strings:
如果我将这些字符串添加到每个条目中:
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
Everything works correctly.
一切正常。
So looks like the www.conf is not included (maybe?). This is my php-fpm.conf:
所以看起来 www.conf 不包括在内(也许?)。这是我的 php-fpm.conf:
[global]
pid = /var/run/php-fpm/php-fpm.pid
error_log = /var/log/php5-fpm.log
[global-pool]
user = www-data
group = www-data
listen = /var/run/php-fcgi.sock
pm = dynamic
pm.start_servers = 1
pm.max_children = 5
pm.min_spare_servers = 1
pm.max_spare_servers = 5
[vhostname-php-fcgi-0]
user = www-data
group = www-data
listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
回答by Jasper N. Brouwer
Config files FPM will read
FPM 将读取的配置文件
/etc/php-fpm.confis the config file FPM will read (on CentOS). If you want FPM to read other config files as well, you need to tell it that.
/etc/php-fpm.conf是 FPM 将读取的配置文件(在 CentOS 上)。如果您还希望 FPM 读取其他配置文件,则需要告诉它。
You can do this by placing the line include=/etc/php-fpm.d/*.confat the bottom of /etc/php-fpm.conf. It will then read everything in the directory /etc/php-fpm.d(that ends with .conf).
您可以通过将线做到这一点include=/etc/php-fpm.d/*.conf,在底部/etc/php-fpm.conf。然后它将读取目录中的所有内容/etc/php-fpm.d(以 结尾.conf)。
Then place the global directives and the include line in /etc/php-fpm.conf. This could look something like this:
然后将全局指令和包含行放在/etc/php-fpm.conf. 这可能看起来像这样:
[global]
pid = /var/run/php-fpm/php-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php-fpm.d/*.conf
And have a separate file in /etc/php-fpm.dfor each pool.
/etc/php-fpm.d每个池都有一个单独的文件。
Example /etc/php-fpm.d/global.conf:
示例/etc/php-fpm.d/global.conf:
[global-pool]
user = www-data
group = www-data
listen = /var/run/php-fcgi.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.start_servers = 1
pm.max_children = 5
pm.min_spare_servers = 1
pm.max_spare_servers = 5
Example /etc/php-fpm.d/vhostname-0.conf:
示例/etc/php-fpm.d/vhostname-0.conf:
[vhostname-php-fcgi-0]
user = www-data
group = www-data
listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
Directives to pay attention to
须注意的指示
Every pool should use a different socket. If you have multiple pools using the same socket you'll get issues.
The directives
userandgroupcontrol the user/group which the FPM process for that pool will run as. These do notspecify the user/group of the socket.The directives
listen.ownerandlisten.groupcontrol the user/group the socket uses for that pool.The pool directives (like
listen.*) will only work for pools. So you can'tuse them in the global section, you have tospecify them for each pool.
每个池都应该使用不同的套接字。如果您有多个池使用同一个套接字,则会出现问题。
指令
user和group控制该池的 FPM 进程将作为其运行的用户/组。这些不指定套接字的用户/组。指令
listen.owner并listen.group控制套接字用于该池的用户/组。池指令(如
listen.*)仅适用于池。所以你不能在全局部分使用它们,你必须为每个池指定它们。
Socket permissions
套接字权限
The permissions 0660 are perfectly fine when listen.ownerand listen.groupare the same as the webserver. You could even use 0600, but one might argue that any user that can operate under the same group as the webserver can also use the socket, so I would use 0660.
权限 0660 在listen.owner与listen.group网络服务器相同时完全没问题。你甚至可以使用 0600,但有人可能会争辩说,任何可以与 web 服务器在同一组下操作的用户也可以使用套接字,所以我会使用 0660。
回答by AnthumChris
NGINX runs as user nginxand php5-fpm as user www-data. Just add nginxto group www-dataand the problem is solved, and nginx can access /var/run/php5-fpm.sock. Works great with Ubuntu 14.04, nginx 1.7.10, PHP 5.5.9-1ubuntu4.6 (fpm-fcgi):
NGINX 以 user 身份运行nginx,php5-fpm 以 user身份运行www-data。加入nginx组www-data就解决了,nginx就可以访问了/var/run/php5-fpm.sock。适用于 Ubuntu 14.04、nginx 1.7.10、PHP 5.5.9-1ubuntu4.6 (fpm-fcgi):
$ sudo usermod -aG www-data nginx
回答by jpcaparas
Just adding here that the listen.acl_usersdirective should be commented, otherwise, it will override the listen.ownerand listen.groupvalues:
只需在此处添加该listen.acl_users指令应该被注释,否则,它将覆盖listen.owner和listen.group值:
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users = apache,nginx
回答by Asle
On my installation, Centos 7.5, Apache with php 7.1 and php 5.6 I had the same problem where I had to manually fix the permissions on the php56-php.fpm.sock(owned by root) after every reboot.
在我的安装中,Centos 7.5,带有 php 7.1 和 php 5.6 的 Apache 我遇到了同样的问题,每次重新启动后我必须手动修复php56-php.fpm.sock(由 root 拥有)的权限。
My config for php56 was here and may be different on your install: /opt/remi/php56/root/etc/php-fpm.d/www.conf
我的 php56 配置在这里,在您的安装中可能会有所不同: /opt/remi/php56/root/etc/php-fpm.d/www.conf
I changed this commented section in the file:
我更改了文件中的此注释部分:
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
Now after restart everything is fine with correct permissions on the socket file. Not sure about the listen.mode. I think 0660also works.
现在重新启动后一切正常,对套接字文件具有正确的权限。不确定listen.mode。我认为0660也有效。
回答by jordan
everybody! That's my issue too. I just changed my fpm user to vagrant, restart my pools and ... it's done! Here comes my conf:
大家!这也是我的问题。我刚刚将我的 fpm 用户更改为 vagrant,重新启动我的池,然后......完成了!这是我的conf:
user = vagrant
group = nginx
listen.owner = vagrant
listen.group = nginx
listen.mode = 0660
Hope it can help someone.
希望它可以帮助某人。
回答by Dimitrios
Hello every one and thanks for help, in my case with Ubuntu server 14.04 nginx and php5-fpm the problem with php-fpm socket owner by root solved by editing the file /etc/php5/fpm/pool.d/www.conf Uncomment the lines:
大家好,感谢您的帮助,在我的情况下,Ubuntu 服务器 14.04 nginx 和 php5-fpm 通过编辑文件 /etc/php5/fpm/pool.d/www.conf 解决了 root 用户的 php-fpm 套接字所有者的问题 取消注释线路:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
From a clear installation nginx owner and group is www-data. I think that the best practice is to look /etc/nginx/nginx.conf and verify that in first line is:
从一个明确的安装 nginx 所有者和组是 www-data。我认为最好的做法是查看 /etc/nginx/nginx.conf 并验证第一行是:
user www-data;
And use the default user, Chears !
并使用默认用户 Cheers !
回答by Tidytrax
Just do it anything else
做别的事
My Config Vagrant / Ubuntu 16 / Nginx 1.13 / PHP-FPM 7.1
我的配置 Vagrant / Ubuntu 16 / Nginx 1.13 / PHP-FPM 7.1
sudo vi /etc/nginx/nginx.conf
Change first line user nginx => user www-data
更改第一行用户 nginx => 用户 www-data
service nginx restart
