php nginx - 无法打开主脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22090350/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
nginx - Unable to open primary script
提问by user3145965
I got error message:
我收到错误消息:
FastCGI sent in stderr: "Unable to open primary script: /home/messi/web/wordpress/index.php (No such file or directory)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.domain.com
FastCGI sent in stderr: "Unable to open primary script: /home/messi/web/wordpress/index.php (No such file or directory)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.domain.com
here are my configuration files:
here are my configuration files:
/etc/php5/fpm/php.ini
/etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
doc_root =
user_dir =
....
/etc/php5/fpm/php-fpm.conf
/etc/php5/fpm/php-fpm.conf
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf
/etc/php5/fpm/pool.d/www.conf
/etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
security.limit_extensions = .php .php3 .php4 .php5
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
/etc/nginx/nginx.conf
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server_tokens off;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/wordpress
/etc/nginx/sites-enabled/wordpress
server {
listen 80;
server_name www.domain.com;
root /home/messi/web/wordpress;
error_log /var/log/nginx/err.wordpress.log;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Setup user permission:
设置用户权限:
#adduser www-data messi
#chown -R www-data:www-data /home/messi/web
#chmod -R 664 /home/messi/web/wordpress
How can I resolve this? Thanks
我该如何解决这个问题?谢谢
回答by siliconrockstar
SELinux will cause this error on CentOS/RHEL 7+ by default :(
默认情况下,SELinux 将在 CentOS/RHEL 7+ 上导致此错误:(
To test if SELinux is the source of your woes, do
要测试 SELinux 是否是您问题的根源,请执行以下操作
setenforce 0
... and see if everything works. If that fixed it, you can leave SELinux off (weak, you're better than that), or you can turn it back on with
...看看是否一切正常。如果修复了它,你可以关闭 SELinux(弱,你比那更好),或者你可以重新打开它
setenforce 1
... and then properly fix the issue.
...然后正确解决问题。
If you do
如果你这样做
tail -f /var/log/audit/audit.log
... you'll see the SELinux issue. In my case, it was denying PHP-FPM access to web files. You can run the following directives to fix it:
...你会看到 SELinux 问题。就我而言,它拒绝 PHP-FPM 访问 Web 文件。您可以运行以下指令来修复它:
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_network_connect 1
This actually didn't fix it for me at first, but then restoring SELinux context did it
起初这实际上并没有为我修复它,但随后恢复 SELinux 上下文做到了
restorecon -R -v /var/www
Hope that helps.
希望有帮助。
回答by ethanpil
This is likely a permissions problem.
这很可能是权限问题。
Make sure that every parent directory has +x permissions for the user (the nginx user and/or php-fpm user).
You can check these permissions with:
namei -om /path/to/file.If you have symlinks, make sure they point to a valid path.
Make sure chroots have access to the right paths.
Make sure SELinux (e.g. Fedora / Centos) or AppArmor (e.g. Ubuntu) or any other MAC security systems are not interfering with the file access.
For SeLinux: Check /var/log/audit/audit.log or /var/log/messages
For AppArmor: Im not a Ubuntu user and as far as I understand the logging for AppArmor isnt always easy to figure out. You might check here for info: http://ubuntuforums.org/showthread.php?t=1733231
确保每个父目录对用户(nginx 用户和/或 php-fpm 用户)都具有 +x 权限。
您可以使用以下命令检查这些权限:
namei -om /path/to/file。如果您有符号链接,请确保它们指向有效路径。
确保 chroot 可以访问正确的路径。
确保 SELinux(例如 Fedora / Centos)或 AppArmor(例如 Ubuntu)或任何其他 MAC 安全系统不会干扰文件访问。
对于 SeLinux:检查 /var/log/audit/audit.log 或 /var/log/messages
对于 AppArmor:我不是 Ubuntu 用户,据我所知,AppArmor 的日志记录并不总是很容易弄清楚。您可以在这里查看信息:http: //ubuntuforums.org/showthread.php?t=1733231
回答by Zack A
It was SELinux in my case as well. I read some documentation found here:
就我而言,它也是 SELinux。我阅读了一些在这里找到的文档:
https://wiki.centos.org/HowTos/SELinux
https://linux.die.net/man/1/chcon
https://wiki.centos.org/HowTos/SELinux
https://linux.die.net/man/1/chcon
and ended up with the command:
并以命令结束:
chcon -R -v --type=httpd_sys_content_t html/
....this changed the context of the files to the httpd type which is what my web server (Nginx) was running as.
....这将文件的上下文更改为 httpd 类型,这是我的 Web 服务器(Nginx)运行的方式。
You can find what context your web server runs as using:
您可以使用以下方法找到您的 Web 服务器运行的上下文:
ps axZ | grep nginx
....which in my case gave me:
....在我的情况下给了我:
system_u:system_r:**httpd_t**:s0 6246 ? Ss 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
system_u:system_r:**httpd_t**:s0 6249 ? S 0:00 nginx: worker process
Seeing the context of the running service was httpd_t I changed the context of my web site's root folder to that (recursively)
看到正在运行的服务的上下文是 httpd_t 我将我的网站根文件夹的上下文更改为(递归)
The point of SELinux is to only allow services and processes to access files of the same type as them. Since the web server ran as httpd_t than it made sense to set the context of the files/folder in the site to the same.
SELinux 的重点是只允许服务和进程访问与它们相同类型的文件。由于 Web 服务器作为 httpd_t 运行,因此将站点中文件/文件夹的上下文设置为相同是有意义的。
I'm new at this by the way.... But this seemed to be the best approach to me. It kept SELinux enabled, didn't lessen the security of what it does, nad matched up context of the files with the process/service.
顺便说一下,我是新手……但这对我来说似乎是最好的方法。它保持 SELinux 启用,并没有降低它所做的事情的安全性,并且将文件的上下文与进程/服务相匹配。
回答by Taras Cherrniy
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ->
fastcgi_param SCRIPT_FILENAME/home/messi/web/wordpress$fastcgi_script_name;
