php nginx 错误连接到 php5-fpm.sock 失败(13:权限被拒绝)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23443398/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
nginx error connect to php5-fpm.sock failed (13: Permission denied)
提问by peter
I update nginx to 1.4.7and php to 5.5.12, After that I got the 502 error. Before I update everything works fine.
我将 nginx 更新到1.4.7,将 php更新到5.5.12,之后我收到了502 错误。在我更新之前一切正常。
nginx-error.log
nginx-error.log
2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"
nginx.conf
配置文件
user www www;
worker_processes 1;
location / {
root /usr/home/user/public_html;
index index.php index.html index.htm;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/home/user/public_html$fastcgi_script_name;
include fastcgi_params;
}
回答by Xander
I had a similar error after php update. PHP fixed a security bugwhere ohad rwpermission to the socket file.
php 更新后我遇到了类似的错误。PHP固定一个安全漏洞,其中o有rw权限的套接字文件。
- Open
/etc/php5/fpm/pool.d/www.confor/etc/php/7.0/fpm/pool.d/www.conf, depending on your version. Uncomment all permission lines, like:
listen.owner = www-data listen.group = www-data listen.mode = 0660Restart fpm -
sudo service php5-fpm restartorsudo service php7.0-fpm restart
- 打开
/etc/php5/fpm/pool.d/www.conf或/etc/php/7.0/fpm/pool.d/www.conf,取决于您的版本。 取消注释所有权限行,例如:
listen.owner = www-data listen.group = www-data listen.mode = 0660重新启动 fpm -
sudo service php5-fpm restart或sudo service php7.0-fpm restart
Note: if your webserver runs as user other than www-data, you will need to update the www.conffile accordingly
注意:如果您的网络服务器以 www-data 以外的用户身份运行,您将需要相应地更新www.conf文件
回答by artooro
All the fixes currently mentioned here basically enable the security hole all over again.
目前这里提到的所有修复基本上都重新启用了安全漏洞。
What I ended up doing is adding the following lines to my PHP-FPM configuration file.
我最终做的是将以下几行添加到我的 PHP-FPM 配置文件中。
listen.owner = www-data
listen.group = www-data
Make sure that www-data is actually the user the nginx worker is running as. For debian it's www-data by default.
确保 www-data 实际上是运行 nginx worker 的用户。对于 debian,它默认为 www-data。
Doing it this way does not enable the security problem that this change was supposed to fix.
以这种方式执行此操作并不能解决此更改应该解决的安全问题。
回答by Eric C
@Xander's solution works, but does not persist after a reboot.
@Xander 的解决方案有效,但在重新启动后不会持续存在。
I found that I had to change listen.modeto 0660in /etc/php5/fpm/pool.d/www.conf.
我发现我必须更改listen.mode为0660in /etc/php5/fpm/pool.d/www.conf。
Sample from www.conf:
来自 www.conf 的示例:
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
Edit:Per @Chris Burgess, I've changed this to the more secure method.
编辑:根据@Chris Burgess,我已将其更改为更安全的方法。
I removed the comment for listen.mode, .group and .owner:
我删除了 listen.mode、.group 和 .owner 的评论:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
/var/run Only holds information about the running system since last boot, e.g., currently logged-in users and running daemons. (http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard#Directory_structure).
/var/run 只保存自上次启动以来正在运行的系统的信息,例如,当前登录的用户和正在运行的守护进程。(http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard#Directory_structure)。
Side note:
边注:
My php5-fpm -vReports: PHP 5.4.28-1+deb.sury.org~precise+1. The issue did happen after a recent update as well.
我的php5-fpm -v报告:PHP 5.4.28-1+deb.sury.org~precise+1。该问题也确实发生在最近的更新之后。
回答by aMMT
If you have tried everything in this post but are not having success getting PHP to work, this is what fixed it for my case:
如果你已经尝试了这篇文章中的所有内容,但没有成功让 PHP 工作,这就是我的情况:
Make sure you have these lines uncommented in /etc/php5/fpm/pool.d/www.conf:
确保在 /etc/php5/fpm/pool.d/www.conf 中取消注释这些行:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Make sure /etc/nginx/fastcgi_params looks like this:
确保 /etc/nginx/fastcgi_params 看起来像这样:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there!
我的 /etc/nginx/fastcgi_params 中缺少这两行,请确保它们在那里!
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
Then, restart php5-fpm and nginx. Should do the trick.
然后,重新启动 php5-fpm 和 nginx。应该做的伎俩。
回答by CRHenkie
In fact, "listen.mode" should be: "0660" and not "0666" as Other Writable or Other Readable is never a good choice here.
事实上,“listen.mode”应该是:“0660”而不是“0666”,因为其他可写或其他可读在这里从来都不是一个好的选择。
So try to find out as which user/group your webserver runs. I use CentOs and it runs as user "nginx" So add to your php-fpm.conf:
因此,请尝试找出您的网络服务器以哪个用户/组运行。我使用 CentOs,它以用户“nginx”的身份运行 所以添加到你的 php-fpm.conf 中:
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
finally restart php-fpm
最后重启php-fpm
回答by ?a?atay Gürtürk
Check which user runs nginx. As of Ubuntu 12.04 nginx runs by nginx user which is not a member of www-data group.
检查哪个用户运行 nginx。从 Ubuntu 12.04 开始,nginx 由 nginx 用户运行,该用户不是 www-data 组的成员。
usermod -a -G www-data nginx
usermod -a -G www-data nginx
and restarting nginx and php5-fpm daemons solves the problem.
并重新启动 nginx 和 php5-fpm 守护进程解决了这个问题。
回答by JellicleCat
Alternative to broadening permissions in your php config, you could change the user specified in your nginx config.
除了在 php 配置中扩大权限之外,您还可以更改在 nginx 配置中指定的用户。
On the first line of your nginx.conf excerpt above, the user and group are specified as www and www, respectively.
在上面 nginx.conf 摘录的第一行,用户和组分别指定为 www 和 www。
user www www;
Meanwhile, your php config probably specifies a user and group of www-data:
同时,您的 php 配置可能指定了 www-data 的用户和组:
listen.owner = www-data
listen.group = www-data
You might change the line in your nginx.conf, to any of the following, then:
您可以将 nginx.conf 中的行更改为以下任何一项,然后:
user www-data www;
user www-data www-data; # or any group, really, since you have the user matching
user www www-data; # requires that your php listen.mode gives rw access to the group
回答by Ted Phillips
Consideration must also be given to your individual FPM pools, if any.
还必须考虑您的个人 FPM 池(如果有)。
I couldn't figure out why none of these answers was working for me today. This had been a set-and-forget scenario for me, where I had forgotten that listen.user and listen.group were duplicated on a per-pool basis.
我不明白为什么今天这些答案都不适合我。这对我来说是一个一劳永逸的场景,我忘记了 listen.user 和 listen.group 在每个池的基础上重复。
If you used pools for different user accounts like I did, where each user account owns their FPM processes and sockets, setting only the default listen.owner and listen.group configuration options to 'nginx' will simply not work. And obviously, letting 'nginx' own them all is not acceptable either.
如果您像我一样将池用于不同的用户帐户,其中每个用户帐户都拥有他们的 FPM 进程和套接字,那么仅将默认的 listen.owner 和 listen.group 配置选项设置为“nginx”将根本不起作用。显然,让“nginx”拥有它们也是不可接受的。
For each pool, make sure that
对于每个池,请确保
listen.group = nginx
Otherwise, you can leave the pool's ownership and such alone.
否则,您可以不理会池的所有权等。
回答by LiveWireBT
I just got this error again today as I updated my machine (with updates for PHP) running Ubuntu 14.04. The distribution config file /etc/php5/fpm/pool.d/www.confis fine and doesn't require any changes currently.
我今天在更新运行Ubuntu 14.04 的机器(带有 PHP 更新)时再次遇到此错误。分发配置文件/etc/php5/fpm/pool.d/www.conf很好,目前不需要任何更改。
I found the following errors:
我发现以下错误:
dmesg | grep php
[...]
[ 4996.801789] traps: php5-fpm[23231] general protection ip:6c60d1 sp:7fff3f8c68f0 error:0 in php5-fpm[400000+800000]
[ 6788.335355] traps: php5-fpm[9069] general protection ip:6c5d81 sp:7fff98dd9a00 error:0 in php5-fpm[400000+7ff000]
The strange thing was that I have 2 sites running that utilize PHP-FPM on this machine one was running fine and the other (a Tiny Tiny RSS installation) gave me a 502, where bothhave been running fine before.
奇怪的是,我在这台机器上运行了 2 个使用 PHP-FPM 的站点,一个运行良好,另一个(Tiny Tiny RSS 安装)给了我一个 502,之前两者都运行良好。
I compared both configuration files and found that fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;was missing for the affected site.
我比较了两个配置文件,发现fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;受影响站点缺少该文件。
Both configuration files now contain the following block and are running fine again:
两个配置文件现在都包含以下块并再次正常运行:
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/snippets/fastcgi-php.conf;
}
Update
更新
It should be noted that Ubuntu ships two fastcgi related parameter files and also a configuration snippet which is available since Vivid and also in the PPAversion. The solution was updated accordingly.
应该注意的是,Ubuntu 提供了两个与 fastcgi 相关的参数文件以及一个配置片段,该片段自 Vivid 以来可用,也在PPA版本中可用。相应地更新了解决方案。
Diff of the fastcgi parameter files:
fastcgi 参数文件的差异:
$ diff -up fastcgi_params fastcgi.conf
--- fastcgi_params 2015-07-22 01:42:39.000000000 +0200
+++ fastcgi.conf 2015-07-22 01:42:39.000000000 +0200
@@ -1,4 +1,5 @@
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
Configuration snippet in /etc/nginx/snippets/fastcgi-php.conf
配置片段在 /etc/nginx/snippets/fastcgi-php.conf
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
回答by supershnee
The following simple fix worked for me, bypassing possible permissions issues with the socket.
以下简单修复对我有用,绕过了套接字可能存在的权限问题。
In your nginx config, set fastcgi_pass to:
在您的 nginx 配置中,将 fastcgi_pass 设置为:
fastcgi_pass 127.0.0.1:9000;
Instead of
代替
fastcgi_pass /var/run/php5-fpm.sock;
This must match the listen = parameter in /etc/php5/fpm/pool.d/www.conf, so also set this to:
这必须与 /etc/php5/fpm/pool.d/www.conf 中的 listen = 参数匹配,因此也将其设置为:
listen = 127.0.0.1:9000;
Then restart php5-fpm and nginx
然后重启php5-fpm和nginx
service php5-fpm restart
And
和
service nginx restart
For more info, see: https://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm/
有关更多信息,请参阅:https: //wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm/
