0

I am having a really puzzling issue with my nginx config. I keep seeing this error:

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
client: 76.14.172.29, server: apistaging.mydomain.com, request: 
"GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "apistaging.mydomain.com"

I did try the suggestions in this question and also this one but nothing has worked. I am asking as a separate question in the hope that someone can help me out (after 2 days stuck on this).

This is my nginx/sites/available/apistaging.mydomain.com.conf file:

server {
        server_name apistaging.mydomain.com;

        # make sure you point to a laravel or wordpress public directory containing an index.php file
        root /home/domains/apistaging.mydomain.com/public/current/public;

        # From https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#host-multiple-websites
        # This link may be outdated. adding 'main' and 'error' makes nginx crap out
        #access_log   /home/domains/apistaging.mydomain.com/log/apistaging.mydomain.access.log;
        error_log   /home/domains/apistaging.mydomain.com/log/apistaging.mydomain.error.log;

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#limit-or-disable-content-embedding
        add_header X-Frame-Options "SAMEORIGIN";

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#cross-site-scripting-xss-filter
        add_header X-XSS-Protection "1; mode=block";

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#disable-content-sniffing
        add_header X-Content-Type-Options "nosniff";

        index index.html index.htm index.php;

        charset utf-8;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        #error_page 404 /index.php;
        # create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
        error_page 404 /custom_404.html;
        location = /custom_404.html {
            root /etc/nginx/sites-available/custom_nginx_error_pages;
            internal;
        }

        location ~ \.php$ {
                # After installation of php-fpm, check in /var/run/php/ for a fpm sock file like: /var/run/php/php7.3-fpm.sock
                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.(?!well-known).* {
                deny all;
        }

        # From https://www.linode.com/docs/web-servers/nginx/nginx-installation-and-basic-setup/#static-content-compression
        # Note that gzip has security vulnerabilities and it used to be off by default in the base nginx.conf file (oddly it is set to on by default now)
        # Make sure that gzip is set / enabled only in server{} blocks for individual site configs, not globally in nginx.conf.
        # Though gzip directives can go in the http block if you want it to apply to all sites served by NGINX, it’s safer to use it only inside server blocks for individual sites and content types
        gzip on;
        gzip_types text/plain text/css image/* application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        #listen 443 ssl http2 ipv6only=on; # managed by Certbot (not sure if we support ipv6 yet)
        listen 443 ssl http2; # managed by Certbot, modified to add http2

        #Install SSL certificates and configure https:// on a per-domain-basis by running:
        #sudo certbot --nginx
        #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)

        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/apistaging.mydomain.com-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/apistaging.mydomain.com-0002/privkey.pem; # managed by Certbot

}

server {
    server_name apistaging.mydomain.com;

    if ($host = apistaging.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot
}
kp123
  • 101
  • It's appears to be looking for `/home/domains/apistaging.mydomain.com/public/current/public/index.php`. Is there a file at that location? Also, you are [passing uncontrolled requests to PHP](https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php). – Richard Smith May 16 '20 at 19:26
  • @RichardSmith yes the file exists at the location, that is not the problem. – kp123 May 17 '20 at 18:40

1 Answers1

0

You're probably facing bug or feature ticket 321 : try_files clears $fastcgi_path_info. Add this before your try_files:

# Save the $fastcgi_path_info before try_files clear it
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
Gerard H. Pille
  • 2,469
  • 1
  • 12
  • 10