Using ProxyPassMatch for FastCGI, results in connection refused on port 9000

Question

I'm not certain if this is a php, apache, or iptables configuration issue but I receive the following error when trying to access a .php file. Please let me know if you need more information to help me diagnose, I'm at a loss for what to check next. Thank you.

error.log:

[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed
[Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1

I followed this guide and an running PHP 5.5.9 and Apache 2.4.7

I do have the mod_proxy and mod_proxy_so modules loaded:

# grep LoadModule /etc/apache2/apache2.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so

Here is the ProxyPassMatch directive:

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1

I have also tried to use UDS with the following directive, but the apache config test complains about an absolute url:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/

Here is iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-   unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:finger
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5   LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Check if `php-fpm` not running via **socket**. Try `netstat -tulpn | grep 9000` — masegaloeh, May 09 '14 at 02:38
Thanks @masegaloeh. It was not running so I looked at `pool.d/www.conf` and, sure enough, it was not listening on `127.0.0.1:9000`. It's working after editing it. If you care to phrase that as an answer I'll accept. — Chris Rockwell, May 09 '14 at 13:31

masegaloeh · Accepted Answer · 2014-05-09T13:38:26.550

5

Check if PHP-FPM is running. The error log says that apache can't make connection to 127.0.0.1:9000. Make it running and (maybe) the error will go.

Also check if PHP-FPM running via socket. Maybe it's running but not listening in TCP/IP stack.

edited May 09 '14 at 13:38

answered May 09 '14 at 02:34

masegaloeh

17,978
9
56
104

2

Thanks - `php-fpm` was set to listen to the `.sock` so modifying the `pool.d/www.conf` file to have `listen=127.0.0.1:9000` solved it. – Chris Rockwell May 09 '14 at 14:37

score 3 · Answer 2 · answered Jun 12 '17 at 18:24

Per Chris's comment, I just wanted to add if apache/php does support socket connections (looks like if apache > 2.4.10, it can support it), you can also change to use that in your apache config. I checked the php vi /etc/php/7.0/fpm/pool.d/www.conf file to see what socket listening to in the listen line:

listen = /run/php/php7.0-fpm.sock

Then added that to my /etc/apache2/sites-enabled/000-default.conf file (or whatever website you want to enable on)...

<FilesMatch \.php$>
    # 2.4.10+ can proxy to unix socket
    # SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/"

    # Else we can just use a tcp socket:
    # SetHandler "proxy:fcgi://127.0.0.1:9000"

    SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>

Then restart the web server and then index.php shows up for me:

sudo service apache2 restart

Using ProxyPassMatch for FastCGI, results in connection refused on port 9000

2 Answers2