2

I'm using Nginx 1.5.12.1 with PHP-FPM for PHP 5.6.5 on CentOS 6.6 x64. When I visit any page, I get a 404 with the error:

File not found.

My PHP-FPM error log doesn't say anything useful, but my Nginx error log:

2015/04/02 10:25:44 [error] 24689#0: *35 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.31.42.64, server: _, request: "GET /_index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.dev.example.com"

At this point, you are probably thinking that SCRIPT_FILENAME is configured incorrectly. It's not, or at least appears correct to me. If I fire up a packet sniffer and dig into the connection between Nginx and PHP-FPM, I can see that the variables are set correctly:

  • SCRIPT_FILENAME is /opt/example/_index.php
  • SCRIPT_NAME is /_index.php
  • DOCUMENT_ROOT is /opt/example
  • REQUEST_URI is /_index.php
  • DOCUMENT_URI is /_index.php

The script is indeed located at /opt/example/_index.php, and the document root is /opt/example. Do you see anything wrong with those variables, as passed to PHP-FPM?

Assuming that they are correct, I guessed that PHP-FPM didn't have access to the files. I set everything to 777, including the entire example directory. That didn't solve the problem.

What are some other reasons that PHP-FPM would return "Primary script unknown"? How can I further debug the situation? Are there any other permissions that PHP-FPM needs to do it's work?

Edit: I've found that if I run PHP-FPM as root, my problem is resolved, so this is going to be some sort of permissions problem but I don't know what since the scripts and directories they are in are wide open.

Brad
  • 1,389
  • 20
  • 43
  • Please post the nginx `server` block, and the basic information about the server. – Michael Hampton Apr 02 '15 at 15:50
  • @MichaelHampton The server config is spread out over 40 files, some of which are quite involved. There's a lot going on with this box. Fortunately, we can see the effective config from tcpdump between Nginx and PHP-FPM, so the actual Nginx config itself isn't relevant. My question is on what else causes this error outside of a file missing. Through more debugging since this post, I've also found that running PHP-FPM as root solves the problem, so I think the issue is definitely permissions related... I just need to figure out what else PHP-FPM needs, since the scripts themselves are `777`. – Brad Apr 02 '15 at 16:01
  • And the most basic information about the server? Linux distribution, version, software versions, etc? – Michael Hampton Apr 02 '15 at 16:05
  • @MichaelHampton I already have the PHP version and general platform in my post which is seemingly all that's relevant to answer my question, but I'll add the other details to satisfy your request. To clarify, my question isn't on how to fix the problem, it's how to debug it. I don't expect that anyone would be able to immediately solve this without touching the box. The question is **purely** about PHP-FPM and what it needs to run properly. I'm not looking for someone to debug my permissions issues, just to explain how PHP-FPM works internally in this case. – Brad Apr 02 '15 at 16:13
  • Yes, those details are important. I don't know why you would think they're irrelevant. In any case, check `/var/log/audit/audit.log`. – Michael Hampton Apr 02 '15 at 16:18

1 Answers1

1

SELinux was enabled and preventing all filesystem access for the user that PHP-FPM was running as. Changing this resolved the issue.

This was visible by checking /var/log/audit/audit.log as suggested in the comments by Michael Hampton.

Brad
  • 1,389
  • 20
  • 43