2

Can't get it work. I've been reading the forums and trying here and there. It's a fresh installation on AWS Linux2 AMI (redhat based), installed wordpress at /var/www/wordpress, set permissions, have a phpinfo.php with 775 in there that can't access either (logs below). I only get a http 200 while going to myhostname, nginx landing page. Files have proper permissions as well, process running as nginx, tried changing listen.mode, vhost conf, but nothing, will keep trying. Any help would be much appreciated, let me know if there's a file or settings missing:

vhost: /etc/nginx/sites-available/wp

server {
    listen 80;
    server_name myhostname;
    root /var/www/wordpress/;
    charset utf-8;

    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location ~ \.php$ {
        fastcgi_intercept_errors on;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        include fastcgi_params;
    }

    location ~ /\. {
        deny all;
    }

    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }
}

php-fpm: /etc/php-fpm.d/www.conf

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php-fpm/php-fpm.sock
;listen = 127.0.0.1:9000
access.log = /var/log/$pool.access.log

; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users = nginx
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1

nginx error.log:

2018/07/05 17:32:45 [error] 8322#0: *4 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: myPC-IP, server: _, request: "GET /wp-admin/install.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "myhostname"
2018/07/05 17:40:41 [error] 8322#0: *9 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: myPC-IP, server: _, request: "GET /phpinfo.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "myhostname"

/var/log/www.access.log:

- -  05/Jul/2018:17:32:45 +0000 "GET /wp-admin/install.php" 404
- -  05/Jul/2018:17:40:41 +0000 "GET /phpinfo.php" 404

nginx conf.d/php-fpm.conf:

# PHP-FPM FastCGI server
# network or unix domain socket configuration

upstream php-fpm {
        server unix:/run/php-fpm/php-fpm.sock;
}
Rancor
  • 43
  • 1
  • 1
  • 7
  • SELinux blocking it? Temporarily disable it and restart services, then see if the issue is resolved. – Miuku Jul 05 '18 at 17:59
  • Hi, It's disabled already. – Rancor Jul 05 '18 at 18:01
  • How about adding root parameter to your php block as well? Under location ~ \.php$ { add root /var/www/wordpress/; – Miuku Jul 05 '18 at 18:14
  • Thanks, just tried it and didn't work. Weird, everything seems to be in place. But obviously it's not, ha. – Rancor Jul 05 '18 at 18:46
  • Use `nginx -T` to confirm the configuration `nginx` is actually using. The server name in the error log entry does not match your configuration file. – Richard Smith Jul 05 '18 at 22:29
  • It's using /etc/nginx/nginx.conf . Should return my vhost at sites-available, right? – Rancor Jul 06 '18 at 00:52
  • Add an include line at http block at nginx.conf file so it takes sites-enabled/* But still, no result, now I'm getting a 502: `2018/07/06 15:50:21 [crit] 3906#0: *15 connect() to unix:/var/run/php/php-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: myPCIP, server: myhostname, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php-fpm.sock:", host: "myhostname"` – Rancor Jul 06 '18 at 15:52

2 Answers2

1

I solved this problem by closing SELINUX in CentOS7.3 system

steps:

  • exec setenforce 0

  • also need to close in config file

    vim /etc/selinux/config set SELINUX to disabled

Community
  • 1
Kent
  • 31
  • 3
  • 1
    Hi and welcome to ServerFault! Are you sure that disabling SElinux is the only solution? I'm sure it's possible to configure SElinux to play nice, and it's not always good practice to simply disable security measures in order to make something work. – jornane Mar 13 '19 at 12:07
  • @jornane I am not sure. But I tried many ways after I search in google for a whole day.It is the only one work for me. I think there are many polices can protect ur host, such as put the php server in intranet, limit the access ip and so on. I usually set selinux closed after host first setting. sometimes it bring some failures. +_+ [Another page for this issue](https://serverfault.com/questions/517190/nginx-1-fastcgi-sent-in-stderr-primary-script-unknown?rq=1) The most solution is not suit for me – Kent Mar 14 '19 at 10:26
  • this helped me, thank you! – michnovka Nov 08 '20 at 23:06
0

Solved:

This is the vhost now, super simple (I just need to test some things, it's not prod):

server {
  server_name myec2hostname;
  listen 80;
  root /var/www/wordpress/;
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
  index index.php;

    location ~ \.php$ {
        root /var/www/wordpress/;
        fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }


    location ~ /\.ht {
      deny  all;
    }
}

The php-fpm.conf file remained the same: nginx as user/group, listen on unix socket, listen.mode 0660, make sure to have the same location for the socket file at your nginx settings (/etc/nginx/conf.d/php-fpm.conf) and if nginx.conf (located at /etc/nginx/) doesn't point to the location of your vhost files, make sure to add it, in my case, at http block, I added:

include /etc/nginx/sites-enabled/*;

Finally, looked for a simple vhost conf and found this: http://www.matbra.com/2016/12/07/install-nginx-php-on-amazon-linux.html Which I used for the php handling part.

Rancor
  • 43
  • 1
  • 1
  • 7