0

(I see there are several existing questions about 403 errors and one or two of the rest of the parts of my configuration, but nothing that seems to match up to my exact situation that I've seen so far, and I'm unsure how to proceed as a result.)

I have a staging site on a CentOS 7 server (CentOS Linux release 7.6.1810 (Core)) running Apache/2.4.6. The root of the site is /var/www/<sitename>/web-ssl. It's a Drupal 8.6.12 site, PHP 7.1.27.

Today, I performed the following steps to change apache from using prefork MPM to event MPM, and to use php-fpm:

1) ran yum install php71w-fpm

2) added SetHandler "proxy:fcgi://127.0.0.1:9000" to /etc/httpd/conf.d/php.conf (the full content of my php.conf is as follows):

#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php7-script .php
AddType text/html .php
SetHandler "proxy:fcgi://127.0.0.1:9000"

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

#
# Apache specific PHP configuration options
# those can be override in each configured vhost
#
php_value session.save_handler "files"
php_value session.save_path    "/var/lib/php/session"
php_value soap.wsdl_cache_dir  "/var/lib/php/wsdlcache"

3) Uncommented the mpm_event line in 00-mpm.conf, commented out the mpm_prefork line

4)

systemctl enable php-fpm
systemctl start php-fpm
systemctl restart httpd

In /etc/php-fpm.d/, in both www.conf and <sitename>.conf I have the uncommented lines user = apache and group = apache and listen = 127.0.0.1:9000.

My site is running, but all JS and CSS files are now failing to load with 403 errors. The owner and group on these files are both "apache". As Drupal uses tons of these files I did not check the permission values on each individual file, but this is occurring with at least both 755 and 644. I myself did not change any file permissions today.

I think this is related to the proxy line in php.conf, but I have no idea what to do about that.

s11111
  • 151
  • 6
  • 2
    It looks like you need a `` (or `ProxyPassMatch`) to only match your *.php requests. See the Proxy via handler examples [here](https://wiki.apache.org/httpd/PHP-FPM#Proxy_via_handler) and [here](https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#examples) (scroll down a bit). – Freddy Apr 16 '19 at 22:27
  • Thank you @Freddy! That fixed it for me! If you post that as an answer I will accept it. – s11111 Apr 17 '19 at 14:18
  • 1
    You fixed it, I don't know what you changed in your config. So please answer it yourself! I think you can accept it after 2 days. But you'll get an upvote from me :) – Freddy Apr 17 '19 at 14:39

1 Answers1

1

I was able to fix it at Freddy's suggestion by surrounding the SetHandler "proxy:fcgi://127.0.0.1:9000" in /etc/httpd/conf.d/php.conf with a FilesMatch clause:

<FilesMatch "\.php$">
    <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:fcgi://127.0.0.1:9000"
    </If>
</FilesMatch>
s11111
  • 151
  • 6