I am trying to update my system to PHP7-FPM and nginx, have done all the steps required to have this setup working according to what I found on the web (mostly https://ungeek.be/2016/08/php7-fpm-nginx-debian/, in french), but to no avail: nginx keeps throwing an error 500 page at me and without specific errors / info in the log files.

Nginx version: nginx/1.10.3 (package nginx-full) PHP-FPM version: PHP 7.0.15-1 (dotdeb)

Here are the steps I follow:

  • echo "deb http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list.d/dotdeb.list wget -O-
  • https://www.dotdeb.org/dotdeb.gpg | apt-key add -
  • apt-get update && apt-get upgrade -y
  • apt-get install nginx-full
  • apt-get install php7.0 php7.0-bcmath php7.0-bz2 php7.0-cli php7.0-common php7.0-curl php7.0-dev php7.0-enchant php7.0-fpm php7.0-gd php7.0-geoip php7.0-imagick php7.0-intl php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-sqlite3 php7.0-tidy php7.0-xml php7.0-xmlrpc php7.0-zip
  • configured /etc/php/7.0/fpm/pool.d/bookworm.conf (see configuration below)
  • created and filled /etc/nginx/sites-available/bookworm (see configuration below)
  • ln -s /etc/nginx/sites-available/bookworm /etc/nginx/sites-enabled/
  • service nginx restart && service php7.0-fpm restart

I have tried to debug this, but no error logged neither in /var/logs/nginx/* nor in /var/logs/php7.0-fpm.log (well, nothing regarding the error 500 I get). The only message generated is the following: - - [03/Feb/2017:00:39:53 +0100] "GET /app.php HTTP/1.1" 500 507 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

bookworm site file (some parts are taken from a Symfony recipe available on Nginx' website):

server {
    listen 80 default_server; # with or without, doesn't matter
    server_name some.hostname; # actually set to a resolvable server
    root /opt/git/Bookworm/web/;
    index index.php app.php;

    location / {
      # try to serve file directly, fallback to app.php
      try_files $uri /app.php$is_args$args;
    # DEV
    location ~ ^/(app_dev|config)\.php(/|$) {
         fastcgi_pass unix:/run/php/php7-fpm-pool_bookworm.sock; # the socket file exists
         fastcgi_split_path_info ^(.+\.php)(/.*)$;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         fastcgi_param DOCUMENT_ROOT $realpath_root;
    # PROD
    location ~ ^/app\.php(/|$) {
        fastcgi_pass unix:/run/php/php7-fpm-pool_bookworm.sock; # the socket file exists
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/app.php/some-path
        # Remove the internal directive to allow URIs like this
        # internal; # with or without, doesn't matter

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    #location ~ \.php$ {
#        return 404;
#   }

    error_log /var/log/nginx/bookworm_error.log;
    access_log /var/log/nginx/bookworm_access.log;

    location ~ /\.ht {
         deny all;

The pool (bookworm.conf) file:

user = naeikindus
group = naeikindus

listen = /run/php/php7-fpm-pool_$pool.sock

listen.owner = www-data
listen.group = www-data

process.priority = 0

pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /fpm-status-$pool

catch_workers_output = yes
php_admin_value[error_log] = /var/log/php-fpm/pool_$pool.log
php_admin_flag[log_errors] = on

env[PATH] = /sbin:/bin:/usr/sbin:/usr/bin

A sample of the files' permissions:

ls -lah /opt/git/Bookworm/web
total 64K
drwxr-xr-x  3 naeikindus naeikindus 4.0K Jan 12 22:50 .
drwxr-xr-x 10 naeikindus naeikindus 4.0K Feb  2 22:08 ..
-rw-r--r--  1 naeikindus naeikindus 1.2K Jan 12 22:48 app_dev.php
-rw-r--r--  1 naeikindus naeikindus 2.1K Jan 12 22:48 apple-touch-icon.png
-rw-r--r--  1 naeikindus naeikindus  631 Jan 12 22:48 app.php
drwxr-xr-x  2 naeikindus naeikindus 4.0K Jan 12 22:50 bundles
-rw-r--r--  1 naeikindus naeikindus  21K Jan 12 22:50 config.php
-rw-r--r--  1 naeikindus naeikindus 6.4K Jan 12 22:48 favicon.ico
-rw-r--r--  1 naeikindus naeikindus 3.3K Jan 12 22:48 .htaccess
-rw-r--r--  1 naeikindus naeikindus  116 Jan 12 22:48 robots.txt

l /run/php/php7*
-rw-r--r-- 1 root     root     5 Feb  3 01:01 /run/php/php7.0-fpm.pid
srw-rw---- 1 www-data www-data 0 Feb  3 01:01 /run/php/php7.0-fpm.sock
srw-rw---- 1 www-data www-data 0 Feb  3 01:01 /run/php/php7-fpm-pool_bookworm.sock

The user I'm trying to use (naeikindus) is also a member of the www-data group, just in case.

And finally, php.ini (all the ones I could find, to be honest) declare a correct timezone (you can't be sure enough :-/ ), along with all the display errors I could find. I also tried with cgi.fix_pathinfo=0 / 1, no luck. Both nginx and php-fpm are started.

I also tried with another "dummy" site (no fancy PHP framework, just an old

If anyone here has a solution or ideas, that would help me a great deal. Thanks a lot !


Full output of nginx -V:

nginx version: nginx/1.10.3 built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module --add-module=/usr/src/builddir/debian/modules/nginx-echo --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header --with-ld-opt=-lossp-uuid

Processes information:

ps axuf:
www-data  3798  0.0  0.0 106428  3596 ?        S    14:55   0:00  _ nginx: worker process
naeikin+  3811  0.0  0.1 405828 22680 ?        S    14:55   0:00  _ php-fpm: pool bookworm

Calling directly PHP from the CLI works as intended. No SELinux seems to be available (only the library is installed).

  on Jessie and later there's the systemd journal; try journalctl -xe and see if there's anything from fpm there. Also try netstat -pant and check for evidence of fpm listening and making the correct / expected connections. Finally, look in /var/log for any php or fpm-related log files, and search the conf files related to it for any custom logfile paths (might be in e.g. /usr/share somewhere or elsewhere in /var).
  Logs: nothing out of the ordinary, only messages related to install / services starting. journalctl -xe (or -a) only shows the daemon starting, no issue there either. The netstat command should rather be netstat -lnp since PHPFPM uses unix sockets no ? In which case it does listen: unix 2 [ ACC ] STREAM LISTENING 1632012 25396/php-fpm.conf) /run/php/php7-fpm-pool_bookworm.sock. Finally, I checked the possible log files and no custom ones were created outside nginx & php-fpm files / directories.
  Does this answer help?
  Also here -- make sure you've got log_level=debug and error_log=syslog.
  the catch_workers_output is already set :-/ As for the logs, I changed the level to debug but the only message sent is still the "error 500" in access logs. Watching the output of "service php7.0-fpm status" gave me nothing peculiar either...
The whole configuration is working, but the PHP project isn't. And the logs were, obviously, stored in the project's directory.

I won't delete this question (if someone else thinks it's to be deleted, please do so) because some troubleshooting steps were recommended and I haven't seen them elsewhere (ie. the socat comment); it might also remind people to check the most obvious (yet sometimes overlooked) cause of errors: the project's code itself.

  Thanks for update, I'm glad you figure it out. I thought to advise you to create simplest test PHP file with content that only have <?php phpinfo(); ?> but it looks like you know what are you doing... Well as old wisdom tells: "mistakes usually done by novice and pro only", we all stepped on that.
  You should accept your self-answer here. This is a pretty good question with some good troubleshooting steps.
  I tried the simple PHP file in early stages, when my FPM wasn't even properly connected, and forgot to try once again with a decent setup... :-/ I'm a professional developer, but heh, as you said, "novice and pro" ! And working for the 1rst time with nginx (or whatever that's new to someone) makes oneself go back to the novice stage ;) @ Allquixotic thanks for the reminder ! And thanks both of you for the help.
