I am trying to update my system to PHP7-FPM and nginx, have done all the steps required to have this setup working according to what I found on the web (mostly https://ungeek.be/2016/08/php7-fpm-nginx-debian/, in french), but to no avail: nginx keeps throwing an error 500 page at me and without specific errors / info in the log files.
Nginx version: nginx/1.10.3 (package nginx-full) PHP-FPM version: PHP 7.0.15-1 (dotdeb)
Here are the steps I follow:
- echo "deb http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list.d/dotdeb.list wget -O-
- https://www.dotdeb.org/dotdeb.gpg | apt-key add -
- apt-get update && apt-get upgrade -y
- apt-get install nginx-full
- apt-get install php7.0 php7.0-bcmath php7.0-bz2 php7.0-cli php7.0-common php7.0-curl php7.0-dev php7.0-enchant php7.0-fpm php7.0-gd php7.0-geoip php7.0-imagick php7.0-intl php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-sqlite3 php7.0-tidy php7.0-xml php7.0-xmlrpc php7.0-zip
- configured /etc/php/7.0/fpm/pool.d/bookworm.conf (see configuration below)
- created and filled /etc/nginx/sites-available/bookworm (see configuration below)
- ln -s /etc/nginx/sites-available/bookworm /etc/nginx/sites-enabled/
- service nginx restart && service php7.0-fpm restart
I have tried to debug this, but no error logged neither in /var/logs/nginx/* nor in /var/logs/php7.0-fpm.log (well, nothing regarding the error 500 I get). The only message generated is the following:
127.0.0.1 - - [03/Feb/2017:00:39:53 +0100] "GET /app.php HTTP/1.1" 500 507 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
bookworm site file (some parts are taken from a Symfony recipe available on Nginx' website):
server {
listen 80 default_server; # with or without, doesn't matter
server_name some.hostname; # actually set to a resolvable server
root /opt/git/Bookworm/web/;
index index.php app.php;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/run/php/php7-fpm-pool_bookworm.sock; # the socket file exists
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/run/php/php7-fpm-pool_bookworm.sock; # the socket file exists
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
# internal; # with or without, doesn't matter
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
#location ~ \.php$ {
# return 404;
# }
error_log /var/log/nginx/bookworm_error.log;
access_log /var/log/nginx/bookworm_access.log;
location ~ /\.ht {
deny all;
}
}
The pool (bookworm.conf) file:
[bookworm]
user = naeikindus
group = naeikindus
listen = /run/php/php7-fpm-pool_$pool.sock
listen.owner = www-data
listen.group = www-data
process.priority = 0
pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /fpm-status-$pool
catch_workers_output = yes
php_admin_value[error_log] = /var/log/php-fpm/pool_$pool.log
php_admin_flag[log_errors] = on
env[PATH] = /sbin:/bin:/usr/sbin:/usr/bin
A sample of the files' permissions:
ls -lah /opt/git/Bookworm/web
total 64K
drwxr-xr-x 3 naeikindus naeikindus 4.0K Jan 12 22:50 .
drwxr-xr-x 10 naeikindus naeikindus 4.0K Feb 2 22:08 ..
-rw-r--r-- 1 naeikindus naeikindus 1.2K Jan 12 22:48 app_dev.php
-rw-r--r-- 1 naeikindus naeikindus 2.1K Jan 12 22:48 apple-touch-icon.png
-rw-r--r-- 1 naeikindus naeikindus 631 Jan 12 22:48 app.php
drwxr-xr-x 2 naeikindus naeikindus 4.0K Jan 12 22:50 bundles
-rw-r--r-- 1 naeikindus naeikindus 21K Jan 12 22:50 config.php
-rw-r--r-- 1 naeikindus naeikindus 6.4K Jan 12 22:48 favicon.ico
-rw-r--r-- 1 naeikindus naeikindus 3.3K Jan 12 22:48 .htaccess
-rw-r--r-- 1 naeikindus naeikindus 116 Jan 12 22:48 robots.txt
l /run/php/php7*
-rw-r--r-- 1 root root 5 Feb 3 01:01 /run/php/php7.0-fpm.pid
srw-rw---- 1 www-data www-data 0 Feb 3 01:01 /run/php/php7.0-fpm.sock
srw-rw---- 1 www-data www-data 0 Feb 3 01:01 /run/php/php7-fpm-pool_bookworm.sock
The user I'm trying to use (naeikindus) is also a member of the www-data group, just in case.
And finally, php.ini (all the ones I could find, to be honest) declare a correct timezone (you can't be sure enough :-/ ), along with all the display errors I could find. I also tried with cgi.fix_pathinfo=0 / 1, no luck. Both nginx and php-fpm are started.
I also tried with another "dummy" site (no fancy PHP framework, just an old
If anyone here has a solution or ideas, that would help me a great deal. Thanks a lot !
----EDIT----
Full output of nginx -V:
nginx version: nginx/1.10.3 built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module --add-module=/usr/src/builddir/debian/modules/nginx-echo --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header --with-ld-opt=-lossp-uuid
Processes information:
ps axuf:
www-data 3798 0.0 0.0 106428 3596 ? S 14:55 0:00 _ nginx: worker process
naeikin+ 3811 0.0 0.1 405828 22680 ? S 14:55 0:00 _ php-fpm: pool bookworm
Calling directly PHP from the CLI works as intended. No SELinux seems to be available (only the library is installed).
journalctl -xe
and see if there's anything from fpm there. Also trynetstat -pant
and check for evidence of fpm listening and making the correct / expected connections. Finally, look in/var/log
for any php or fpm-related log files, and search the conf files related to it for any custom logfile paths (might be in e.g. /usr/share somewhere or elsewhere in /var).log_level=debug
anderror_log=syslog
.