连不上 PHP -fpm 还是怎么回事 ?

2020-02-13 19:52:03 +08:00
 station
文件权限什么的该检查的我都检查了
https://s2.ax1x.com/2020/02/13/1LqrVA.png

tail -f /var/log/nginx/error.log 看上去没错误


nginx.conf

user nginx;
worker_processes 2;

error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
use epoll;
}


http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;

keepalive_timeout 65;

#gzip on;
charset utf-8;

include /etc/nginx/conf.d/*.conf;
}



nextcloud.conf

upstream php-handler {
server unix:/run/php-fpm/fpm.sock;
}

server {
listen 80;
server_name localhost;
# enforce https
# return 301 https://$server_name:443$request_uri;

# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant

#ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
#ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /var/www;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last;

# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last;

location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}

location /.well-known/acme-challenge { }

location ^~ /nextcloud {

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

location /nextcloud {
rewrite ^ /nextcloud/index.php;
}

location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass unix:/run/php-fpm/fpm.sock;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;

# Optional: Don't log access to assets
access_log off;
}

location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}
3031 次点击
所在节点    NGINX
19 条回复
V69EX
2020-02-13 20:04:46 +08:00
如果所有的可能都排除了,那么,最大的可能就是 SELinux 的策略配置了……
station
2020-02-13 20:10:21 +08:00
@V69EX selinux 已经关了
MeteorCat
2020-02-13 20:16:13 +08:00
是不是 session 用户有问题,检查是不是 yum/apt 安装 php-fpm 的用户组是不是 apache,而你的 nginx 没有修改 session 权限
station
2020-02-13 20:23:45 +08:00
@MeteorCat

user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php-fpm/fpm.sock

; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
micao
2020-02-13 20:30:14 +08:00
@station 看看 fpm.sock 文件在不在那儿?如果用的 php7 的话,sock 文件好像不是默认的。
station
2020-02-13 20:34:13 +08:00
@micao 在的

ls -l /run/php-fpm/fpm.sock

srw-rw---- 1 nginx nginx 0 2 月 13 07:09 /run/php-fpm/fpm.sock
MeteorCat
2020-02-13 20:48:05 +08:00
@station 默认 session 目录看看权限组,在 /var/lib/php/session
station
2020-02-13 20:56:23 +08:00
@MeteorCat 此目录是空的,该文件夹权限默认 root:apache

应该是我表达问题有误

烦请您看一下这张图
https://s2.ax1x.com/2020/02/13/1LqrVA.png
MeteorCat
2020-02-13 21:14:15 +08:00
@station 这样信息好少呀,只知道 500 错误
dilu
2020-02-14 09:15:42 +08:00
1. 确认关闭 SeLinux
2. 确认 nginx 的运行用户
3. 确认 php-fpm 的运行用户要跟 nginx 一直
4. 确认代码目录真是存在切存在 index.php 并且文件属于上面两条的用户或者用户组
5. 确认 sock 文件存在并且上面的用户能 read
6. server 换成 unix:///run/php-fpm/fpm.sock;
7. 还是不行请贴一下 debug 下面的 error_log

你这是在安装 nextcloud 我以前搞过 没遇到你这个问题
encro
2020-02-14 09:35:58 +08:00
1,通过 ps 查看 php-fpm 进程的配置文件;
2,查看 php-fpm 配置文件,开启 fpm 的 access 和 error 日志;
3,重启 fpm,用 ps 看看是否运行成功;
4,查看 fpm 日志,是否有请求过来,没有的话,修改监听方式为端口试试;

一般就楼上的问题:
1,关闭 SeLinux ;
2,nginx,fpm,代码,sock 文件,log 目录所属用户一致;
3,server 换成 unix:///run/php-fpm/fpm.sock;
station
2020-02-14 17:53:02 +08:00
@dilu

1 .确认已关闭 selinux
2. nginx 和 php-fpm 的运行用户确认一致
3. nextcloud 的文件夹确实存在于 /var/www 目录下,且用户与用户组为 nginx
4. sock 文件存在,权限正确
5. server 换成 unix:///run/php-fpm/fpm.sock; 结果一样的

2020/02/14 04:51:01 [notice] 1632#1632: start worker processes
2020/02/14 04:51:01 [notice] 1632#1632: start worker process 1633
2020/02/14 04:51:01 [notice] 1632#1632: start worker process 1634
2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:05 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:06 [notice] 1633#1633: *1 "^" matches "/nextcloud", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:06 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:06 [notice] 1633#1633: *1 "^" matches "/nextcloud/", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
2020/02/14 04:51:06 [notice] 1633#1633: *1 rewritten data: "/nextcloud/index.php", args: "", client: 192.168.1.238, server: localhost, request: "GET /nextcloud/ HTTP/1.1", host: "192.168.1.157"
station
2020-02-14 18:01:05 +08:00
@encro

- - 14/Feb/2020:04:45:19 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 61.445 4096 81.37%
- - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 5.365 2048 0.00%
- - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.944 2048 0.00%
- - 14/Feb/2020:04:45:47 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.700 2048 0.00%
- - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 1.014 2048 0.00%
- - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 3.086 2048 324.04%
- - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 0.341 2048 0.00%
- - 14/Feb/2020:04:51:05 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 2.090 2048 0.00%
- - 14/Feb/2020:04:51:06 -0500 "GET /nextcloud/index.php" 302 /var/www/nextcloud/index.php 0.343 2048 0.00%
- - 14/Feb/2020:04:51:06 -0500 "GET /nextcloud/index.php" 500 /var/www/nextcloud/index.php 4.010 2048 0.00%
station
2020-02-14 18:04:00 +08:00
@encro

[14-Feb-2020 04:32:54] NOTICE: fpm is running, pid 919
[14-Feb-2020 04:32:54] NOTICE: ready to handle connections
[14-Feb-2020 04:32:54] NOTICE: systemd monitor interval set to 10000ms
[14-Feb-2020 04:43:39] NOTICE: Terminating ...
[14-Feb-2020 04:43:39] NOTICE: exiting, bye-bye!
[14-Feb-2020 04:43:39] NOTICE: fpm is running, pid 1607
[14-Feb-2020 04:43:39] NOTICE: ready to handle connections
[14-Feb-2020 04:43:39] NOTICE: systemd monitor interval set to 10000ms
encro
2020-02-14 18:05:14 +08:00
@station 这是程序出错了,和 nginx 配置已经无关,开启 notice 级别错误提示
msg7086
2020-02-14 18:05:40 +08:00
500 错误不就是连上了么……
encro
2020-02-14 18:26:40 +08:00
500 应用程序错误,
你开启 fpm 的 access log 看下。
开启 php.ini 的 display_error=ON,error_reporting=E_ALL

将 index.php 改为 <?php echo 'hello';exit; 测试

如果不是很会环境配置的话,建议用宝塔吧。
station
2020-02-14 18:36:59 +08:00
@encro 上面贴出来的, 我看了下 php-fpm.conf 配置文件默认: log_level = notice


@msg7086 不是专业的,所以不怎么懂( 已尽力百度 )
encro
2020-02-14 20:29:10 +08:00
@station

php-fpm.conf 还有一个 access log 默认是不开启的

php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on


access.log string
Access log 文件。 默认值:不设置

access.format string
access log 的格式。 默认值: "%R - %u %t \"%m %r\" %s"

access.log = log/$pool.access.log
#每一个请求的访问日志,默认是关闭的。
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
#设定访问日志的格式。

[php-fpm 配置详解]( https://juejin.im/entry/5870bc8961ff4b005c3c47ec)

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/644375

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX