[SOLVED] nginx + php-fpm - file not found, primary script unknown

aquilarubra · 2019-11-30 14:05:48

Hello, I just updated packages and now php-fpm seems not working at all. It gives the errors "File not found" in the browser, and "primary script unknown while reading response header" in the log.

I checked all the bhosts, but they are just fine. I suspect there is some change due to the recent security issue in php-fpm, but I cannot find a reference to fix the issue. Any idea?

Last edited by aquilarubra (2019-12-18 05:28:39)

Trilby · 2019-11-30 14:56:57

Telling us you looked at the logs is useless, show us. Saying you checked the bhosts is the same. Show us. Post logs, configs, etc, otherwise there is nothing we can offer here but sympathy (and even that's not so likely). Is this a publicly available server? Give an example to a failing url.

https://bbs.archlinux.org/viewtopic.php?id=57855

FWIW, I just upgraded my server and have no issues with php-fpm on nginx.

Last edited by Trilby (2019-11-30 14:59:37)

aquilarubra · 2019-11-30 15:27:08

Sample page: https://thelord.space/phpinfo.php

access.log:
2019/11/30 16:16:29 [error] 9842#9842: *3 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 203.15.17.121, server: thelord.space, request: "GET /phpinfo.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "thelord.space"

error.log:
151.95.156.135 - - [30/Nov/2019:16:16:29 +0100] "GET /phpinfo.php HTTP/2.0" 404 36 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0"

vhost:

       location ~ \.php$ {
                include fastcgi_params;
                access_log /home/thelord.space/logs/access_log;
                error_log /home/thelord.space/logs/error_log;
                fastcgi_param SCRIPT_FILENAME /home/thelord.space/public_html$fastcgi_script_name;
#                fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
#                fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        }

I tried with the different settings for SCRIPT_FILENAME and none seems working. Previously, the server was working with the full path: fastcgi_param SCRIPT_FILENAME /home/thelord.space/public_html$fastcgi_script_name;

The php-fpm error log contains nothing (just the lines when I restart the server).

Obviously, the paths are correct and if I try with user "http", the files are accessible.

Html pages work and Perl works. Only php-fpm seems broken. Php-fpm server runs just fine.

Trilby · 2019-11-30 16:47:57

The title of the thread I linked to is "Post complete logs/output/..."

aquilarubra wrote:

Obviously, the paths are correct and if I try with user "http", the files are accessible.

How/why is this obvious? What do you mean you try with user "http"? What do you actually do? What are (again) the actual commands and output?

aquilarubra · 2019-11-30 17:00:54

ls /home/thelord.space/public_html/phpinfo.php shows it exists.

If I "su http", I can run a command such as "php /home/thelord.space/public_html/phpinfo.php" and it displays the expected output. So, the issue is when php goes through php-fpm.

From my tests, $document_root might not be correct. But I have no clue how to debug that.

Trilby · 2019-11-30 17:03:13

Three posts in and you have still failed to provide any of the necessary context despite being explicitly asked twice. I am unable (and now unwilling) to help. I'd encourage you to be much more transparent and forthcoming if you want the next forum member who sees this thread to put in any effort to help you.

Last edited by Trilby (2019-11-30 17:05:26)

aquilarubra · 2019-11-30 17:15:20

You must be joking, I have answered every question and published my configuration and logs. Get glasses.

loqs · 2019-11-30 17:29:30

Is the system using php-fpm.service ?

aquilarubra · 2019-11-30 17:34:32

Yes. Sorry, I saw I omitted a few lines, as I am doing many tests.

Host configuration:

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                # Mitigate https://httpoxy.org/ vulnerabilities
                fastcgi_param HTTP_PROXY "";

                fastcgi_index index.php;
                fastcgi_pass 127.0.0.1:9000;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                access_log /home/thelord.space/logs/access_log;
                error_log /home/thelord.space/logs/error_log;

fastcgi_params file:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  HTTPS              $https if_not_empty;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

#fastcgi_param  REQUEST_SCHEME     $scheme;

netstat -pnltu | grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 12417/php-fpm: mast

Last edited by aquilarubra (2019-11-30 17:36:40)

loqs · 2019-11-30 17:57:16

https://github.com/php/php-src/commit/4 … 45a203e37f
See the comment above ProtectHome=true

aquilarubra · 2019-11-30 18:18:34

Thanks, that could be the case, as I have a folder outside /home that is partially working. But I edited /etc/systemd/system/multi-user.target.wants/php-fpm.service setting ProtectHome=false, reloaded services, restarted php-fpm, and I still get a 404/file not found error.

aquilarubra · 2019-11-30 18:31:36

Ok, my mistake. It was solved!! Thank you so much.

To recap, I did the following:

1. Set ProtectHome=false in /etc/systemd/system/multi-user.target.wants/php-fpm.service
2. systemctl daemon-reload
3. systemctl restart nginx.service
4. systemctl restart php-fpm.service

aquilarubra · 2019-11-30 19:41:55

Question: I use nextcloud, which stores config files in /etc (/etc/webapps/nextcloud). Now it is not working (after the update above). It gives the error "Cannot write into "config" directory!", despite the directory is writeable.

So, I suspect this depends on the setting ProtectSystem=full in /etc/systemd/system/multi-user.target.wants/php-fpm.service

Any idea? I cannot find the options that can be used instead of "full".

Taijian · 2019-11-30 22:30:42

OK seems that for nextcloud to keep working, we need both

ProtectSystem=false
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_CHOWN

Otherwise php-fpm will not work.

loqs · 2019-11-30 22:36:04

See https://bugs.archlinux.org/task/64689 for nextcloud
CAP_CHOWN should not be needed with php-fpm 7.4.0-2

Taijian · 2019-11-30 23:59:55

loqs wrote:

CAP_CHOWN should not be needed with php-fpm 7.4.0-2

Well, for me it complained about not being able to use chown on /run/php-fpm/php-fpm.sock without that CAP. No idea why it needed to do that, though...

loqs · 2019-12-01 00:13:05

@Tainjan that was supposed to be fixed see https://bugs.archlinux.org/task/64683

Taijian · 2019-12-01 00:14:02

loqs wrote:

@Tainjan that was supposed to be fixed see https://bugs.archlinux.org/task/64683

Yeah, saw that now. I was still working with -1...

rafikfarhad · 2019-12-18 14:52:56

aquilarubra wrote:

Ok, my mistake. It was solved!! Thank you so much.
To recap, I did the following:
1. Set ProtectHome=false in /etc/systemd/system/multi-user.target.wants/php-fpm.service
2. systemctl daemon-reload
3. systemctl restart nginx.service
4. systemctl restart php-fpm.service

It did solve my problem for one site. But I'm getting the older error for my another site.

aquilarubra · 2019-12-18 14:57:19

I think I did a reboot in between.
Try also with ProtectSystem=false if one of your sites ends up in protected dirs.

Last edited by aquilarubra (2019-12-18 14:57:34)

rafikfarhad · 2019-12-22 13:51:17

Hey @aquilarubra,
I ran into another problem on my fresh installation. There is no

/etc/systemd/system/multi-user.target.wants/php-fpm.service

file in my system.
Do you know what should I do now?

Trilby · 2019-12-22 13:55:17

That has nothing to do with this thread. That "file" is not provided by any package. Read the wiki on using systemd to enable services.

rafikfarhad · 2019-12-22 13:57:34

Okay. Thank you very much.
Update 1: After enabling the service I found that folder and solved all my php-fpm problems there.

Last edited by rafikfarhad (2019-12-22 14:05:45)

ewaller · 2019-12-22 15:33:40

I am going to take this opportunity to close this old thread.

Arch Linux

#1 2019-11-30 14:05:48

[SOLVED] nginx + php-fpm - file not found, primary script unknown

#2 2019-11-30 14:56:57

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#3 2019-11-30 15:27:08

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#4 2019-11-30 16:47:57

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#5 2019-11-30 17:00:54

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#6 2019-11-30 17:03:13

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#7 2019-11-30 17:15:20

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#8 2019-11-30 17:29:30

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#9 2019-11-30 17:34:32

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#10 2019-11-30 17:57:16

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#11 2019-11-30 18:18:34

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#12 2019-11-30 18:31:36

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#13 2019-11-30 19:41:55

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#14 2019-11-30 22:30:42

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#15 2019-11-30 22:36:04

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#16 2019-11-30 23:59:55

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#17 2019-12-01 00:13:05

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#18 2019-12-01 00:14:02

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#19 2019-12-18 14:52:56

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#20 2019-12-18 14:57:19

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#21 2019-12-22 13:51:17

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#22 2019-12-22 13:55:17

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#23 2019-12-22 13:57:34

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

#24 2019-12-22 15:33:40

Re: [SOLVED] nginx + php-fpm - file not found, primary script unknown

Board footer