[SOLVED] Nginx not getting the php-fpm upstream

Dorian_Hawkmoon · 2021-12-08 17:31:27

I have nginx with several sites, and php-fpm with several pools as well.
The issue is that one of the sites is not using the correct pool set.

config for the specific site

upstream php-rutorrent {
  server unix:/run/php-fpm/torrent.sock;
}

server {
    server_name torrent.ookami.es;
    listen 80;

    include conf.d/commonConfig.conf;
    return 301 https://torrent.ookami.es$request_uri;
}

server {
    server_name torrent.ookami.es;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/ookami.es/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ookami.es/privkey.pem; # managed by Certbot

    include conf.d/ciphers.conf;
    include conf.d/commonConfig.conf;
    include conf.d/phpSecure.conf;
    include conf.d/htDenial.conf;


    root /srv/http/rutorrent;


   location ~* \.php(/|$) {
      fastcgi_pass   php-rutorrent;
      fastcgi_index  index.php;
      include        /etc/nginx/fastcgi_params;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
    }

    location /RPC666 {
      include scgi_params;
      scgi_pass unix:/tmp/rtorrent.sock;
    }

   location ^~ /conf/ {
      deny all;
   }

   location ^~ /share/ {
        deny all;
   }

}

Pool config and checked that the torrent.sock exists

[torrent]
user = torrent
group = torrent
listen = /run/php-fpm/torrent.sock
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp

; should be accessible by your web server
listen.owner = http
listen.group = http

php_admin_value[open_basedir] = /tmp:/etc/webapps/rutorrent/conf/:/usr/share/webapps/rutorrent/php/:/usr/share/webapps/rutorrent/:/usr/bin/curl:/media/torrent/:/usr/share/webapps/rutorrent/tmp:/usr/share/webapps/rutorrent/share:/usr/bin-torrent

pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

The issue is that nginx seems to not pick the proper upstream, this is the message

[error] 4523#4523: 
*1 FastCGI sent in stderr: "PHP message: PHP Warning:  is_executable(): open_basedir restriction in effect. 
File(/usr/bin-torrent/python) is not within the allowed path(s): (/tmp/:/srv/http/:/usr/share/webapps/:/etc/webapps:/media/Music/Groups) in /usr/share/webapps/rutorrent/php/util.php on line 488
PHP message: PHP Warning:  is_executable(): open_basedir restriction in effect. File(/usr/bin-torrent/php) is not within the allowed path(s): (/tmp/:/srv/http/:/usr/share/webapps/:/etc/webapps:/media/Music/Groups) in /usr/share/webapps/rutorrent/php/util.php on line 488
...
...
while reading response header from upstream, client: 192.168.1.1, server: torrent.ookami.es, request: "GET /php/getplugins.php HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "torrent.ookami.es", referrer: "https://torrent.ookami.es/"

fastcgi://unix:/run/php-fpm/php-fpm.sock is NOT the socket I want for this server....
I tried several location .php but doesn't seem to work. Any idea of what I could be doing wrong?

Last edited by Dorian_Hawkmoon (2021-12-08 17:39:11)

progandy · 2021-12-08 17:37:23

try to set fastcgi_pass directly to your socket and maybe you should include fastcgi_params after splitting the path info.

Last edited by progandy (2021-12-08 17:42:00)

Dorian_Hawkmoon · 2021-12-08 17:38:17

I really hate finding myself the answer the moment I ask on the Internet, no matter how long I was working on the issue...

this line in nginx conf is the guilty one

include conf.d/phpSecure.conf;

as it has

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    fastcgi_index  index.php;
    include fastcgi.conf;
    fastcgi_param HTTPS on;
}

that was catching all php files...

progandy · 2021-12-08 17:42:37

Ah, that was my next idea. Include files can be annoying.

Arch Linux

#1 2021-12-08 17:31:27

[SOLVED] Nginx not getting the php-fpm upstream

#2 2021-12-08 17:37:23

Re: [SOLVED] Nginx not getting the php-fpm upstream

#3 2021-12-08 17:38:17

Re: [SOLVED] Nginx not getting the php-fpm upstream

#4 2021-12-08 17:42:37

Re: [SOLVED] Nginx not getting the php-fpm upstream

Board footer