I'm trying to setup cgit 0.10 with nginx and fastcgi. Unfortunately the reponse is a 502. The following message is written in the error.log:
[error] 30956#0: *1 upstream prematurely closed FastCGI stdout while reading response header from upstream, client: **, server: **, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "**"</i>
My nginx site is configured as follows:
server {
...
root /var/www/cgit/;
proxy_redirect off;
location ~* ^.+\.(css|png|ico)$ {
expires 30d;
}
location / {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgit;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
}
}
/var/www/cgit$ ls -al
drwxr-xr-x 2 www-data www-data 4096 Jan 25 22:22 .
drwxr-xr-x 5 www-data www-data 4096 Jan 25 22:21 ..
-rwxr-xr-x 1 www-data www-data 4786733 Jan 25 22:22 cgit.cgi
-rw-r--r-- 1 www-data www-data 12395 Jan 25 22:22 cgit.css
-rw-r--r-- 1 www-data www-data 1488 Jan 25 22:22 cgit.png
-rw-r--r-- 1 www-data www-data 1078 Jan 25 22:22 favicon.ico
-rw-r--r-- 1 www-data www-data 47 Jan 25 22:22 robots.txt
Does anybody have an idea, what is going wrong? I also tried to raise the timeout limit, but I have no success.
Thank you!
Ok, I solved my problem. I just updated to the latest fcgiwrap version from the sources. Unfortunately I can't get it to work with the debian package.
Related
I am using Ubuntu 18.04 VPS and trying to deploy CodeIgniter project on nginx server. Unfortunately seems something is wrong in the nginx config file. Here is the file:
nginx config:
server {
listen 80;
listen [::]:80;
# Server Name
server_name doamin.com;
# Document Root
root /var/www/html/domain.com;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm:
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
error_page 404 /index.php;
# deny access to hidden files such as .htaccess & .git
location ~ /\. {
deny all;
}
}
Directory Permissions
cd /var/www/
drwxr-xr-x 3 www-data www-data 4096 Feb 24 12:54 html/
cd html/
drwxr-xr-x 6 root root 4096 Feb 24 12:54 domain.com/
cd domain.com/
drwxr-xr-x 8 root root 4096 Feb 24 12:54 .git/
-rwxr-xr-x 1 root root 0 Feb 24 12:54 .gitignore*
-rwxr-xr-x 1 root root 241 Feb 24 12:54 .htaccess*
-rwxr-xr-x 1 root root 7035 Feb 24 12:54 README.md*
drwxr-xr-x 14 root root 4096 Feb 24 12:54 application/
drwxr-xr-x 8 root root 4096 Feb 24 12:54 assets/
-rwxr-xr-x 1 root root 593 Feb 24 12:54 composer.json*
-rwxr-xr-x 1 root root 19306 Feb 24 12:54 database_schema.sql*
-rwxr-xr-x 1 root root 10722 Feb 24 12:54 index.php*
drwxr-xr-x 8 root root 4096 Feb 24 12:54 system/
Please help.
I have a VPS on digitalocean that works great with five subdomains. But when I decided to add 6th (RC), it doesn't work. In order not to make mistakes, I made the following:
duplicated existing (working) /var/www folder and renamed into rc
changed rights to this folder sudo chmod -R www-data:www-data rc
duplicated working config in etc/nginx/sites-available and renamed it to rc
changed server_name and root rooting there. So, it looks like so:
server {
listen 80;
listen [::]:80;
charset UTF-8;
server_name rc.myserver.com;
root /var/www/rc;
index index.html;
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
created symlink with ln -s /etc/nginx/sites-available/rc /etc/nginx/sites-enabled/rc
restarted nginx: sudo service nginx restart
Now my /etc/nginx/sites-enabled/ folder looks so:
lrwxrwxrwx 1 root root 31 Jul 21 2019 html -> /etc/nginx/sites-available/html
lrwxrwxrwx 1 root root 31 Jul 19 2019 hunt -> /etc/nginx/sites-available/hunt
lrwxrwxrwx 1 root root 32 Dec 2 16:43 monit -> /etc/nginx/sites-available/monit
lrwxrwxrwx 1 root root 29 Feb 1 13:57 rc -> /etc/nginx/sites-available/rc
lrwxrwxrwx 1 root root 31 Jul 21 2019 rent -> /etc/nginx/sites-available/rent
lrwxrwxrwx 1 root root 32 Jul 20 2019 tools -> /etc/nginx/sites-available/tools
sudo netstat -plutn | grep nginx shows:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29155/nginx: master
tcp6 0 0 :::80 :::* LISTEN 29155/nginx: master
My nginx.conf has this code lines active:
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
/var/log/nginx/error.log and /var/log/nginx/access.log didn't show any problems.
But when I try to get rc.myserver.com - I get "Failed to open the page" safari message:
Safari can’t open the page “http://rc.myserver.com” because Safari can’t find the server “rc.myserver.com.”
What's the problem can be with?
Did you point your subdomain to the Droplet ip-address ?
first thing you've to do is to point your subdomains to the single ip address via your DNS provider (A, CNAME).
I think that's why you are getting error:
Safari can’t open the page “http://rc.myserver.com” because Safari can’t find the server “rc.myserver.com”.
point rc.yourserver.com to Droplet IP address :)
I am trying to use certbot and letsencrypt on my Ubuntu 16.0.4 server, so I can install a mail server.
I am running certbot like this:
sudo /opt/letsencrypt/certbot-auto certonly --agree-tos --webroot -w
/path/to/www/example -d example.com -d www.example.com
I get the following output from certbot (snippet shown below):
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
http://www.example.com/.well-known/acme-challenge/QEZwFgUGOJqqXHcLmTmkr5z83dbH3QlrIUk1S3JI_cg:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
This is what my directory structure looks like:
root#yourbox:/path/to/www/example$ ls -la
total 12
drwxr-xr-x 3 example root 4096 Nov 1 10:17 .
drwxr-xr-x 5 root webapps 4096 Nov 1 10:13 ..
drwxr-xr-x 2 root root 4096 Nov 1 10:36 .well-known
root#yourbox:/path/to/www/example$
root#yourbox:/path/to/www/example$ cd .well-known/
root#yourbox:/path/to/www/example/.well-known$ ls -la
total 8
drwxr-xr-x 2 root root 4096 Nov 1 10:36 .
drwxr-xr-x 3 example root 4096 Nov 1 10:17 ..
root#yourbox:/path/to/www/example/.well-known$
From above, I can see that the challenge file does not exist - (presumably?) because, it looks like the certbot is unable to write to the folder.
However, I first needed to check that nginx was set up correctly, and that it was serving files from folders starting with a period.
This is the configuration file for nginx for the website (/etc/nginx/sites-available/example):
server {
# Allow access to the letsencrypt ACME Challenge
location ~ /\.well-known\/acme-challenge {
allow all;
}
}
I manually created a testfile (sudo touch /path/to/www/example/fake) and gave it the correct permissions:
root#yourbox:/path/to/www/example/.well-known/acme-challenge$ ls -l
total 0
-rw-r--r-- 1 example webapps 0 Nov 1 10:45 fake
I then tried to access http://www.example.com/.well-known/acme-challenge/fake from a browser - and got a 404 error.
This means I have two errors:
Nginx is not correctly setup to serve files from the .well-known/acme-challenge folder
The file permissions in the /path/to/www/example folder are wrong, so certbot can't write its automatically generated files to the .well-known/acme-challenge folder.
How may I fix these issues?
Your Nginx config file has no config to make your /path/to/www/example/ directory web accessible.
Here's a simple configuration which will put your site live and allow LetsEncyrpt to create a valid certificate. Bare in mind port 80 will need to be accessible.
server {
listen 80;
server_name www.example.co.uk example.co.uk;
root /path/to/www/example;
access_log /var/log/nginx/example.co.uk.log;
error_log /var/log/nginx/example.co.uk.log;
index index.html index.htm index.php;
location ~ /\.well-known\/acme-challenge {
allow all;
}
location / {
try_files $uri $uri/index.html $uri.html =404;
}
}
Change your server_name accordingly, or use your /etc/hosts file to configure a local domain.
I had the same problem which was caused by the following line:
location ~ /\. {
deny all;
}
i added the following ABOVE the line mentioned above this:
location ~ /\.well-known\/acme-challenge {
allow all;
}
My rails app runs on server with Unicorn and Nginx , but after configure Nginx and start it, i got the error:
2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public//index.html" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"
2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public/.html" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"
2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public/" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"
here is nginx_myapp.conf
upstream unicorn {
server unix:/tmp/unicorn.myapp.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name 52.74.148.194;
root /home/ec2-user/apps/mybest/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
keepalive_timeout 10;
}
I googled hours but still can't solve this. I am guessing if any path typos, and not sure why the error message with "public//index.html", not "public/index.html" Any hint? thanks!
Nginx runs with user 'nginx' like below:
EDIT:
$ groups nginx
nginx : nginx ec2-user
groups ec2-user
ec2-user : ec2-user wheel
Permissions of paths: (current)
current]$ ls -l
total 76
drwxrwxr-x 8 ec2-user ec2-user 4096 Aug 3 14:06 app
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug 3 14:08 assets_manifest_backup
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug 3 14:26 bin
-rw-rw-r-- 1 ec2-user ec2-user 830 Aug 3 14:06 Capfile
drwxrwxr-x 6 ec2-user ec2-user 4096 Aug 3 14:08 config
-rw-rw-r-- 1 ec2-user ec2-user 153 Aug 3 14:06 config.ru
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug 3 14:08 db
-rw-rw-r-- 1 ec2-user ec2-user 1720 Aug 3 14:06 Gemfile
-rw-rw-r-- 1 ec2-user ec2-user 5262 Aug 3 14:06 Gemfile.lock
drwxrwxr-x 4 ec2-user ec2-user 4096 Aug 3 14:06 lib
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug 3 14:35 log
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug 3 14:08 public
-rw-rw-r-- 1 ec2-user ec2-user 249 Aug 3 14:06 Rakefile
-rw-rw-r-- 1 ec2-user ec2-user 478 Aug 3 14:06 README.rdoc
-rw-rw-r-- 1 ec2-user ec2-user 8 Aug 3 14:07 REVISION
drwxrwxr-x 8 ec2-user ec2-user 4096 Aug 3 14:06 test
drwxrwxr-x 4 ec2-user ec2-user 4096 Aug 3 14:35 tmp
drwxrwxr-x 3 ec2-user ec2-user 4096 Aug 3 14:06 vendor
public: (I changed to 777 even)
ls -l
total 16
-rwxrwxrwx 1 ec2-user ec2-user 1564 Aug 3 14:06 404.html
-rwxrwxrwx 1 ec2-user ec2-user 1547 Aug 3 14:06 422.html
-rwxrwxrwx 1 ec2-user ec2-user 1477 Aug 3 14:06 500.html
lrwxrwxrwx 1 ec2-user ec2-user 47 Aug 3 14:08 assets -> /home/ec2-user/apps/mybest/shared/public/assets
-rwxrwxrwx 1 ec2-user ec2-user 0 Aug 3 14:06 favicon.ico
-rwxrwxrwx 1 ec2-user ec2-user 202 Aug 3 14:06 robots.txt
Change nginx user in nginx.conf from 'nginx' to 'ec2-user' solve it.
Make sure that nginx is run under proper user (user ... directive in main nginx config file), and then make sure that /home/ec2-user/apps/mybest/current/public/* files are accessible for that user (i.e. they belong to the same group as the user, and have read permission on them).
You also need to have +x permission on every directory down your path. You could see permissions with ls -l in your terminal, and then just do something like that if they lack:
chmod g+x apps
cd apps
chmod g+x mybest
cd mybest
chmod g+x current
cd current
chmod g+x public
cd public
chmod g+r *
UPD. As found out down in comments, nginx runs fine under ec2-user username (user ec2-user in config). Most likely there are restrictive permissions (no "+x"/"+r" for group on directories) for /home and/or /home/ec2-user. Personally, I see nothing wrong having nginx run under ec2-user username. Or you could move your Rails application for example to /var/www/my_app, setup permissions for nginx user, and have it run from there.
I am getting "Access Denied" on index.php file. I created test.php by using touch command on my server and it is working.
I deleted index.php and created index.php by using touch command and c/p index.php source new index.php file and then I checked error.log now the problem is occurred on another php file.
Everything was working and today this problem started. This configuration also was working, there was no change and this problem occurred.
Here is my config files.
/etc/nginx/conf.d/default.conf :
server {
listen 80;
server_name X.X.X.X;
root /var/www/domain.com;
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
root /var/www/domain.com;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/domain.com;
}
}
/var/www/domain.com/ :
drwxr-xr-x. 8 nginx nginx 4096 Nov 16 16:39 .
drwxr-xr-x. 5 nginx nginx 4096 Oct 30 20:47 ..
-rwxr-xr-x. 1 nginx nginx 146 Jun 1 18:16 CONTRIBUTING.md
drwxr-xr-x. 12 nginx nginx 4096 Oct 30 23:36 app
-rwxr-xr-x. 1 nginx nginx 2452 Jun 1 18:16 artisan
drwxr-xr-x. 2 nginx nginx 4096 Oct 30 23:36 assets
drwxr-xr-x. 2 nginx nginx 4096 Oct 30 23:36 bootstrap
-rwxr-xr-x. 1 nginx nginx 697 Jun 1 18:16 composer.json
-rwxr-xr-x. 1 nginx nginx 58540 Oct 1 00:19 composer.lock
-rwxr-xr-x. 1 nginx nginx 0 Jun 1 18:16 favicon.ico
-rwxr-xr-x. 1 nginx nginx 1580 Oct 31 00:05 index.php
drwxr-xr-x. 2 nginx nginx 4096 Oct 30 23:36 packages
-rwxr-xr-x. 1 nginx nginx 567 Jun 1 18:16 phpunit.xml
drwxr-xr-x. 2 nginx nginx 4096 Oct 30 23:55 public
-rwxr-xr-x. 1 nginx nginx 2051 Jun 1 18:16 readme.md
-rwxr-xr-x. 1 nginx nginx 24 Jun 1 18:16 robots.txt
-rwxr-xr-x. 1 nginx nginx 519 Jun 1 18:16 server.php
-rwxr-xr-x. 1 nginx nginx 41 Nov 16 16:39 test.php
drwxr-xr-x. 20 nginx nginx 4096 Oct 30 23:36 vendor
/etc/nginx/nginx.conf :
user nginx;
/etc/php-fpm.d/www.conf :
user = nginx
group = nginx
/var/log/nginx/error.log :
Unable to open primary script: /var/www/domain.com/index.php (Permission denied)" while reading response header from upstream, client: *, server: *, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "*"
2014/11/16 18:27:54 [error] 5070#0: *21 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
After I deleted index.php and created by using touch command same file:
PHP message: PHP Fatal error: require(): Failed opening required '/var/www/domain.com/bootstrap/autoload.php'
I've just spent a whole day on the same problem, eventually finding that selinux was causing it.
I haven't search exactly which setting might be at fault, just disabled the whole thing (SELINUX=disabled in /etc/selinux/config and a restart) and finally php-fpm works as it should.
Thanks for your answer -- this was the same "Access Denied" the problem I encountered and your solution led me down the right path.
Note that instead of disabling SELINUX completely, you can just do this:
$ sudo setsebool -P httpd_read_user_content 1
My current setup is with CentOS 7.7, NGINX 1.17.3, PHP-FPM 7.3.9.