Skip to main content

Deploying PHP along with Nginx using php-fpm & FastCGI


Some times you have a requirement to run php in an APP server having Nginx and uWSGI configured. If uwsgi is already running with a plugin , then it will be difficult to enable php along with uwsgi. You have to install the uwsgi-plugin-php and after that install another uwsgi from compiling uwsgi source with php plugin.

But if we install php-fpm then it will be more easy to do this task.

First install the necessary packages for this:

>> sudo apt-get install php7.0-dev libphp7.0-embed php-fpm php-curl

if you are planning to use mysql and db then also install php7.0-mysql

After that you have to Configure the PHP Processor:

Open the php-fpm configuration file:

>> vi /etc/php/7.0/fpm/php.ini

Change the value of cgi.fix_pathinfo from 1 to 0

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if the requested PHP file cannot be found. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn't be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to "0" like this:

Now, we just need to restart our PHP processor by typing:

>> service php7.0-fpm restart

Configure Nginx to Use the PHP Processor:

Create an nginx configuration file in the location /etc/nginx/sites-enabled/jinojoseph.conf




# nginx ini

server {
listen 443 ssl;

root /var/www/jino;
index index.php index.html index.htm;

server_name jinojoseph.com;

access_log /var/log/nginx/jinojoseph.com.log x_forwarded_for;
error_log /var/log/nginx/jinojoseph.com_error.log;
ssl_dhparam /etc/nginx/certs/dhparam.pem;

ssl on;
ssl_certificate /etc/nginx/certs/wildcard.dasgateway.com/crt.crt;
ssl_certificate_key /etc/nginx/certs/wildcard.dasgateway.com/private.key;

location / {
#try_files $uri $uri/ /index.html;
try_files $uri /index.php$is_args$args;
}

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/jino;
}

# pass the PHP scripts to FastCGI server listening on /var/run/php7-fpm.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}





You can check the nginx configuration by using the below command:

>> nginx -t -c /etc/nginx/nginx.conf

If every this is ok , it will give a message like below:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now, Restart the nginx :

>> service nginx restart

Now you can load the site by taking your domain jinojoseph.com in the browser.




Error & Fixes
##################

You might get an error like below :

2017/09/22 09:11:31 [error] 14373#14373: *567 open() "/var/www/jinojoseph.com/50x.html" failed (2: No such file or directory), client: 172.xx.xx.32, server: jinojoseph.com, request: "GET / HTTP/1.0", upstream: "fastcgi://unix:/var/run/php7.0-fpm.sock", host: "jinojoseph.com"


Fix:

find out username used by the Nginx worker processes:

grep 'user' /etc/nginx/nginx.conf

in my case it is ubuntu

The most common ones are either www-data or nginx. Edit PHP FPM pool configuration file:

/etc/php/7.0/fpm/pool.d/www.conf

Change the below variable's value to ubuntu.

user = ubuntu
group = ubuntu
listen.owner = ubuntu
listen.group = ubuntu

Now restart the php-fpm service.

>> service php7.0-fpm restart
If you want to run the php-fpm as root
#################################

Add the -R in the file /lib/systemd/system/php7.0-fpm.service

This will make the php-fpm run as root when restart with systemctl command

Sock file missing error
###################

2018/07/26 06:37:20 [crit] 23482#0: *13 connect() to unix:/var/run/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 111.93.250.142, server: 54.178.23
5.19, request: "GET /info.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.0-fpm.sock:", host: "54.178.235.19"


Fix:
####
Open your fastcgi pool config:
vim /etc/php/7.0/fpm/pool.d/www.conf
Change listen to:
listen = 127.0.0.1:9000
Open your nginx site config:
vim /etc/nginx/sites-available/owncloud

Comment out unix:/var/run/php7-fpm.sock and use:

server 127.0.0.1:9000;
CDbException error
###################


 If your site not loading , try command "php index.php" from your terminal and u might got an error like below:

 CDbConnection failed to open the DB connection.

 In my case I was using Yii site and mysql . So it was due to the missing of pdo_mysql module. For installing that give below command.

 
apt-get install php7.0-mysql
Restart the nginx and php-fpm service.


That is it.

Thanks :-)

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Nginx Ingress controller setup in K8S MultiNode Cluster with HA-Proxy as External LB

https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/installation.md Pre-requisites: ############### >> K8s cluster setup with 1 Master and 2 Worker nodes. >> Deployed an application with Deployment name "client-sb" >> Also you need to create an HA-proxy server by spinning an Ec2 instance. After login the Ha-proxy server. # yum install haproxy # vi /etc/haproxy/haproxy.cfg delete everything after the global and defaults starting from "Main front-end which proxys to the backend" paste the below code in the end of the file: --------------------- frontend http_front   bind *:80   stats uri /haproxy?stats   default_backend http_back backend http_back   balance roundrobin   server kube 10.0.1.14:80   server kube 10.0.1.12:80 --------------------- # systemctl status haproxy # systemctl enable haproxy # systemctl start haproxy 1. Create a Namespace, a SA, the Default Secret, the Customization Confi...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more