Skip to main content

Deploying PHP along with Nginx using php-fpm & FastCGI


Some times you have a requirement to run php in an APP server having Nginx and uWSGI configured. If uwsgi is already running with a plugin , then it will be difficult to enable php along with uwsgi. You have to install the uwsgi-plugin-php and after that install another uwsgi from compiling uwsgi source with php plugin.

But if we install php-fpm then it will be more easy to do this task.

First install the necessary packages for this:

>> sudo apt-get install php7.0-dev libphp7.0-embed php-fpm php-curl

if you are planning to use mysql and db then also install php7.0-mysql

After that you have to Configure the PHP Processor:

Open the php-fpm configuration file:

>> vi /etc/php/7.0/fpm/php.ini

Change the value of cgi.fix_pathinfo from 1 to 0

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if the requested PHP file cannot be found. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn't be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to "0" like this:

Now, we just need to restart our PHP processor by typing:

>> service php7.0-fpm restart

Configure Nginx to Use the PHP Processor:

Create an nginx configuration file in the location /etc/nginx/sites-enabled/jinojoseph.conf




# nginx ini

server {
listen 443 ssl;

root /var/www/jino;
index index.php index.html index.htm;

server_name jinojoseph.com;

access_log /var/log/nginx/jinojoseph.com.log x_forwarded_for;
error_log /var/log/nginx/jinojoseph.com_error.log;
ssl_dhparam /etc/nginx/certs/dhparam.pem;

ssl on;
ssl_certificate /etc/nginx/certs/wildcard.dasgateway.com/crt.crt;
ssl_certificate_key /etc/nginx/certs/wildcard.dasgateway.com/private.key;

location / {
#try_files $uri $uri/ /index.html;
try_files $uri /index.php$is_args$args;
}

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/jino;
}

# pass the PHP scripts to FastCGI server listening on /var/run/php7-fpm.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}





You can check the nginx configuration by using the below command:

>> nginx -t -c /etc/nginx/nginx.conf

If every this is ok , it will give a message like below:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now, Restart the nginx :

>> service nginx restart

Now you can load the site by taking your domain jinojoseph.com in the browser.




Error & Fixes
##################

You might get an error like below :

2017/09/22 09:11:31 [error] 14373#14373: *567 open() "/var/www/jinojoseph.com/50x.html" failed (2: No such file or directory), client: 172.xx.xx.32, server: jinojoseph.com, request: "GET / HTTP/1.0", upstream: "fastcgi://unix:/var/run/php7.0-fpm.sock", host: "jinojoseph.com"


Fix:

find out username used by the Nginx worker processes:

grep 'user' /etc/nginx/nginx.conf

in my case it is ubuntu

The most common ones are either www-data or nginx. Edit PHP FPM pool configuration file:

/etc/php/7.0/fpm/pool.d/www.conf

Change the below variable's value to ubuntu.

user = ubuntu
group = ubuntu
listen.owner = ubuntu
listen.group = ubuntu

Now restart the php-fpm service.

>> service php7.0-fpm restart
If you want to run the php-fpm as root
#################################

Add the -R in the file /lib/systemd/system/php7.0-fpm.service

This will make the php-fpm run as root when restart with systemctl command

Sock file missing error
###################

2018/07/26 06:37:20 [crit] 23482#0: *13 connect() to unix:/var/run/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 111.93.250.142, server: 54.178.23
5.19, request: "GET /info.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.0-fpm.sock:", host: "54.178.235.19"


Fix:
####
Open your fastcgi pool config:
vim /etc/php/7.0/fpm/pool.d/www.conf
Change listen to:
listen = 127.0.0.1:9000
Open your nginx site config:
vim /etc/nginx/sites-available/owncloud

Comment out unix:/var/run/php7-fpm.sock and use:

server 127.0.0.1:9000;
CDbException error
###################


 If your site not loading , try command "php index.php" from your terminal and u might got an error like below:

 CDbConnection failed to open the DB connection.

 In my case I was using Yii site and mysql . So it was due to the missing of pdo_mysql module. For installing that give below command.

 
apt-get install php7.0-mysql
Restart the nginx and php-fpm service.


That is it.

Thanks :-)

Comments

Post a Comment

Popular posts from this blog

K8s External Secrets integration between AWS EKS and Secrets Manager(SM) using IAM Role.

What is K8s External Secrets and how it will make your life easier? Before saying about External Secrets we will say about k8s secrets and how it will work. In k8s secrets we will create key value pairs of the secrets and set this as either pod env variables or mount them as volumes to pods. For more details about k8s secrets you can check my blog http://jinojoseph.blogspot.com/2020/08/k8s-secrets-explained.html   So in this case if developers wants to change the ENV variables , then we have to edit the k8s manifest yaml file, then we have to apply the new files to the deployment. This is a tiresome process and also chances of applying to the wrong context is high if you have multiple k8s clusters for dev / stage and Prod deployments. So in-order to make this easy , we can add all the secrets that is needed in the deployment, in the AWS Secret Manager and with the help of External secrets we can fetch and create those secrets in the k8s cluster. So what is K8s external Secret? It i...
Post a Comment
Read more

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more