1

I have a FastCGI application listening on a UNIX socket at /tmp/web.socket.

srw-rw----. 1 nginx nginx 0 Aug 14 15:48 /tmp/web.socket

As the nginx user, I am able to access this socket:

[nginx@he4]:~$ ncat -U /tmp/web.socket test^D [nginx@he4]:~$

The ^D represents me manually adding a EOF.

Of course, "test" is not valid FastCGI:

- - [Wed, 14 Aug 2024 08:05:05 GMT] WARN read: connection closed - - [Wed, 14 Aug 2024 08:05:05 GMT] WARN FastCGI: connection closed while reading frame size - - [Wed, 14 Aug 2024 08:05:05 GMT] WARN FastCGI: connection severed at start - - [Wed, 14 Aug 2024 08:05:05 GMT] WARN FastCGI: bad code

But at least this means that my FastCGI application is receiving the data from ncat.

My nginx runs under the nginx user and the nginx group. It uses a configuration slightly modified from the default Fedora configuration:

user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 80; listen [::]:80; server_name _; root /tmp; location / { include fastcgi_params; fastcgi_pass unix:/tmp/web.socket; } } }

It, however, cannot seem to find the socket:

2024/08/14 15:54:30 [crit] 464651#464651: *1 connect() to unix:/tmp/web.socket failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/web.socket:", host: "localhost"

I would appreciate any help.

(I am aware of the lack of TLS, and it does not seem relevant for the purposes of this question.)

Improve this question

2 Answers 2

Reset to default
1

The systemd unit file for nginx.service on Fedora is the following:

[Unit] Description=The nginx HTTP and reverse proxy server After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/run/nginx.pid # Nginx will fail to start if /run/nginx.pid already exists but has the wrong # SELinux context. This might happen when running `nginx -t` from the cmdline. # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 ExecStartPre=/usr/bin/rm -f /run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx ExecReload=/usr/sbin/nginx -s reload KillSignal=SIGQUIT TimeoutStopSec=5 KillMode=mixed PrivateTmp=true [Install] WantedBy=multi-user.target

PrivateTmp=true uses namespaces to give nginx a private /tmp. Moving the socket file outside of /tmp works.

Improve this answer
0

I have to tell nginx where to find the FastCGI (socket) binary:

location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

This works for me, if i omit the fastcgi_pass setting (or it point to the wrong socket file) nginx cannot start FastCGI.

Improve this answer
1
  • I specified it correctly already; see fastcgi_pass unix:/tmp/web.socket; which was written in my question. Anyways, the issue turns out to be systemd creating namespaces. Commented Aug 15, 2024 at 6:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.