3

I'm setting up a new server with PHP 5.3.9 and nginx, so I compiled PHP with the php-fpm SAPI options. By itself it works great using the following server entry in nginx:

server { listen 80; server_name domain.com www.domain.com; root /var/www/clients/domain.com/www/public; index index.php; log_format gzip '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"'; access_log /var/www/clients/domain.com/logs/www-access.log; error_log /var/www/clients/domain.com/logs/www-error.log error; location ~\.php$ { fastcgi_pass 127.0.0.1:9001; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/clients/domain.com/www/public$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; include /etc/nginx/fastcgi_params; } }

It servers my PHP files just fine. For added security I wanted to chroot my FPM instance, so I added the following lines to my conf file for this FPM instance:

# FPM config chroot = /var/www/clients/domain.com

and changed the nginx config:

#nginx config for chroot location ~\.php$ { fastcgi_pass 127.0.0.1:9001; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME www/public$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; include /etc/nginx/fastcgi_params; }

With those changes, nginx gives me a File not found message for any PHP scripts. Looking in the error log I can see that it's prepending the root path to my DOCUMENT_ROOT variable that's passed to fastcgi, so I tried to override it in the location block like this:

fastcgi_param DOCUMENT_ROOT /www/public/; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

but I still get the same error, and the debug log shows the full, unchrooted path being sent to PHP-FPM.

What am I missing to get this to work?

Improve this question
1
  • Change to this... fastcgi_param SCRIPT_FILENAME /www/public$fastcgi_script_name; Commented Feb 15, 2016 at 9:13

3 Answers 3

Reset to default
4

I have the same situation and this is my solition:

fpm config:

prefix = /var/www/example.com chroot = $prefix chdir = / listen = tmp/php5-fpm.sock slowlog = log/$pool.log.slow

nginx config:

 location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/www/example.com/tmp/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME /htdocs$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /htdocs; }

folder structure of /var/www/example.com

drwxr-x--- 6 www-data www-data 4096 May 22 10:57 . drwxr-xr-x 10 root root 4096 May 22 08:52 .. drwxr-x--- 2 www-data www-data 4096 May 22 10:57 htdocs drwxr-x--- 2 www-data www-data 4096 May 22 10:34 log drwxr-x--- 2 www-data www-data 4096 May 22 10:56 tmp
Improve this answer
1
  • was struggling with this for a while, until I found this answer, worked a treat. Commented Dec 14, 2021 at 18:12
4

It looks like you forgot a /.

fastcgi_param SCRIPT_FILENAME www/public$fastcgi_script_name;

Should read:

fastcgi_param SCRIPT_FILENAME /www/public$fastcgi_script_name;
Improve this answer
0

Nginx doesn't know if you have setup chroot on your PHP-FPM. So, you'd still need to provide the fullpath in fastcgi_param. Basically, your initially configuration is what you needed.

Improve this answer
1
  • Just tried that, and I get the same result. Most of the tutorials I've seen said that the fastcgi_param settings needed to be relative to the chroot, as chrooting causes it to not see the full path. When I've used chroot before with Apache and mod_php that's also how it worked. Commented Feb 2, 2012 at 20:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.