This morning I had a strange problem about finding php script files with Nginx and Php-fpm.
I solved it, but I didn't understand what the problem actually was.
Some details: I'm on Arch Linux and using PHP-FPM 7.3.9 and Nginx 1.16.1.
I wanted to try the Grav CMS, so I set up nginx and php-fpm as needed. What happened is that php-fpm couldn't find the index.php file, returning a 404 error.
My configuration files are pretty simple: I took the default ones and changed a couple of parameters.
My /etc/nginx/nginx.conf file is this one
user http; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include sites-enabled/*; } It's Nginx's default one on Arch Linux where I removed an example server{} block (to include from enabled-sites as in Debian and others) and some comments.
And my configuration file for the specific Grav virtual server was
server { #listen 80; index index.html index.php; ## Begin - Server Info root /home/MYUSERNAME/Desktop/grav; server_name localhost; ## End - Server Info ## Begin - Index # for subfolders, simply adjust: # `location /subfolder {` # and the rewrite to use `/subfolder/index.php` location / { try_files $uri $uri/ /index.php?$query_string; } ## End - Index ## Begin - Security # deny all direct access for these folders location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } # deny running scripts inside core system folders location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside user folder location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny access to specific files in the root folder location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } ## End - Security ## Begin - PHP location ~ \.php$ { # Choose either a socket or TCP/IP address fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy # fastcgi_pass 127.0.0.1:9000; add_header x-full-path $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } ## End - PHP } As you can notice from the comments, it is the default configuration file provided by Grav itself. You can check it out here.
I just edited the root directory and adjusted the socket path according to my php-fpm one.
I didn't touch any php-fpm configuration.
The result I was getting was "File not found." without any nginx reference. I already encountered that page before, and I knew it was php-fpm's error page.
Indeed, when I changed nginx's configuraton to point at some index.html it worked.
So I tried to check if it was a permission problem (but it seemed weird, I would have expected a different error message): I checked that both nginx and php-fpm were running as the same user (in this case 'http') and I changed the ownership and access mode as myusername:http 775 to give to both my user and http user every permission (I know it's not a good practice, but I was testing).
Still the same error.
I tried also to debug the parameters passed by nginx in the line
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; by commenting that line and adding a header with the value of the parameter.
The path was correct. I copy-pasted it on the terminal to see if there was any typo, but nope. Everything good.
I also tried to pass the absolute path of the index file to php-fpm (in the directive above) but nothing.
At this point I tried one last thing: I moved the 'grav' folder from my dekstop to /srv/http (which on Arch is the default folder in nginx configuration), and edited the nginx configuration files accordingly. The permissions are http:myusername 664 there.
And it worked.
So I started looking for anything that could've caused the error in php-fpm's configuration files.
I found out the chdir option in /etc/php/php-fpm.d/www.conf . The comment says
Chdir to this directory at the start. Note: relative path can be used. Default Value: current directory or / when chroot
Because I did not set chroot (I checked, it's the option above this in the file) it should be /.
But even if it looked for files from root, it makes no sense that it couldn't find the index, because I always passed absolute paths. I couldn't find anything on google about the way fpm intepretes paths according to chdir option.
So, the question is: what happened? Why did it work on one directory and not on another one?
