Welcome to Centmin Mod Community
Become a Member

Nginx nginx/php reinstall issue

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, Apr 3, 2016.

  1. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    i upgraded my nginx to latest version and php to 7.0, then back down to 5.6

    now one of my sites are showing some php issues like cache issues & "Access denied."

    I am not sure where this error is coming from PHP.. Nginx or PHP? I've reinstalled PHP, same shit happens.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    did you also upgrade from 123.08stable to 123.09beta01 too ? are the sites wordpress related ? what web app script they have in common ?

    any clues in your access.log and error.log in vhost listed paths at
    Code (Text):
    access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
    error_log /home/nginx/domains/domain.com/log/error.log;
    
     
  3. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    I am on stable not BETA. No, forums and a general site (it seems like only index works)

    Unable to open primary script: /home/nginx/domains/octolus.net/public/cloudflare-resolver.php (Permission denied)" while reading response header from upstream, client: 95.34.26.101, server: octolus.net, request: "GET /cloudflare-resolver HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "octolus.net", referrer: "OctolusNET - Home"

    PS. The file exists there. Could it be like Selinux? I have not touched it, i just initalized git and updated base.
     
  4. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    Running:
    Centmin Mod 1.2.3-eva2000.08 - CentminMod.com LEMP Fully Optimized Nginx web stack for CentOS

    Nvm, selinux was disabled..

    ---------------------------------------------
    Disabling SELinux...
    setenforce: SELinux is disabled

    ---------------------------------------------
    checking /etc/selinux/config
    SELINUX=disabled
    ---------------------------------------------

    [root@ns3009754 centminmod]# ./centmin.sh

    Opening /proc/modules: No such file or directory
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    what's permissions on the file /home/nginx/domains/octolus.net/public/cloudflare-resolver.php ?
    Code (Text):
    ls -lah  /home/nginx/domains/octolus.net/public/

    Code (Text):
    ls -lah  /home/nginx/domains/octolus.net/public/cloudflare-resolver.php

    Code (Text):
    getfacl  /home/nginx/domains/octolus.net/public/cloudflare-resolver.php
     
  6. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    Please note:
    I have never touched any of those files, i reinstalled PHP and Nginx that's it. I did this from the latest git branch, or whatever it's called. Once i did that, the entire server started acting weird, i reinstalled it third time and my forums seems fine. However now my non-forum seems to be messed up, returning Access Denied.


    [​IMG]

    [​IMG]

    [​IMG]
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    You have incorrect permissions, from Getting Started Guide step 2
     
  8. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    Ah okay.

    This must've happen after re-installing nginx then?

    The installer is not setting permissions or so?
     
  9. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    I set it now, however even the index.php returns access denied now

    [​IMG]
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    nothing to do with installer, as step 2 of Getting Started guide outlines, you need to do this manually each time you upload files via SFTP as root user. If you use the pure-ftpd created virtual ftp user, it should be the uploaded with correct permissions
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    and access.log and error.log ?
     
  12. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    I've never had this issue before uploading with sFTP. However even now it doesnt work, after chown
     
  13. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    2016/04/03 19:20:16 [error] 2846#2846: *276410 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: open_basedir restriction in effect. File(/home/nginx/domains/octolus.net/public/index.php) is not within the allowed path(s): (/home/nginx/domains/paragonmodding.com/public/:/usr/local/lib/php/:/tmp/) in Unknown on line 0
    PHP message: PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
    Unable to open primary script: /home/nginx/domains/octolus.net/public/index.php (Permission denied)" while reading response header from upstream, client: 95.34.26.101, server: octolus.net, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "octolus.net"
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    there's your problem - open_basedir restriction

    see Getting Started Guide step 14 for php-fpm security and FAQ item 26

    also your nginx vhost's root doc path to public might be incorrect that's why - pointing to /home/nginx/domains/paragonmodding.com/public
     
  15. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    I have no shell_exec in that file, or any other files so that's weird.

    Edit: Seems to be working fine, for now. I changed a old php conf to new one, since i had two php.conf and one was outdated. Restarted PHP + Nginx and seems to be fine now.
     
    Last edited: Apr 4, 2016
  16. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
  17. Oxide

    Oxide Active Member

    505
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    7:51 PM
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors on;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # Set php-fpm geoip variables
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
    fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
    fastcgi_param GEOIP_REGION $geoip_region;
    fastcgi_param GEOIP_CITY $geoip_city;
    fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
    fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
    fastcgi_param GEOIP_LATITUDE $geoip_latitude;
    fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
    drop.conf
    Code:
           location = /robots.txt  { access_log off; log_not_found off; }
            location = /favicon.ico { access_log off; log_not_found off; expires 30d; }
            location ~ /\.          { access_log off; log_not_found off; deny all; }
            location ~ ~$           { access_log off; log_not_found off; deny all; }
            location ~ /\.git { access_log off; log_not_found off; deny all; }
            # for security see https://community.centminmod.com/posts/17234/
            location ~* \.(bak|php~|php#|php.save|php.swp|php.swo)$ { return 444; }
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    7:51 PM
    Nginx 1.13.x
    MariaDB 5.5
    ah i see :)