Last roadblock changing from Apache: SSL & PHP

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Last roadblock changing from Apache: SSL & PHP

Philip Rhoades
People,

If I can solve this last problem (that I have just spent all night on),
I can completely replace Apache with Nginx.  I am using RoundCubeMail as
my Webmail client - it is written in PHP (the only PHP thing on my
server) but it has been working happily with Apache for many years.  I
have RCM in an SSL protected directory:

   /home/ssl/webmail

When I couldn't get that working I tried testing the setup with a
simple:

   /home/ssl/index.php

file that outputs PHP info (attached) - but I had exactly the same
problem with that - a blank screen except for a green block cursor in
the bottom right of the screen ie no text output in the browser and no
errors in any of the logs.

I also attach:

   /etc/nginx/conf.d/php-fpm.conf

and:

   /etc/php-fpm.d/www.conf

I would _really_ appreciate it if anyone could tell me what is wrong
with my configuration . . (running on Fedora 25 x86_64).

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

index.php (32 bytes) Download Attachment
www.conf (25K) Download Attachment
php-fpm.conf (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Last roadblock changing from Apache: SSL & PHP #2

Philip Rhoades
Also, nginx and php-fpm were actually running as services of course . .


On 2017-05-15 08:43, Philip Rhoades wrote:

> People,
>
> If I can solve this last problem (that I have just spent all night
> on), I can completely replace Apache with Nginx.  I am using
> RoundCubeMail as my Webmail client - it is written in PHP (the only
> PHP thing on my server) but it has been working happily with Apache
> for many years.  I have RCM in an SSL protected directory:
>
>   /home/ssl/webmail
>
> When I couldn't get that working I tried testing the setup with a
> simple:
>
>   /home/ssl/index.php
>
> file that outputs PHP info (attached) - but I had exactly the same
> problem with that - a blank screen except for a green block cursor in
> the bottom right of the screen ie no text output in the browser and no
> errors in any of the logs.
>
> I also attach:
>
>   /etc/nginx/conf.d/php-fpm.conf
>
> and:
>
>   /etc/php-fpm.d/www.conf
>
> I would _really_ appreciate it if anyone could tell me what is wrong
> with my configuration . . (running on Fedora 25 x86_64).
>
> Thanks,
>
> Phil.
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Last roadblock changing from Apache: SSL & PHP

Steve Wilson
In reply to this post by Philip Rhoades
Hi,

It doesn't look like that's actually getting passed to php-fpm.
You're possibly missing the php handling in your server{} block.
Check that you've got a location set for php files to do a fastcgi_pass.

eg.
location ~ \.php$ {
                fastcgi_pass   unix:/var/run/php-fpm/sock;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME
$document_root$fastcgi_script_name;
                client_body_timeout 300;
                include /etc/nginx/fastcgi_params;
        }

The above is from one of my roundcube instances and makes sure that php
files are processed by php.

Steve

On 14/05/2017 23:43, Philip Rhoades wrote:

> People,
>
> If I can solve this last problem (that I have just spent all night on),
> I can completely replace Apache with Nginx.  I am using RoundCubeMail as
> my Webmail client - it is written in PHP (the only PHP thing on my
> server) but it has been working happily with Apache for many years.  I
> have RCM in an SSL protected directory:
>
>   /home/ssl/webmail
>
> When I couldn't get that working I tried testing the setup with a simple:
>
>   /home/ssl/index.php
>
> file that outputs PHP info (attached) - but I had exactly the same
> problem with that - a blank screen except for a green block cursor in
> the bottom right of the screen ie no text output in the browser and no
> errors in any of the logs.
>
> I also attach:
>
>   /etc/nginx/conf.d/php-fpm.conf
>
> and:
>
>   /etc/php-fpm.d/www.conf
>
> I would _really_ appreciate it if anyone could tell me what is wrong
> with my configuration . . (running on Fedora 25 x86_64).
>
> Thanks,
>
> Phil.
>
>
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Last roadblock changing from Apache: SSL & PHP #2

Rainer Duffner
In reply to this post by Philip Rhoades

Am 15.05.2017 um 00:50 schrieb Philip Rhoades <[hidden email]>:

Also, nginx and php-fpm were actually running as services of course . .



Maybe strip the  comments next time you post a config file…



I have:

server {
set_real_ip_from 127.0.0.12; real_ip_header X-Forwarded-For;
listen 80;
server_name bla ;
root /usr/local/www/roundcube;
  index index.php index.html index.htm; 
access_log /var/log/nginx/bla_access.log;
error_log /var/log/nginx/bla_error.log;
location /roundcube {
root /usr/local/www/roundcube ;
try_files $uri $uri/ /index.php?q=$uri&$args;
  }
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www//nginx-errors;
}
location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(config|temp|logs)/ {
deny all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# pass the PHP scripts to FastCGI server listening on /var/run/fastcgi/www.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/fastcgi/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}


root@webmail:/usr/local/etc/nginx # cat fastcgi_params

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

fastcgi_keep_conn on;
fastcgi_split_path_info       ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO       $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED    $document_root$fastcgi_path_info;


Not chrooted, though, because it’s in a jail and I haven’t figured out how to setup all the fancy nullfs mounts in a jail.

It’s behind a haproxy that distributes traffic between various jails - but that’s irrelevant for the current  case.






_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Last roadblock changing from Apache: SSL & PHP - SUCCESS!

Philip Rhoades
In reply to this post by Steve Wilson
Steve,


On 2017-05-15 09:43, Steve Wilson wrote:
> Hi,
>
> It doesn't look like that's actually getting passed to php-fpm.
> You're possibly missing the php handling in your server{} block.
> Check that you've got a location set for php files to do a
> fastcgi_pass.


Isn't that what this does?:

upstream php {
     server unix:/run/php-fpm/www.sock ;
}

server {
.
.
         fastcgi_pass php;
         }
}


> eg.
> location ~ \.php$ {
>                 fastcgi_pass   unix:/var/run/php-fpm/sock;
>                 fastcgi_index  index.php;
>                 fastcgi_param  SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>                 client_body_timeout 300;
>                 include /etc/nginx/fastcgi_params;
>         }
>
> The above is from one of my roundcube instances and makes sure that php
> files are processed by php.


Yes!  I added that one line:

   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

and it started working!

Many thanks!

Regards,

Phil.


> Steve
>
> On 14/05/2017 23:43, Philip Rhoades wrote:
>> People,
>>
>> If I can solve this last problem (that I have just spent all night
>> on),
>> I can completely replace Apache with Nginx.  I am using RoundCubeMail
>> as
>> my Webmail client - it is written in PHP (the only PHP thing on my
>> server) but it has been working happily with Apache for many years.  I
>> have RCM in an SSL protected directory:
>>
>>   /home/ssl/webmail
>>
>> When I couldn't get that working I tried testing the setup with a
>> simple:
>>
>>   /home/ssl/index.php
>>
>> file that outputs PHP info (attached) - but I had exactly the same
>> problem with that - a blank screen except for a green block cursor in
>> the bottom right of the screen ie no text output in the browser and no
>> errors in any of the logs.
>>
>> I also attach:
>>
>>   /etc/nginx/conf.d/php-fpm.conf
>>
>> and:
>>
>>   /etc/php-fpm.d/www.conf
>>
>> I would _really_ appreciate it if anyone could tell me what is wrong
>> with my configuration . . (running on Fedora 25 x86_64).
>>
>> Thanks,
>>
>> Phil.
>>
>>
>> _______________________________________________
>> nginx mailing list
>> [hidden email]
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Last roadblock changing from Apache: SSL & PHP #2

Philip Rhoades
In reply to this post by Rainer Duffner
Rainer,


On 2017-05-15 10:07, Rainer Duffner wrote:
>> Am 15.05.2017 um 00:50 schrieb Philip Rhoades <[hidden email]>:
>> Also, nginx and php-fpm were actually running as services of course
>> . .
>
> Maybe strip the  comments next time you post a config file…


Ah . . good point.  Thanks for your response.

Regards,

Phil.


> I have:
>
> server {
>  set_real_ip_from 127.0.0.12; real_ip_header X-Forwarded-For;
>  listen 80;
>  server_name bla ;
>  root /usr/local/www/roundcube;
>   index index.php index.html index.htm;
>  access_log /var/log/nginx/bla_access.log;
>  error_log /var/log/nginx/bla_error.log;
>  location /roundcube {
>  root /usr/local/www/roundcube ;
>  try_files $uri $uri/ /index.php?q=$uri&$args;
>   }
>  error_page 404 /404.html;
>  error_page 500 502 503 504 /50x.html;
>  location = /50x.html {
>  root /usr/local/www//nginx-errors;
>  }
>  location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
>  deny all;
>  }
>  location ~ ^/(config|temp|logs)/ {
>  deny all;
>  }
>  location ~ /\. {
>  deny all;
>  access_log off;
>  log_not_found off;
>  }
> # pass the PHP scripts to FastCGI server listening on
> /var/run/fastcgi/www.sock
>  location ~ \.php$ {
>  try_files $uri =404;
>  fastcgi_pass unix:/var/run/fastcgi/www.sock;
>  fastcgi_index index.php;
>  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>  include fastcgi_params;
>  }
> }
>
> root@webmail:/usr/local/etc/nginx # cat fastcgi_params
>
> fastcgi_param  QUERY_STRING       $query_string;
> fastcgi_param  REQUEST_METHOD     $request_method;
> fastcgi_param  CONTENT_TYPE       $content_type;
> fastcgi_param  CONTENT_LENGTH     $content_length;
>
> fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
> fastcgi_param  REQUEST_URI        $request_uri;
> fastcgi_param  DOCUMENT_URI       $document_uri;
> fastcgi_param  DOCUMENT_ROOT      $document_root;
> fastcgi_param  SERVER_PROTOCOL    $server_protocol;
> fastcgi_param  HTTPS              $https if_not_empty;
>
> fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
> fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
>
> fastcgi_param  REMOTE_ADDR        $remote_addr;
> fastcgi_param  REMOTE_PORT        $remote_port;
> fastcgi_param  SERVER_ADDR        $server_addr;
> fastcgi_param  SERVER_PORT        $server_port;
> fastcgi_param  SERVER_NAME        $server_name;
>
> # PHP only, required if PHP was built with --enable-force-cgi-redirect
> fastcgi_param  REDIRECT_STATUS    200;
>
> fastcgi_keep_conn on;
> fastcgi_split_path_info       ^(.+\.php)(.*)$;
> fastcgi_param PATH_INFO       $fastcgi_path_info;
> fastcgi_param PATH_TRANSLATED    $document_root$fastcgi_path_info;
>
> Not chrooted, though, because it’s in a jail and I haven’t figured
> out how to setup all the fancy nullfs mounts in a jail.
>
> It’s behind a haproxy that distributes traffic between various jails
> - but that’s irrelevant for the current  case.
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx