Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

rnburn
I had a fully functioning ubuntu 14.04 serving up via nginx a passenger/ror
site with 'some' php.

The passenger/ror bit works fine after the upgrade however any attempt at
accessing my php files gives a 404 Not Found error:

The error.log for nginx shows the following:

=================================

2017/04/22 11:16:22 [crit] 16531#0: *1 connect() to
unix:/var/run/php/php7.0-fpm.sock failed (13: Permission denied) while
connecting to upstream, client: 212.159.100.115, server:
resys.gourmindia.com, request: "GET /phpinfo.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host:
"resys.gourmindia.com"

==================

My question is what should the /var/run/php/php7.0-fpm.sock have as
permission?

ALL help gratefully received with thanks.

Purvez

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273798,273798#msg-273798

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Ian
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

Ian
Hi Purvez,

I am going through a similar upgrade, here is what I found necessary (so
far).

1) Swap back from sockets to a normal port. As root, edit
/etc/php/7.0/fpm/pool.d/www.conf
     # nano /etc/php/7.0/fpm/pool.d/www.conf
Find listen and change to
     listen = 127.0.0.1:9000
     listen.allowed_clients = 127.0.0.1

Your nginx configs much match.

2) Check all mysql fields in all user databases - all fields you do not
explicitly write MUST now have a default. The older MySQL was a lot more
forgiving - E.g. unset varchar() field became "", but no longer.
All but one of my changes were to varchar() fields.

3) Check all GROUP BY statements. You may have to add a ANY_VALUE()
round a field if you get a error about not being compatible with the
ONLY_FULL_GROUP_BY mode (default has changed). MySQL will now reject
queries for which the select list, HAVING condition, or ORDER BY list
refer to non-aggregated columns that are neither named in the GROUP BY
clause nor are functionally dependent on (uniquely determined by) GROUP
BY columns.

4) secure php7-fpm - edit /etc/php/7.0/fpm/php.ini and find the line
defining cgi.fix_pathinfo. Uncomment the line and set the value =0.

5) You may have to install and enable mcrypt and mbstring (as root)
     # apt install php7.0-mcrypt php7.0-mbstring
     # phpenmod mcrypt
     # phpenmod mbstring

Your mileage will probably vary, but I hope this helps you avoid some
ditches you might otherwise fall into.

Ian

On 22/04/2017 15:14, purvez wrote:

> I had a fully functioning ubuntu 14.04 serving up via nginx a passenger/ror
> site with 'some' php.
>
> The passenger/ror bit works fine after the upgrade however any attempt at
> accessing my php files gives a 404 Not Found error:
>
> The error.log for nginx shows the following:
>
> =================================
>
> 2017/04/22 11:16:22 [crit] 16531#0: *1 connect() to
> unix:/var/run/php/php7.0-fpm.sock failed (13: Permission denied) while
> connecting to upstream, client: 212.159.100.115, server:
> resys.gourmindia.com, request: "GET /phpinfo.php HTTP/1.1", upstream:
> "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host:
> "resys.gourmindia.com"
>
> ==================
>
> My question is what should the /var/run/php/php7.0-fpm.sock have as
> permission?
>
> ALL help gratefully received with thanks.
>
> Purvez
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273798,273798#msg-273798
>
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> ---
> This email has been checked for viruses by AVG.
> http://www.avg.com
>

--
Ian Hobson
Tel (+351) 910 418 473
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

rnburn
Ian thanks very much for your prompt response. I already have been through
the MySQL problems and I'll try your fix on php on Monday.  Unfortunately I
had unexpected guests to deal with today hence I only 'just' saw your
message.

Will let you know how I got on.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273798,273801#msg-273801

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

Reinis Rozitis
In reply to this post by rnburn
> My question is what should the /var/run/php/php7.0-fpm.sock have as
> permission?

It should have rw (read/write)  access for whatever user/group nginx is running under (by default nobody).

Depending on which service (nginx or php-fpm) is running under correct user either change the nginx configuration/user to match the sock file ownership ( http://nginx.org/en/docs/ngx_core_module.html#user ) or check your php-fpm.conf for:

listen = in your case should be /var/run/php/php7.0-fpm.sock
and adjust accordingly:

listen.mode = 0660
listen.owner = ...

rr

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: RE: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

rnburn
Reinis thanks very much for your response.  The owner shown for :
/var/run/php/php7.0-fpm.sock is 33 & group is 33.  Both have read/write
access but other groups have no access rights.

I therefore added the following line at the beginning of nginx.conf

user 33 33;

However when I tried to restart nginx it failed and systemctl status says
that getpwnam("33") failed.  What have I done wrong here?

Thanks for your continued help.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273798,273812#msg-273812

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: RE: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

rnburn
Reinis I found that www-data was also a member of group 33 so I changed my
user in nginx.conf to that and it is now working.

Many thanks for your help with this one.

Not sure how I mark this as 'Completed' though.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273798,273813#msg-273813

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: RE: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

Reinis Rozitis
> Reinis I found that www-data was also a member of group 33 so I changed my
> user in nginx.conf to that and it is now working.
>
> Many thanks for your help with this one.

It is most likely also the correct user just nginx in configuration expects the human-readable name ('www-data') instead of the id/numeric representation.


> Not sure how I mark this as 'Completed' though.

In general this is mailinglist  and the forum is just a frontend or alternative approach to it. So the "topic" change is not really needed :)

rr

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx