Discussion:
Debian12 with nginx and php-fpm
(too old to reply)
Stefano Prina
2024-07-06 14:00:01 UTC
Permalink
Hello All,

I am Stefano from Torino, Italy;  I am just new to this  list, nice to
virtually meet all of you : )

I am writing to you because I need support for a strange issue I' am facing.

I am trying to create a debian container to run some php app for a side
project, the idea is to use nginx and php-fpm,

the procedure I am using is :

[host] $ podman run -ti -p 8090:80 debian:12-slim

[container]$apt update && apt install vim nginx php-fpm

edit`/etc/nginx/sites-enabled/default` de-commenting the php part

       # pass PHP scripts to FastCGI server
       #
       location ~ \.php$ {
               include snippets/fastcgi-php.conf;

               # With php-fpm (or other unix sockets):
               fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
               # With php-cgi (or other tcp sockets):
               #fastcgi_pass 127.0.0.1:9000;
       }

[container]$/etc/init.d/nginx start
[container]$ /etc/init.d/php8.2-fpm start

edit`/var/www/html/info.php using the content:`

<?php
phpinfo();
?>

connectinghttp://localhost:8080 I get the default nginx page

connectinghttp://localhost:8080/info.php I got Access denied.

and the logs report :

[container]$ tail -n 2 /var/log/nginx/error.log
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
message: PHP Warning:  PHP Request Startup: Failed to open stream:
Permission denied in Unknown on line 0; Unable to open primary script:
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET
/info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
message: PHP Warning:  PHP Request Startup: Failed to open stream:
Permission denied in Unknown on line 0; Unable to open primary script:
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET
/info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"

It is strange because I the file /var/www/html/info.php exists and have
to much open permission 0:)

[container]$ls -l /var/www/html/info.php
-rwxrwxrwx 1 root root 20 Jul  6 13:03 /var/www/html/info.php

the socket /var/run/php/php8.2-fpm.sock exist and it seems ok:

[container]$ls -l /var/run/php/php8.2-fpm.sock
srw-rw---- 1 www-data www-data 0 Jul  6 13:14 /var/run/php/php8.2-fpm.sock

all the workers seem running using the right user:

[container]$ps -aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   4188  3216 pts/0    Ss   12:58   0:00 bash
root      7255  0.0  0.0 201548  8448 ?        Ss   13:14   0:00
php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)
www-data  7256  0.0  0.0 201548 10792 ?        S    13:14   0:00
php-fpm: pool www
www-data  7257  0.0  0.0 201548 10664 ?        S    13:14   0:00
php-fpm: pool www
root      7364  0.0  0.0  10336  1512 ?        Ss   13:19   0:00 nginx:
master process /usr/sbin/nginx
www-data  7365  0.0  0.0  10960  4104 ?        S    13:19   0:00 nginx:
worker process
www-data  7366  0.0  0.0  10960  4244 ?        S    13:19   0:00 nginx:
worker process
www-data  7367  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7368  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7369  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7370  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7371  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7372  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7373  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7374  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7375  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
www-data  7376  0.0  0.0  10688  2684 ?        S    13:19   0:00 nginx:
worker process
root      7386  0.0  0.0   8060  4248 pts/0    R+   13:51   0:00 ps -aux

So I have the feeling I am missing something stupid... but what ??

Can you help me ?

Thanks in advance

Stefano
Michael Kjörling
2024-07-06 14:50:01 UTC
Permalink
Post by Stefano Prina
[container]$ tail -n 2 /var/log/nginx/error.log
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
It is strange because I the file /var/www/html/info.php exists and have to
much open permission 0:)
I am unable to replicate your results against a VM running a fairly
bare-bones Debian 12 installation. I did however have to do an extra
`systemctl restart nginx.service` within the VM guest for the nginx
web server to recognize info.php as a PHP script that should be
executed, instead of a plain file that should be returned as-is to the
client; simply the old-style /etc/init.d "start" that you show in your
post did not suffice.

I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation). I would
therefore suggest to double-check your podman invocation to make sure
it is correct for the intended results, and then double-check that you
are requesting the correct URL (primarily host and port) given the
conditions from where you are requesting it. For example, you could
make a change to the default page and check that this change is
reflected in the web browser.
--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
Stefano Prina
2024-07-11 10:50:01 UTC
Permalink
Ciao Michael,
Post by Michael Kjörling
simply the old-style /etc/init.d "start" that you show in your
post did not suffice.
I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation).
After your email, I double checked and I reported wrongly the port on
the browser url.. of course there were no others containers running a
the host

Anyway I tested the procedure using

* a vm as you did, and I confirm it is working... starting the services
using systemd simply works.

* a vm, stopping the services using the systemd and restarting them
using init.d and it works.

* docker running on a debian host, starting the services using init.d
and it works.

* podman running on a debian host, starting the services using init.d
and it works.

So case close... because the first try was running on a different
distribution, confining all the check to debian do not reproduce the issue.

Thanks for your feedback

Stefano

Loading...