httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Iliffe <john.ili...@iliffe.ca>
Subject Re: [users@httpd] unable to execute php-fpm properly
Date Fri, 14 Apr 2017 03:06:16 GMT
On Thursday 13 April 2017 15:27:01 Frank wrote:
> On 13/04/17 02:18 PM, John Iliffe wrote:
> > I'm still trying to figure out what is actually happening here and I
> > have a result that is truly confusing now.
> > 
> > I decided to just route everything to php-fpm, mainly to check that it
> > is actually active, and I used a file that would have been routed
> > there by ProxyPass/ProxyPassMatch anyhow, so I would have expected
> > php-fpm to run and give me an html page as output.
> > 
> > Here's what happened:
> > 
> > I set the ProxyPass directive to:
> > 
> > ProxyPass / "fcgi://127.0.0.1:9000" enablereuse=on
> > 
> > and got the response:
> > 
> > Proxy Error
> > 
> > The proxy server received an invalid response from an upstream server.
> > The proxy server could not handle the request GET /testfcgi.php
> > <http://192.168.1.6/testfcgi.php>.
> > 
> > Reason: DNS lookup failure for: 127.0.0.1:9000testfcgi.php
> > 
> > So, we know two things (I thought) - first that php-fpm is actually
> > working, and second that we need a / after the socket number to
> > separate the php file name. This should have gone to the root
> > directory given in the php-fpm configuration, ( chdir=/httpd/iliffe )
> > not to the DNS, right?
> > 
> > So, I changed the ProxyPass directive
> > 
> > ProxyPass / "fcgi://127.0.0.1:9000/" enablereuse=on
> > 
> > and I get:
> > 
> > File not found.
> > 
> > With the Loglevel set to debug in Apache and all incoming requests
> > being proxied to php-fpm, I get:
> > 
> > No input file specified.
> > 
> > from the browser with a log entry of
> > 
> > [Thu Apr 13 13:04:36.552776 2017] [proxy_fcgi:error] [pid 22944:tid
> > 139858336442112] [client 192.168.1.10:48876] AH01071: Got error
> > 'Unable to open primary script: /httpd/iliffe/testfcgi.php (No such
> > file or directory)\n'
> > 
> > I didn't paste all the other entries as they are irrelevant to this
> > situation.
> > 
> > BUT:
> > 
> > [root@prod04 John]# ls -al /proc/22943/root/httpd/iliffe/test*
> > 
> > -rw-rw-r--. 1 John John 5740 Apr 12 16:40
> > /proc/22943/root/httpd/iliffe/testfcgi.php
> > 
> > So httpd's path includes the php file that I called.
> > 
> > So, tried php-fpm to see if it couldn't find the proper path:
> > 
> > [root@prod04 John]# ps -ef | grep php
> > 
> > root 22100 1 0 12:16 ? 00:00:00 php-fpm: master process
> > (/usr/php-7.1.3/etc/php-fpm.conf)
> > 
> > phpfpm 22101 22100 0 12:16 ? 00:00:00 php-fpm: pool www
> > 
> > phpfpm 22102 22100 0 12:16 ? 00:00:00 php-fpm: pool www
> > 
> > [root@prod04 John]# ls -al /proc/22100/root/httpd/iliffe/test*
> > 
> > -rw-rw-r--. 1 John John 5740 Apr 12 16:40
> > /proc/22100/root/httpd/iliffe/testfcgi.php
> > 
> > So php-fpm can also see the php file.
> > 
> > I have no idea why either php-fpm or httpd, whichever is throwing the
> > error, can't find the file.
> > 
> > It seems that this problem is fairly common, for example:
> > 
> > https://serverfault.com/questions/450628/apache-2-4-php-fpm-proxypassm
> > atch
> > 
> > But this is from 2013, and they resolved it with rewrite rules. With
> > all the web sites on the Internet using Apache I'm sure that there is
> > a current solution that actually works!
> > 
> > Has anyone got any ideas?
> > 
> > Thanks,
> > 
> > John
> > 
> > ==========================================
> > 
> > On Thursday 13 April 2017 11:10:47 you wrote:
> >> On Wednesday 12 April 2017 22:24:03 Frank wrote:
> >> > On 12/04/17 08:36 PM, John Iliffe wrote:
> >> > > See below.
> >> > > 
> >> > > On Wednesday 12 April 2017 20:02:10 Frank wrote:
> >> > >> On 12/04/17 05:34 PM, John Iliffe wrote:
> >> > >>> I am converting my web pages from mod_php to php-fpm, following
> >> > >>> 
> >> > >>> the directions found at: https://wiki.apache.org/httpd/PHP-FPM
> >> > >>> 
> >> > >>> Testing to date indicates that on this server all scripts
work
> >> > >>> 
> >> > >>> properly under mod_php.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> Both of the following were tried within a <VirtualHost>
> >> > >>> container
> >> > >>> 
> >> > >>> for the default virtual host.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> If I use the "simple" approach from the Wiki:
> >> > >>> 
> >> > >>> ProxyPass "/*.php/" "fcgi://127.0.0.1:9000" enablereuse=on
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> then the page SOURCE is displayed, PHP never executes. Adding
a
> >> > >>> 
> >> > >>> first line of #! /path-to-php-executable doesn't accomplish
> >> > >>> 
> >> > >>> anything. Neither way leads to any errors showing in the
> >> > >>> php-fpm
> >> > >>> 
> >> > >>> log.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> Using the "more flexible" approach:
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> ProxyPassMatch ^/(.*\.php(/.*)?)$
> >> > >>> 
> >> > >>> fcgi://127.0.0.1:9000/httpd/iliffe/$1
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> enablereuse=on
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> Gives me a "No Input File Specified" error. This line was
> >> > >>> cribbed
> >> > >>> 
> >> > >>> from the Wiki example and the path /httpd/iliffe/ is precisely
> >> > >>> 
> >> > >>> where the php script lives, based on the server root and not
> >> > >>> the
> >> > >>> 
> >> > >>> document root as noted in the Wiki article.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> There is no php-fpm error message issued in either case and
the
> >> > >>> 
> >> > >>> Apache error entry for the ProxyPassMatch case is:
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> [Wed Apr 12 16:50:28.688837 2017] [proxy_fcgi:error] [pid
> >> > >>> 
> >> > >>> 13574:tid 140145512003328] [client 192.168.1.10:45240] AH01071:
> >> > >>> 
> >> > >>> Got error 'Unable to open primary script:
> >> > >>> 
> >> > >>> /httpd/iliffe/testfcgi.php (No such file or directory)\n'
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> I am using mostly the defaults in the php-fpm config and pool
> >> > >>> 
> >> > >>> config files. The default path to the php executable has been
> >> > >>> 
> >> > >>> updated to point to where it really is.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> Can anybody see what I might have missed?
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> Thanks in advance.
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> John
> >> > >>> 
> >> > >>> =========================================
> >> > >>> 
> >> > >>> 
> >> > >>> 
> >> > >>> ---------------------------------------------------------------
> >> > >>> ---
> >> > >>> 
> >> > >>> -- - To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> > >>> 
> >> > >>> For additional commands, e-mail: users-help@httpd.apache.org
> >> > >> 
> >> > >> 1) ProxyPass doesn't use PCRE (the wiki does not use PCRE with
> >> > >> 
> >> > >> ProxyPass, either). You need to use ProxyPassMatch to parse
> >> > >> PCRE.
> >> > > 
> >> > > I'm not sure what you are saying here. When I used only ProxyPass
> >> > > 
> >> > > using the default configuration in the Wiki, the correct page was
> >> > > 
> >> > > displayed, it just didn't execute the PHP script and adding the
> >> > > 
> >> > > bang-path didn't change anything. The source code was displayed
> >> > > as
> >> > > 
> >> > > the page.
> >> > > 
> >> > > 
> >> > > 
> >> > > While it is possible that the ProxyPath directive didn't match
> >> > > 
> >> > > anything and Apache tried to handle the script file as a static
> >> > > 
> >> > > page, I have been unable to prove that conjecture. The page IS in
> >> > > 
> >> > > Apache's document root for this virtual host, so I suppose that
> >> > > is
> >> > > 
> >> > > possible. There is no SetHandler directive to handle the .php
> >> > > 
> >> > > extension, and my understanding of the documentation is that one
> >> > > 
> >> > > should not be required since Apache is not actually running the
> >> > > 
> >> > > script.
> >> > > 
> >> > >> 2) /httpd/iliffe/testfcgi.php would need to exist on your
> >> > >> 
> >> > >> filesystem or php-fpm chroot. The requested URI is literally
> >> > >> 
> >> > >> appended to the path in the ProxyPassMatch directive.
> >> > > 
> >> > > Yes, that's what I had expected to happen. php-fpm does not
> >> > > chroot;
> >> > > 
> >> > > the true path /httpd/iliffe/testfcgi.php exists in the file
> >> > > system
> >> > > 
> >> > > and is visible to php-fpm, based on the simpler configuration.
> >> > > 
> >> > > That's what's so weird, the same path gets completely different
> >> > > 
> >> > > results, depending on the way the script is called. In this case
> >> > > 
> >> > > the $1 amounts to a null since there is no passed data in the
> >> > > URL.
> >> > > 
> >> > > 
> >> > > 
> >> > > Before you ask, I expect SELinux problems with these files
> >> > > because
> >> > > 
> >> > > of the tagging, but at the moment SELinux is in permissive mode.
> >> > > 
> >> > > 
> >> > > 
> >> > > John
> >> > 
> >> > ProxyPass *cannot* understand PCRE. ProxyPassMatch *can*. Hence, do
> >> > 
> >> > *not* use PCRE with ProxyPass. That is all.
> >> > 
> >> > 
> >> > 
> >> > Step 1) Make sure that mod_proxy_fcgi is loaded. See apachectl -M
> >> 
> >> [root@prod04 John]# /usr/apache-2.4.25/bin/apachectl -M
> >> 
> >> Loaded Modules:
> >> 
> >> core_module (static)
> >> 
> >> so_module (static)
> >> 
> >> .......whole lot of modules skipped here.....
> >> 
> >> 
> >> 
> >> version_module (shared)
> >> 
> >> proxy_module (shared)
> >> 
> >> proxy_connect_module (shared)
> >> 
> >> proxy_ftp_module (shared)
> >> 
> >> proxy_http_module (shared)
> >> 
> >> proxy_fcgi_module (shared) <------
> >> 
> >> http2_module (shared)
> >> 
> >> proxy_http2_module (shared)
> >> 
> >> 
> >> 
> >> The necesary support modules for mod_proxy_fcgi (mod_proxy and
> >> 
> >> mod_proxy_http2) are also verified as being loaded.
> >> 
> >> > As for the "Primary Script Unknown" error, it always means that you
> >> > 
> >> > mapped the request to a non-existent resource on the file system /
> >> > 
> >> > chroot. Verify again.
> >> 
> >> Here is the process root info for php-fpm
> >> 
> >> 
> >> 
> >> [root@prod04 John]# ps -ef | grep php-
> >> 
> >> root 15368 1 0 Apr12 ? 00:00:00 php-fpm: master process
> >> 
> >> (/usr/php-7.1.3/etc/php-fpm.conf)
> >> 
> >> phpfpm 15369 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
> >> 
> >> phpfpm 15370 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
> >> 
> >> 
> >> 
> >> [root@prod04 John]# ls -al /proc/15368/root
> >> 
> >> lrwxrwxrwx. 1 root root 0 Apr 13 10:34 /proc/15368/root -> /
> >> 
> >> 
> >> 
> >> Here is the directory for the document root and also the absolute
> >> path
> >> 
> >> that was passed to php-fpm
> >> 
> >> 
> >> 
> >> [root@prod04 John]# ls -al /httpd/iliffe/t*
> >> 
> >> -rw-rw-r--. 1 John John 5740 Apr 12 16:40 /httpd/iliffe/testfcgi.php
> >> 
> >> 
> >> 
> >> I had already done all of these checks before I asked for help on
> >> this
> >> 
> >> list. The commands used to invoke both ProxyPass and ProxyPassMatch
> >> 
> >> were cut and pasted from the Wiki. The only change I made was to put
> >> 
> >> in the correct base directory path.
> >> 
> >> 
> >> 
> >> Also, I did verify that the TCP port (9000) for php-fpm was present
> >> and
> >> 
> >> listening:
> >> 
> >> 
> >> 
> >> [root@prod04 John]# ss -a -n | grep 9000
> >> 
> >> tcp LISTEN 0 128 127.0.0.1:9000 *:*
> >> 
> >> tcp LISTEN 0 0 127.0.0.1:9000 *:*
> >> 
> >> 
> >> 
> >> While I don't think it is necessary, since the TCP port is on the
> >> 
> >> loopback interface, I also opened port 9000 on the internal firewall:
> >> 
> >> 
> >> 
> >> root@prod04 John]# firewall-cmd --list-ports
> >> 
> >> ----other open ports not shown--------
> >> 
> >> 9000/tcp
> >> 
> >> > The various methods listed on the wiki allow httpd to pass the
> >> > request
> >> > 
> >> > to a fcgi backend, which will process the php file, and return the
> >> > 
> >> > output. You can use the SetHandler approach instead of
> >> > ProxyPassMatch
> >> > 
> >> > - it's up to you.
> >> > 
> >> > 
> >> > 
> >> > -------------------------------------------------------------------
> >> > --
> >> > 
> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> > 
> >> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> John,
> 
> What is the full filesystem path, without the chroot?
> 
There is no chroot involved here.  The true file system path is 

   /httpd/iliffe/  

It's the default virtual host using this as the document root.

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message