Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
To: users@httpd.apache.org
References: <201704121734.42135.john.iliffe@iliffe.ca>
 <1577ac88-f9a8-fc0e-89f0-a5e4e5007de6@apache.org>
 <201704131110.48178.john.iliffe@iliffe.ca>
 <201704131418.33572.john.iliffe@iliffe.ca>
From: Frank <thumbs@apache.org>
Message-ID: <130827ed-2b6a-f392-6a89-af260b780f29@apache.org>
Date: Thu, 13 Apr 2017 15:27:01 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <201704131418.33572.john.iliffe@iliffe.ca>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [users@httpd] unable to execute php-fpm properly
archived-at: Thu, 13 Apr 2017 19:27:10 -0000


On 13/04/17 02:18 PM, John Iliffe wrote:
> I'm still trying to figure out what is actually happening here and I
> have a result that is truly confusing now.
>
> I decided to just route everything to php-fpm, mainly to check that it
> is actually active, and I used a file that would have been routed there
> by ProxyPass/ProxyPassMatch anyhow, so I would have expected php-fpm to
> run and give me an html page as output.
>
> Here's what happened:
>
> I set the ProxyPass directive to:
>
> ProxyPass / "fcgi://127.0.0.1:9000" enablereuse=on
>
> and got the response:
>
> Proxy Error
>
> The proxy server received an invalid response from an upstream server.
> The proxy server could not handle the request GET /testfcgi.php
> <http://192.168.1.6/testfcgi.php>.
>
> Reason: DNS lookup failure for: 127.0.0.1:9000testfcgi.php
>
> So, we know two things (I thought) - first that php-fpm is actually
> working, and second that we need a / after the socket number to separate
> the php file name. This should have gone to the root directory given in
> the php-fpm configuration, ( chdir=/httpd/iliffe ) not to the DNS, right?
>
> So, I changed the ProxyPass directive
>
> ProxyPass / "fcgi://127.0.0.1:9000/" enablereuse=on
>
> and I get:
>
> File not found.
>
> With the Loglevel set to debug in Apache and all incoming requests being
> proxied to php-fpm, I get:
>
> No input file specified.
>
> from the browser with a log entry of
>
> [Thu Apr 13 13:04:36.552776 2017] [proxy_fcgi:error] [pid 22944:tid
> 139858336442112] [client 192.168.1.10:48876] AH01071: Got error 'Unable
> to open primary script: /httpd/iliffe/testfcgi.php (No such file or
> directory)\n'
>
> I didn't paste all the other entries as they are irrelevant to this
> situation.
>
> BUT:
>
> [root@prod04 John]# ls -al /proc/22943/root/httpd/iliffe/test*
>
> -rw-rw-r--. 1 John John 5740 Apr 12 16:40
> /proc/22943/root/httpd/iliffe/testfcgi.php
>
> So httpd's path includes the php file that I called.
>
> So, tried php-fpm to see if it couldn't find the proper path:
>
> [root@prod04 John]# ps -ef | grep php
>
> root 22100 1 0 12:16 ? 00:00:00 php-fpm: master process
> (/usr/php-7.1.3/etc/php-fpm.conf)
>
> phpfpm 22101 22100 0 12:16 ? 00:00:00 php-fpm: pool www
>
> phpfpm 22102 22100 0 12:16 ? 00:00:00 php-fpm: pool www
>
> [root@prod04 John]# ls -al /proc/22100/root/httpd/iliffe/test*
>
> -rw-rw-r--. 1 John John 5740 Apr 12 16:40
> /proc/22100/root/httpd/iliffe/testfcgi.php
>
> So php-fpm can also see the php file.
>
> I have no idea why either php-fpm or httpd, whichever is throwing the
> error, can't find the file.
>
> It seems that this problem is fairly common, for example:
>
> https://serverfault.com/questions/450628/apache-2-4-php-fpm-proxypassmatch
>
> But this is from 2013, and they resolved it with rewrite rules. With all
> the web sites on the Internet using Apache I'm sure that there is a
> current solution that actually works!
>
> Has anyone got any ideas?
>
> Thanks,
>
> John
>
> ==========================================
>
> On Thursday 13 April 2017 11:10:47 you wrote:
>
>> On Wednesday 12 April 2017 22:24:03 Frank wrote:
>
>> > On 12/04/17 08:36 PM, John Iliffe wrote:
>
>> > > See below.
>
>> > >
>
>> > > On Wednesday 12 April 2017 20:02:10 Frank wrote:
>
>> > >> On 12/04/17 05:34 PM, John Iliffe wrote:
>
>> > >>> I am converting my web pages from mod_php to php-fpm, following
>
>> > >>> the directions found at: https://wiki.apache.org/httpd/PHP-FPM
>
>> > >>> Testing to date indicates that on this server all scripts work
>
>> > >>> properly under mod_php.
>
>> > >>>
>
>> > >>> Both of the following were tried within a <VirtualHost> container
>
>> > >>> for the default virtual host.
>
>> > >>>
>
>> > >>> If I use the "simple" approach from the Wiki:
>
>> > >>> ProxyPass "/*.php/" "fcgi://127.0.0.1:9000" enablereuse=on
>
>> > >>>
>
>> > >>> then the page SOURCE is displayed, PHP never executes. Adding a
>
>> > >>> first line of #! /path-to-php-executable doesn't accomplish
>
>> > >>> anything. Neither way leads to any errors showing in the php-fpm
>
>> > >>> log.
>
>> > >>>
>
>> > >>>
>
>> > >>> Using the "more flexible" approach:
>
>> > >>>
>
>> > >>> ProxyPassMatch ^/(.*\.php(/.*)?)$
>
>> > >>> fcgi://127.0.0.1:9000/httpd/iliffe/$1
>
>> > >>>
>
>> > >>> enablereuse=on
>
>> > >>>
>
>> > >>> Gives me a "No Input File Specified" error. This line was cribbed
>
>> > >>> from the Wiki example and the path /httpd/iliffe/ is precisely
>
>> > >>> where the php script lives, based on the server root and not the
>
>> > >>> document root as noted in the Wiki article.
>
>> > >>>
>
>> > >>> There is no php-fpm error message issued in either case and the
>
>> > >>> Apache error entry for the ProxyPassMatch case is:
>
>> > >>>
>
>> > >>> [Wed Apr 12 16:50:28.688837 2017] [proxy_fcgi:error] [pid
>
>> > >>> 13574:tid 140145512003328] [client 192.168.1.10:45240] AH01071:
>
>> > >>> Got error 'Unable to open primary script:
>
>> > >>> /httpd/iliffe/testfcgi.php (No such file or directory)\n'
>
>> > >>>
>
>> > >>> I am using mostly the defaults in the php-fpm config and pool
>
>> > >>> config files. The default path to the php executable has been
>
>> > >>> updated to point to where it really is.
>
>> > >>>
>
>> > >>> Can anybody see what I might have missed?
>
>> > >>>
>
>> > >>> Thanks in advance.
>
>> > >>>
>
>> > >>> John
>
>> > >>> =========================================
>
>> > >>>
>
>> > >>> ------------------------------------------------------------------
>
>> > >>> -- - To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>
>> > >>> For additional commands, e-mail: users-help@httpd.apache.org
>
>> > >>
>
>> > >> 1) ProxyPass doesn't use PCRE (the wiki does not use PCRE with
>
>> > >> ProxyPass, either). You need to use ProxyPassMatch to parse PCRE.
>
>> > >
>
>> > > I'm not sure what you are saying here. When I used only ProxyPass
>
>> > > using the default configuration in the Wiki, the correct page was
>
>> > > displayed, it just didn't execute the PHP script and adding the
>
>> > > bang-path didn't change anything. The source code was displayed as
>
>> > > the page.
>
>> > >
>
>> > > While it is possible that the ProxyPath directive didn't match
>
>> > > anything and Apache tried to handle the script file as a static
>
>> > > page, I have been unable to prove that conjecture. The page IS in
>
>> > > Apache's document root for this virtual host, so I suppose that is
>
>> > > possible. There is no SetHandler directive to handle the .php
>
>> > > extension, and my understanding of the documentation is that one
>
>> > > should not be required since Apache is not actually running the
>
>> > > script.
>
>> > >
>
>> > >> 2) /httpd/iliffe/testfcgi.php would need to exist on your
>
>> > >> filesystem or php-fpm chroot. The requested URI is literally
>
>> > >> appended to the path in the ProxyPassMatch directive.
>
>> > >
>
>> > > Yes, that's what I had expected to happen. php-fpm does not chroot;
>
>> > > the true path /httpd/iliffe/testfcgi.php exists in the file system
>
>> > > and is visible to php-fpm, based on the simpler configuration.
>
>> > > That's what's so weird, the same path gets completely different
>
>> > > results, depending on the way the script is called. In this case
>
>> > > the $1 amounts to a null since there is no passed data in the URL.
>
>> > >
>
>> > > Before you ask, I expect SELinux problems with these files because
>
>> > > of the tagging, but at the moment SELinux is in permissive mode.
>
>> > >
>
>> > > John
>
>> >
>
>> > ProxyPass *cannot* understand PCRE. ProxyPassMatch *can*. Hence, do
>
>> > *not* use PCRE with ProxyPass. That is all.
>
>> >
>
>> > Step 1) Make sure that mod_proxy_fcgi is loaded. See apachectl -M
>
>>
>
>> [root@prod04 John]# /usr/apache-2.4.25/bin/apachectl -M
>
>> Loaded Modules:
>
>> core_module (static)
>
>> so_module (static)
>
>> .......whole lot of modules skipped here.....
>
>>
>
>> version_module (shared)
>
>> proxy_module (shared)
>
>> proxy_connect_module (shared)
>
>> proxy_ftp_module (shared)
>
>> proxy_http_module (shared)
>
>> proxy_fcgi_module (shared) <------
>
>> http2_module (shared)
>
>> proxy_http2_module (shared)
>
>>
>
>> The necesary support modules for mod_proxy_fcgi (mod_proxy and
>
>> mod_proxy_http2) are also verified as being loaded.
>
>>
>
>> > As for the "Primary Script Unknown" error, it always means that you
>
>> > mapped the request to a non-existent resource on the file system /
>
>> > chroot. Verify again.
>
>>
>
>> Here is the process root info for php-fpm
>
>>
>
>> [root@prod04 John]# ps -ef | grep php-
>
>> root 15368 1 0 Apr12 ? 00:00:00 php-fpm: master process
>
>> (/usr/php-7.1.3/etc/php-fpm.conf)
>
>> phpfpm 15369 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
>
>> phpfpm 15370 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
>
>>
>
>> [root@prod04 John]# ls -al /proc/15368/root
>
>> lrwxrwxrwx. 1 root root 0 Apr 13 10:34 /proc/15368/root -> /
>
>>
>
>> Here is the directory for the document root and also the absolute path
>
>> that was passed to php-fpm
>
>>
>
>> [root@prod04 John]# ls -al /httpd/iliffe/t*
>
>> -rw-rw-r--. 1 John John 5740 Apr 12 16:40 /httpd/iliffe/testfcgi.php
>
>>
>
>> I had already done all of these checks before I asked for help on this
>
>> list. The commands used to invoke both ProxyPass and ProxyPassMatch
>
>> were cut and pasted from the Wiki. The only change I made was to put
>
>> in the correct base directory path.
>
>>
>
>> Also, I did verify that the TCP port (9000) for php-fpm was present and
>
>> listening:
>
>>
>
>> [root@prod04 John]# ss -a -n | grep 9000
>
>> tcp LISTEN 0 128 127.0.0.1:9000 *:*
>
>> tcp LISTEN 0 0 127.0.0.1:9000 *:*
>
>>
>
>> While I don't think it is necessary, since the TCP port is on the
>
>> loopback interface, I also opened port 9000 on the internal firewall:
>
>>
>
>> root@prod04 John]# firewall-cmd --list-ports
>
>> ----other open ports not shown--------
>
>> 9000/tcp
>
>>
>
>> > The various methods listed on the wiki allow httpd to pass the request
>
>> > to a fcgi backend, which will process the php file, and return the
>
>> > output. You can use the SetHandler approach instead of ProxyPassMatch
>
>> > - it's up to you.
>
>> >
>
>> > ---------------------------------------------------------------------
>
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>
>> > For additional commands, e-mail: users-help@httpd.apache.org
>

John,

What is the full filesystem path, without the chroot?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org