Forum: >>> Magnum BBS <<<

Debian12 with nginx and php-fpm

From Stefano Prina@21:1/5 to All on Sat Jul 6 16:00:01 2024

This is a multi-part message in MIME format.
Hello All,

I am Stefano from Torino, Italy; I am just new to this list, nice to virtually meet all of you : )

I am writing to you because I need support for a strange issue I' am facing.

I am trying to create a debian container to run some php app for a side project, the idea is to use nginx and php-fpm,

the procedure I am using is :

[host] $ podman run -ti -p 8090:80 debian:12-slim

[container]$apt update && apt install vim nginx php-fpm

edit`/etc/nginx/sites-enabled/default` de-commenting the php part

 # pass PHP scripts to FastCGI server
 #
 location ~ \.php$ {
 include snippets/fastcgi-php.conf;

 # With php-fpm (or other unix sockets):
 fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
 # With php-cgi (or other tcp sockets):
 #fastcgi_pass 127.0.0.1:9000;
 }

[container]$/etc/init.d/nginx start
[container]$ /etc/init.d/php8.2-fpm start

edit`/var/www/html/info.php using the content:`

<?php
phpinfo();
?>

connectinghttp://localhost:8080 I get the default nginx page

connectinghttp://localhost:8080/info.php I got Access denied.

and the logs report :

[container]$ tail -n 2 /var/log/nginx/error.log
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
message: PHP Warning: PHP Request Startup: Failed to open stream:
Permission denied in Unknown on line 0; Unable to open primary script: /var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET /info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090" 2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
message: PHP Warning: PHP Request Startup: Failed to open stream:
Permission denied in Unknown on line 0; Unable to open primary script: /var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET /info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"

It is strange because I the file /var/www/html/info.php exists and have
to much open permission 0:)

[container]$ls -l /var/www/html/info.php
-rwxrwxrwx 1 root root 20 Jul 6 13:03 /var/www/html/info.php

the socket /var/run/php/php8.2-fpm.sock exist and it seems ok:

[container]$ls -l /var/run/php/php8.2-fpm.sock
srw-rw---- 1 www-data www-data 0 Jul 6 13:14 /var/run/php/php8.2-fpm.sock

all the workers seem running using the right user:

[container]$ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 4188 3216 pts/0 Ss 12:58 0:00 bash
root 7255 0.0 0.0 201548 8448 ? Ss 13:14 0:00
php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)
www-data 7256 0.0 0.0 201548 10792 ? S 13:14 0:00 php-fpm: pool www
www-data 7257 0.0 0.0 201548 10664 ? S 13:14 0:00 php-fpm: pool www
root 7364 0.0 0.0 10336 1512 ? Ss 13:19 0:00 nginx:
master process /usr/sbin/nginx
www-data 7365 0.0 0.0 10960 4104 ? S 13:19 0:00 nginx:
worker process
www-data 7366 0.0 0.0 10960 4244 ? S 13:19 0:00 nginx:
worker process
www-data 7367 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7368 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7369 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7370 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7371 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7372 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7373 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7374 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7375 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
www-data 7376 0.0 0.0 10688 2684 ? S 13:19 0:00 nginx:
worker process
root 7386 0.0 0.0 8060 4248 pts/0 R+ 13:51 0:00 ps -aux

So I have the feeling I am missing something stupid... but what ??

Can you help me ?

Thanks in advance

Stefano

<!DOCTYPE html>
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Hello All,
I am Stefano from Torino, Italy; I am just new to this list,
nice to virtually meet all of you : )
I am writing to you because I need support for a strange issue I'
am facing.
I am trying to create a debian container to run some php app for
a side project, the idea is to use nginx and php-fpm,
the procedure I am using is :
[host] $ podman run
-ti -p 8090:80 debian:12-slim
[container]$ apt update
&& apt install vim nginx php-fpm 

edit
`/etc/nginx/sites-enabled/default` de-commenting
the php part 

 # pass
PHP scripts to FastCGI server
 
 #
 
 location ~ \.php$ {
 
 include snippets/fastcgi-php.conf;
 
 
 # With php-fpm (or other unix sockets):
 
 fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
 
 # With php-cgi (or other tcp sockets):
 
 #fastcgi_pass 127.0.0.1:9000;
 
 }
 
 

[container]$
/etc/init.d/nginx start 
[container]$ /etc/init.d/php8.2-fpm start 
 
edit
`/var/www/html/info.php using the content:` 

<blockquote>
<?php 
phpinfo(); 
?>
</blockquote>
connecting
<a class="moz-txt-link-freetext" href="http://localhost:8080">http://localhost:8080</a> I get the default nginx page 

connecting
<a class="moz-txt-link-freetext" href="http://localhost:8080/info.php">http://localhost:8080/info.php</a> I got Access denied. 

and the logs report :
[container]$ tail -n 2
/var/log/nginx/error.log 
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in
stderr: "PHP message: PHP Warning: PHP Request Startup: Failed
to open stream: Permission denied in Unknown on line 0; Unable
to open primary script: /var/www/html/info.php (Permission
denied)" while reading resp 
onse header from upstream, client: 127.0.0.1, server: _,
request: "GET /info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host:
"localhost:8090"
 
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in
stderr: "PHP message: PHP Warning: PHP Request Startup: Failed
to open stream: Permission denied in Unknown on line 0; Unable
to open primary script: /var/www/html/info.php (Permission
denied)" while reading resp 
onse header from upstream, client: 127.0.0.1, server: _,
request: "GET /info.php HTTP/1.1", upstream:
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host:
"localhost:8090" 
 
It is strange because I the file /var/www/html/info.php exists
and have to much open permission 0:)
[container]$ ls -l
/var/www/html/info.php 
-rwxrwxrwx 1 root root 20 Jul 6 13:03 /var/www/html/info.php 

the socket /var/run/php/php8.2-fpm.sock
exist and it seems ok:
[container]$ ls -l
/var/run/php/php8.2-fpm.sock
 
srw-rw---- 1 www-data www-data 0 Jul 6 13:14
/var/run/php/php8.2-fpm.sock 
 
all the workers seem running using the right user:
[container]$ ps -aux 
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
 
root 1 0.0 0.0 4188 3216 pts/0 Ss 12:58 0:00
bash
 
root 7255 0.0 0.0 201548 8448 ? Ss 13:14 0:00
php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)
 
www-data 7256 0.0 0.0 201548 10792 ? S 13:14 0:00
php-fpm: pool www
 
www-data 7257 0.0 0.0 201548 10664 ? S 13:14 0:00
php-fpm: pool www
 
root 7364 0.0 0.0 10336 1512 ? Ss 13:19 0:00
nginx: master process /usr/sbin/nginx
 
www-data 7365 0.0 0.0 10960 4104 ? S 13:19 0:00
nginx: worker process
 
www-data 7366 0.0 0.0 10960 4244 ? S 13:19 0:00
nginx: worker process
 
www-data 7367 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7368 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7369 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7370 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7371 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7372 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7373 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7374 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7375 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
www-data 7376 0.0 0.0 10688 2684 ? S 13:19 0:00
nginx: worker process
 
root 7386 0.0 0.0 8060 4248 pts/0 R+ 13:51 0:00
ps -aux 
 

So I have the feeling I am missing something stupid... but what
??
Can you help me ?
Thanks in advance
Stefano 

 

 
 

 

</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Michael =?utf-8?B?S2rDtnJsaW5n?=@21:1/5 to All on Sat Jul 6 16:50:01 2024

On 6 Jul 2024 13:58 +0000, from stethewwolf@posteo.net (Stefano Prina):

[container]$ tail -n 2 /var/log/nginx/error.log
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP message: PHP Warning: PHP Request Startup: Failed to open stream: Permission denied in Unknown on line 0; Unable to open primary script: /var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET /info.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090" 2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP message: PHP Warning: PHP Request Startup: Failed to open stream: Permission denied in Unknown on line 0; Unable to open primary script: /var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET /info.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"

It is strange because I the file /var/www/html/info.php exists and have to much open permission 0:)

I am unable to replicate your results against a VM running a fairly
bare-bones Debian 12 installation. I did however have to do an extra
`systemctl restart nginx.service` within the VM guest for the nginx
web server to recognize info.php as a PHP script that should be
executed, instead of a plain file that should be returned as-is to the
client; simply the old-style /etc/init.d "start" that you show in your
post did not suffice.

I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation). I would
therefore suggest to double-check your podman invocation to make sure
it is correct for the intended results, and then double-check that you
are requesting the correct URL (primarily host and port) given the
conditions from where you are requesting it. For example, you could
make a change to the default page and check that this change is
reflected in the web browser.

--
Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Stefano Prina@21:1/5 to All on Thu Jul 11 12:50:01 2024

This is a multi-part message in MIME format.
Ciao Michael,

simply the old-style /etc/init.d "start" that you show in your
post did not suffice.

I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation).

After your email, I double checked and I reported wrongly the port on
the browser url.. of course there were no others containers running a
the host

Anyway I tested the procedure using

* a vm as you did, and I confirm it is working... starting the services
using systemd simply works.

* a vm, stopping the services using the systemd and restarting them
using init.d and it works.

* docker running on a debian host, starting the services using init.d
and it works.

* podman running on a debian host, starting the services using init.d
and it works.

So case close... because the first try was running on a different
distribution, confining all the check to debian do not reproduce the issue.

Thanks for your feedback

Stefano

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Ciao Michael,
<blockquote type="cite"
cite="mid:b118c746-5694-40df-8950-d11a852cabb5@home.arpa">
<pre>simply the old-style /etc/init.d "start" that you show in your
post did not suffice.

I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation).</pre>
</blockquote>
After your email, I double checked and I reported wrongly the
port on the browser url.. of course there were no others
containers running a the host 

Anyway I tested the procedure using 

* a vm as you did, and I confirm it is working... starting the
services using systemd simply works.
* a vm, stopping the services using the systemd and restarting
them using init.d and it works.
* docker running on a debian host, starting the services using
init.d and it works.
* podman running on a debian host, starting the services using
init.d and it works.
So case close... because the first try was running on a different
distribution, confining all the check to debian do not reproduce
the issue.
Thanks for your feedback 

Stefano 

</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	151:40:42
Calls:	10,383
Files:	14,054
Messages:	6,417,807

Debian12 with nginx and php-fpm

Who's Online

System Info