Jump to content
Froxlor Forum
  • 0

PHP-FPM socket file permission denied for particular user


Sisir Adhikari

Question

Posted

My users are having this problem. It is weird because the site was working last night.

 

connect() to unix:/var/run/1-pronob-xxxx.com-php-fpm.socket failed (13: Permission denied) while connecting to upstream

The result of  

groups www-data
www-data : www-data froxlorlocal xxxx xxxx xxxx xxxx xxxx pronob

www-data is successfully added to the group of the user. So, no issue there. Permission of socket file seems to be okay too.

cd/var/run
ls -l

srw-rw----  1 pronob     pronob         0 Apr 23 07:22 1-pronob-xxxx.com-php-fpm.socket

How to further troubleshot this issue?

17 answers to this question

Recommended Posts

Posted

Looks all good from here. Users are correct. Ownership is correct. Most likely, if it's only very limited and temporary (1 or 2 requests) then possibly it's just a php-fpm restart or similar.

Posted

Sorry, it seems all of the site having issues now. error is the same. When I change ownership of socket files to www-data:www-data sites are working.

I am looking further into this. Will post more soon.

Posted

Then you clearly configured something wrong - fpm runs with the customers users, the socket should NOT belong to www-data

Posted
2 minutes ago, d00p said:

the socket should NOT belong to www-data

They do not, their ownership belongs to users. I was saying when I "change" socket file ownership to www-data sites are back up.

Posted

yes and what I meant with "the socket should NOT belong to www-data" was that this behaviour is clearly wrong if it works after chown'ing to www-data

Posted

Getting the problem again very randomly. No clue why this is happening.

 

2020/04/24 07:34:58 [crit] 1049#1049: *56685 connect() to unix:/var/run/1-pronob-xxxx.com-php-fpm.socket failed (13: Permission denied) while connecting to upstream, client: 162.158.207.135, server: xxxxx.com, request: "GET /%e0%a6%b0%e0%a6%be%e0%a6%a8%e0%a6%be%e0%a6%aa%e0%a7%8d%e0%a6%b2%e0%a6%be%e0%a6%9c%e0%a6%be-%e0%a6%86%e0%a6%b9%e0%a6%a4%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%b8%e0%a7%81%e0%a6%9a%e0%a6%bf%e0%a6%95%e0%a6%bf/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/1-pronob-xxxx.com-php-fpm.socket:", host: "xxxxx.com", referrer: "http://m.facebook.com/"

Posted
On 4/23/2020 at 9:41 AM, d00p said:

Hard to get anything out of this, please provide logs, vhost-config, pool-configs, list of the customers docroot/domain docroot, etc. regarding this domain and customer

 

Posted

Where do I find pool config?

 

Below list of configs and logs as requested.

 

Vhost Config for site:

server {
        listen 173.82.54.45:443 ssl;
        server_name xxxx.com www.xxxx.com;
        ssl_protocols TLSv1 TLSv1.2 TLSv1.3;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128;
        ssl_prefer_server_ciphers off;
        ssl_session_tickets on;
        ssl_session_cache shared:SSL:10m;
        ssl_certificate /etc/ssl/froxlor-custom/xxxx.com.crt;
        ssl_certificate_key /etc/ssl/froxlor-custom/xxxx.com.key;
        add_header Strict-Transport-Security "max-age=0";
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/ssl/froxlor-custom/xxxx.com.crt;
        include /etc/apache2/conf-enabled/acme.conf;
        access_log /var/customers/logs/pronob-access.log combined;
        error_log /var/customers/logs/pronob-error.log error;
        root /var/customers/webs/pronob/xxxx.com/;
        location / {
                index index.php index.html index.htm;
                try_files $uri $uri/ @rewrites;
        }

        location @rewrites {
                rewrite ^ /index.php last;
        }

        location ~ ^(.+?\.php)(/.*)?$ {
                try_files /0f6cdec4d4006fb06b92f065192e2d00.htm @php;
        }

        location @php {
                try_files $1 =404;

                include /etc/nginx/fastcgi_params;
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param PATH_INFO $2;
                fastcgi_param HTTPS on;
                fastcgi_pass unix:/var/run/1-pronob-xxxx.com-php-fpm.socket;
                fastcgi_index index.php;
        }


}

$ ls -l /var/customers/webs/pronob

-rw-r--r--  1 pronob pronob     6422 Mar  8 06:44 index.html
drwxr-xr-x 10 pronob pronob     4096 Apr 24 14:16 odhikarbd.com
drwxr-xr-x  2 pronob pronob     4096 Apr 18 18:50 pronob.server.vimohost.com
drwxr-xr-x  2 pronob pronob     4096 Apr 24 00:01 webalize

$ ls -la /var/customers/webs/pronob/odhikarbd.com

drwxr-xr-x 10 pronob pronob  4096 Apr 24 14:16 .
drwxr-xr-x  5 pronob pronob  4096 Apr 18 20:30 ..
-rw-r--r--  1 pronob pronob   227 Apr 18 20:16 active.php
drwxr-xr-x  2 pronob pronob  4096 Apr 18 20:16 cgi-bin
-rw-r--r--  1 pronob pronob    53 Apr 18 20:16 google86cdd11e02e76bd5.html
-rw-r--r--  1 pronob pronob   743 Apr 18 20:16 .htaccess__67c55ca-18180332
-rw-r--r--  1 pronob pronob   405 Apr 18 20:16 index.php
-rw-r--r--  1 pronob pronob 19915 Apr 18 20:16 license.txt
drwxr-xr-x  2 pronob pronob  4096 Apr 18 20:16 .quarantine
-rw-r--r--  1 pronob pronob  7278 Apr 18 20:16 readme.html
drwxr-xr-x  2 pronob pronob  4096 Apr 18 20:16 .tmb
drwxr-xr-x  3 pronob pronob  4096 Apr 18 20:16 .well-known
-rw-r--r--  1 pronob pronob  6912 Apr 18 20:16 wp-activate.php
drwxr-xr-x  9 pronob pronob  4096 Apr 18 20:16 wp-admin
-rw-r--r--  1 pronob pronob   351 Apr 18 20:16 wp-blog-header.php
-rw-r--r--  1 pronob pronob  2275 Apr 18 20:16 wp-comments-post.php
-rw-------  1 pronob pronob  2882 Apr 18 20:38 wp-config.php
-rw-r--r--  1 pronob pronob  2913 Apr 18 20:16 wp-config-sample.php
drwxr-xr-x 10 pronob pronob  4096 Apr 24 14:29 wp-content
-rw-r--r--  1 pronob pronob  3940 Apr 18 20:16 wp-cron.php
drwxr-xr-x 21 pronob pronob 12288 Apr 18 20:16 wp-includes
-rw-r--r--  1 pronob pronob  2496 Apr 18 20:16 wp-links-opml.php
-rw-r--r--  1 pronob pronob  3300 Apr 18 20:16 wp-load.php
-rw-r--r--  1 pronob pronob 47874 Apr 18 20:16 wp-login.php
-rw-r--r--  1 pronob pronob  8501 Apr 18 20:16 wp-mail.php
-rw-r--r--  1 pronob pronob 19396 Apr 18 20:16 wp-settings.php
-rw-r--r--  1 pronob pronob 31111 Apr 18 20:16 wp-signup.php
drwxr-xr-x  4 pronob pronob  4096 Apr 21 13:55 wp-snapshots
-rw-r--r--  1 pronob pronob  4755 Apr 18 20:16 wp-trackback.php
-rw-r--r--  1 pronob pronob  3133 Apr 18 20:16 xmlrpc.php

 

Posted

PHP FPM 7.2 Pool config

;PHP-FPM configuration for "odhikarbd.com" created on 2020.04.24 07:35:03
[odhikarbd.com]
listen = /var/run/1-pronob-odhikarbd.com-php-fpm.socket
listen.owner = pronob
listen.group = pronob
listen.mode = 0660
user = pronob
group = pronob
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 0
;chroot = /var/customers/webs/pronob/odhikarbd.com/
security.limit_extensions = .php
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /var/customers/tmp/pronob/
env[TMPDIR] = /var/customers/tmp/pronob/
env[TEMP] = /var/customers/tmp/pronob/
php_admin_value[session.save_path] = /var/customers/tmp/pronob/
php_admin_value[upload_tmp_dir] = /var/customers/tmp/pronob/


php_admin_flag[allow_url_fopen] = On
php_admin_flag[allow_url_include] = Off
php_value[auto_append_file] = 
php_value[auto_prepend_file] = 
php_value[default_charset] = "UTF-8"
php_flag[asp_tags] = Off
php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system
php_flag[display_errors] = Off
php_flag[display_startup_errors] = Off
php_admin_flag[enable_dl] = Off
php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
php_admin_flag[expose_php] = Off
php_admin_flag[file_uploads] = On
php_flag[html_errors] = On
php_admin_flag[ignore_repeated_errors] = Off
php_admin_flag[ignore_repeated_source] = Off
php_value[include_path] = ".:/usr/share/php/:/usr/share/php5/"
php_flag[log_errors] = On
php_admin_flag[log_errors] = On
php_value[log_errors_max_len] = 1024
php_flag[mail.add_x_header] = Off
php_value[max_execution_time] = 30
php_admin_value[max_input_time] = 60
php_admin_value[memory_limit] = 128M
php_admin_value[output_buffering] = 4096
php_admin_value[post_max_size] = 16M
php_admin_value[precision] = 14
php_admin_flag[register_argc_argv] = Off
php_admin_flag[report_memleaks] = On
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f xxxx@gmail.com"
php_value[session.auto_start] = 0
php_value[session.cookie_domain] = 
php_value[session.cookie_lifetime] = 0
php_value[session.cookie_path] = /
php_admin_value[session.gc_divisor] = 1000
php_admin_value[session.gc_probability] = 0
php_value[session.name] = PHPSESSID
php_value[session.serialize_handler] = php
php_flag[session.use_cookies] = 1
php_flag[short_open_tag] = On
php_value[upload_max_filesize] = 32M
php_admin_value[variables_order] = "GPCS"
php_admin_value[opcache.restrict_api] = "/var/customers/webs/pronob/odhikarbd.com/"

 

Posted

Well the configs are generated and then the fpm daemon is just being reloaded, so this is a tiny second if at all downtime. Maybe it's cloudflare <> your host?

Posted

Sure, you can adjust the used process-manager (pm) and the corresponding settings regarding child-processes etc., just go to your fpm-versions/php-confgurations

Posted

Hard to get anything out of this, please provide logs, vhost-config, pool-configs, list of the customers docroot/domain docroot, etc. regarding this domain and customer

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...