debugging ssl and php-fpm

Ian Evans ianevans at digitalhit.com
Sun Nov 24 12:54:56 UTC 2013 

Okay, so rule #1 is to never think a server migration will go easy.

As I've said in another thread, I've been running nginx and php-fpm for 
years on my site. But I'm moving from a CentOS to an Ubuntu server and 
things aren't going as smooth as they should be.

I've got the non-ssl server working just fine. Tested out the SSL pages 
and I'm getting blank pages but I can't seem to see anything in the logs 
or at least nothing that's clear to me.

Here's a snippet of the SSL server:

server {
server_name www.example.com;
listen 443;
root /usr/share/nginx/html;
index index.shtml index.php index.html;
include /etc/nginx/fastcgi_params;
error_log /var/log/nginx/sslerror.log debug;

ssl on;
ssl_certificate /etc/nginx/certs/example.pem;
ssl_certificate_key /etc/nginx/certs/example.key;
ssl_session_timeout 5m;
error_page 404 /dhe404.shtml;

location / {
rewrite ^ http://www.example.com$request_uri? permanent;
}
		
location ~ \.(shtml|php|inc)$ {
fastcgi_pass 127.0.0.1:9000;
}

location ^~ /rather/ {
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on;
fastcgi_index index.shtml;
auth_basic "DHENEWS";
auth_basic_user_file .htpasswd;
}

...
}

So, I'm trying to go a php page under /rather, a page I've used 
thousands of times on the old server.

I get prompted for my username and password by the auth. That works, but 
then I get a blank page.

so:
- PHP is working on the non-ssl side
- we've got fastcgi_pass in the locations.

And most importantly...it works on the old server so why am I pulling my 
hair out? ;-) Is there something I'm missing in regards to ssl and 
php-fpm? Here's the fastcgi_params:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $document_root$fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
# cache stuff
fastcgi_cache MYCACHE;
fastcgi_keep_conn on;
fastcgi_cache_bypass $no_cache $no_cache_dirs;
fastcgi_no_cache $no_cache $no_cache_dirs;
fastcgi_cache_valid 200 301 5m;
fastcgi_cache_valid 302 5m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_use_stale error timeout invalid_header updating http_500;
fastcgi_ignore_headers Cache-Control Expires;
fastcgi_cache_lock on;

Thanks to the list for a fresh pair of eyes.

More information about the nginx mailing list