Check if php-file exists in chroot jail

Volodymyr Kostyrko c.kworr at
Thu Mar 22 12:33:06 UTC 2012

maverick78 wrote:
> There a a lot of configuration-files, so I better put them into a
> pastebin.
> vhost:
> nginx.conf:
> fastcgi_params

And that's your poison:

fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;

You haven't said anywhere that nginx is chrooted but your php-fpm pool 
surely is. This way you should use full path in nginx config and submit 
relative path to php-fpm.

Here's my sample setup for chrooted yii app:

== nginx.conf
server {
   root /home/user/www/sitedir;
   access_log /var/log/nginx/site.access.log;
   error_log /var/log/nginx/site.error.log;
   index index.php;
   set $docroot /www/sitedir;

   location / {
     expires 1d;
     try_files $uri $uri/ @missing;

   location @missing {
     rewrite ^ /index.php?url=$uri last;

   include "/home/user/etc/nginx_php.conf";

== nginx_php.conf
location ~ .*\.php$ {
   try_files $uri =404;
   include /usr/local/etc/nginx/fastcgi_params;
   fastcgi_pass unix:/home/user/www/.fastcgi.php.socket;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $docroot$fastcgi_script_name;

> php-fpm.conf:
> php fpm pool configuration:
> The above with try_files /web/$uri =404; doesn't work either.

PS: Remember that some php modules do require access to extra files and 
even devices like '/tmp' and '/dev/crypto'.

Sphinx of black quartz judge my vow.

More information about the nginx mailing list