Trouble adding /pma location to all virtual hosts
Ben Johnson
ben at indietorrent.org
Tue Jun 25 20:18:34 UTC 2013
Hello,
I'm trying to accomplish something that feels like it should be very
simple, yet I'm struggling. I'm new to nginx, and I feel a bit lost as I
try to "translate" everything that I've done in Apache over the years to
nginx. So, please bear with me. I've done my research and asking this
list for help is a last-resort.
I have an application, phpMyAdmin, installed in /var/www/pma. I would
like to modify the nginx configuration such that every virtual-host
whose configuration file is located in /etc/nginx/sites-available/ has
access to the files in this directory by browsing to the location /pma/,
relative to the domain root.
The filesystem information for /var/www/pma is as follows (the
permissions are set recursively on the entire directory -- for now):
# ls -lah /var/www | grep "pma"
drwxrwxr-x 9 www-data www-data 4.0K Jun 17 16:37 pma
I figured that it might be simpler to get phpMyAdmin working for a
single vhost before attempting the same move server-wide.
On the surface, it looks to be this simple:
location /pma/ {
alias /var/www/pma/;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
When I try this configuration, I have the following in error.log:
2013/06/25 14:04:07 [error] 29741#0: *21 FastCGI sent in stderr:
"Primary script unknown" while reading response header from upstream,
client: 1.2.3.4, server: example.com, request: "GET /pma/ HTTP/1.1",
upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com"
While researching the cause of this error, I have seen others state that
SCRIPT_FILENAME has to be modified when using an alias in this way, e.g.
fastcgi_param SCRIPT_FILENAME $request_filename;
but the error messages are the same with this line, too.
So, I tried to use the "root" directive, instead of "alias", as I have
no particular reason for using one over the other in this scenario.
location /pma/ {
##alias /var/www/pma/;
root /var/www;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
This "kind of works". The index file at location /pma/index.php is
parsed via PHP, but requests for all other resources on the page yield
"403 Forbidden". The log states:
2013/06/25 14:21:46 [error] 30343#0: *12 FastCGI sent in stderr: "Access
to the script '/var/www/pma/favicon.ico' has been denied (see
security.limit_extensions)" while reading response header from upstream,
client: 1.2.3.4, server: example.com, request: "GET /pma/favicon.ico
HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host:
"example.com"
Obviously, the aim here is not to execute '/var/www/pma/favicon.ico' as
a PHP script.
I found a thread at
http://serverfault.com/questions/486368/nginx-and-php-fpm-403-forbidden
which seems to address this intended behavior (the rationale is sound).
So, I split my configuration up into the following sections, so that PHP
scripts would be handled via php-fpm and static content would be handled
directly:
location ~ /pma/.*\.php$ {
root /var/www;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location /pma/ {
root /var/www;
# Adding the following line makes no difference:
index index.php;
}
With this configuration, PMA's index page won't even load. The location
/pma/ returns a 404, as does /pma/index.php.
Nothing is written to the vhost's error.log when /pma/ or /pma/index.php
is requested. Only the following (I've omitted the irrelevant bits) is
written to access.log:
"GET /pma/ HTTP/1.1" 404 200 "-"
"GET /pma/index.php HTTP/1.1" 404 200 "-"
I must be doing something completely asinine.
Other misc. details:
- PHP's open_basedir directive includes the path /var/www/pma.
- nginx is executing the request as the user "web2" who is in the group
"client2" (this is configured via ISPConfig).
- The group "client2" is in the group "www-data", and /var/www/pma's
user:group is www-data:www-data and the permissions on the directory are
0775, recursively.
Thanks in advance for any help here,
-Ben
More information about the nginx
mailing list