debugging ssl and php-fpm
Ian Evans
ianevans at digitalhit.com
Sun Nov 24 12:54:56 UTC 2013
Okay, so rule #1 is to never think a server migration will go easy.
As I've said in another thread, I've been running nginx and php-fpm for
years on my site. But I'm moving from a CentOS to an Ubuntu server and
things aren't going as smooth as they should be.
I've got the non-ssl server working just fine. Tested out the SSL pages
and I'm getting blank pages but I can't seem to see anything in the logs
or at least nothing that's clear to me.
Here's a snippet of the SSL server:
server {
server_name www.example.com;
listen 443;
root /usr/share/nginx/html;
index index.shtml index.php index.html;
include /etc/nginx/fastcgi_params;
error_log /var/log/nginx/sslerror.log debug;
ssl on;
ssl_certificate /etc/nginx/certs/example.pem;
ssl_certificate_key /etc/nginx/certs/example.key;
ssl_session_timeout 5m;
error_page 404 /dhe404.shtml;
location / {
rewrite ^ http://www.example.com$request_uri? permanent;
}
location ~ \.(shtml|php|inc)$ {
fastcgi_pass 127.0.0.1:9000;
}
location ^~ /rather/ {
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on;
fastcgi_index index.shtml;
auth_basic "DHENEWS";
auth_basic_user_file .htpasswd;
}
...
}
So, I'm trying to go a php page under /rather, a page I've used
thousands of times on the old server.
I get prompted for my username and password by the auth. That works, but
then I get a blank page.
so:
- PHP is working on the non-ssl side
- we've got fastcgi_pass in the locations.
And most importantly...it works on the old server so why am I pulling my
hair out? ;-) Is there something I'm missing in regards to ssl and
php-fpm? Here's the fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# cache stuff
fastcgi_cache MYCACHE;
fastcgi_keep_conn on;
fastcgi_cache_bypass $no_cache $no_cache_dirs;
fastcgi_no_cache $no_cache $no_cache_dirs;
fastcgi_cache_valid 200 301 5m;
fastcgi_cache_valid 302 5m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_use_stale error timeout invalid_header updating http_500;
fastcgi_ignore_headers Cache-Control Expires;
fastcgi_cache_lock on;
Thanks to the list for a fresh pair of eyes.
More information about the nginx
mailing list