PHP below server root not served

nano nanotek at bsdbox.co
Thu Jan 9 12:41:32 UTC 2014


On 9/01/2014 9:23 PM, nano wrote:
> I am having trouble configuring nginx to serve up PHP from outside of
> the server document root. For example, this site's root is
> /usr/local/www/site1/wordpress and phpMyAdmin is located in
> /usr/local/www/phpMyAdmin. I cannot access servername.com/phpmyadmin.
> nginx logs the following error:
>
> ====================================================================
> 2014/01/09 09:56:20 [error] 39387#0: *6160 FastCGI sent in stderr:
> "Primary script unknown" while reading response header from upstream,
> client: clientIP, server: serverhostname, request: "GET /phpmyadmin/
> HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host:
> "serverhostname"
> ====================================================================
>
> The WordPress site, however, is served without error. Therefore, nginx
> is refusing to serve PHP from outside of the server document root.
> Please see the following configuration:
>
>
> nginx.conf
> ====================================================================
> user  www www;
> worker_processes 1;
> pid /var/run/nginx.pid;
> error_log  logs/error.log  info;
>
> events {
>      worker_connections  768;
>      use kqueue;
> }
>
> http {
>      include       mime.types;
>      default_type  application/octet-stream;
>
>      access_log  logs/access.log  main;
>      sendfile        on;
>      keepalive_timeout  65;
>      gzip  on;
>
> server {
>          listen 80;
>          listen 443 ssl;
>          server_name servername.com;
>          ssl_certificate crt-chain.pem;
>          ssl_certificate_key key.pem;
>          ssl_dhparam dhparam4096.pem;
>          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>          ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
> EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384
> EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !a
> NULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
>          ssl_prefer_server_ciphers on;
>
>          root /usr/local/www/site1/wordpress;
>          index index.php;
>
>          location / {
>                  try_files $uri $uri/ /index.php?$args;
>          }
>
>          location ~ \.php$ {
>                  fastcgi_pass unix:/var/run/php-fpm.sock;
>                  fastcgi_param SCRIPT_FILENAME
> /usr/local/www/site1/wordpress$fastcgi_script_name;
>                  fastcgi_param PATH_INFO $fastcgi_script_name;
>                  include fastcgi_params;
>          }
>
> #----------------------PROBLEM AREA----------------------#
>
>          location /phpmyadmin/ {
>              alias       /usr/local/www/phpMyAdmin/;
>              index index.php index.html;
>          }
>
>          location ~ ^/phpmyadmin/(.*\.php)$ {
>              fastcgi_param PHP_ADMIN_VALUE
> open_basedir=/usr/local/www/phpMyAdmin;
>              fastcgi_pass        unix:/tmp/php-fpm.sock;
>              fastcgi_index index.php;
>              fastcgi_param SCRIPT_FILENAME
> /usr/local/www/phpMyAdmin$fastcgi_script_name;
>              include fastcgi_params;
>
> #----------------------PROBLEM AREA----------------------#
>
>          }
>      }
> }
> ====================================================================
>
>
> I am obviously lacking some required configuration. Perhaps in
> nginx.conf, php-fpm.conf, or php.ini. Could someone please advise me of
> my error and how to correct it? Thank you.
>
> Strangely, in Apache, I simply required an alias entry, such as:
>
> Alias /phpmyadmin "/usr/local/www/phpMyAdmin"
> <Directory "/usr/local/www/phpMyAdmin">
>    Options None
>          AllowOverride None
>          Require all granted
> </Directory>
>
> in my httpd.conf file even when the server root was above this location
> and with the exact same PHP settings (php.ini) as I now have with nginx.
>
> Server intel:
> # uname -a
> FreeBSD hostname 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26
> 22:50:31 UTC 2013
> root at bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
>
> # nginx -V
> nginx version: nginx/1.5.7
> TLS SNI support enabled
> configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I
> /usr/local/include' --with-ld-opt='-L /usr/local/lib'
> --conf-path=/usr/local/etc/nginx/nginx.conf
> --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
> --error-log-path=/var/log/nginx-error.log --user=www --group=www
> --with-ipv6 --with-google_perftools_module
> --http-client-body-temp-path=/var/tmp/nginx/client_body_temp
> --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
> --http-proxy-temp-path=/var/tmp/nginx/proxy_temp
> --http-scgi-temp-path=/var/tmp/nginx/scgi_temp
> --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
> --http-log-path=/var/log/nginx-access.log --with-http_addition_module
> --with-http_auth_request_module --with-http_dav_module
> --with-http_flv_module --with-http_geoip_module
> --with-http_gzip_static_module --with-http_gunzip_module
> --with-http_image_filter_module --with-http_mp4_module
> --with-http_perl_module --with-http_random_index_module
> --with-http_realip_module --with-http_secure_link_module
> --with-http_stub_status_module --with-http_sub_module
> --with-http_xslt_module --with-pcre --with-http_spdy_module --with-mail
> --with-mail_ssl_module --with-http_ssl_module
>
>

I seem to have fixed this problem.

Amended nginx.conf file:
====================================================================
user  www www;
worker_processes 1;
pid /var/run/nginx.pid;
error_log  logs/error.log  info;

events {
   worker_connections  768;
   use kqueue;
}

http {
   include       mime.types;
   default_type  application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';

   access_log  logs/access.log  main;
   sendfile        on;
   keepalive_timeout  65;
   gzip  on;

     server {
         listen 80;
         listen 443 ssl;
         server_name srvname.com www.srvname.com;

         ssl_certificate crt-chain.pem;
         ssl_certificate_key key.pem;
         ssl_dhparam dhparam4096.pem;
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM 
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 
EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW 
!3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
         ssl_prefer_server_ciphers on;

         root /usr/local/www/site1/wordpress;
         index index.php;

         location /phpmyadmin {
                 alias /usr/local/www/phpMyAdmin/;
                 index index.php index.html;
         }

         location ~ ^/phpmyadmin/(.*\.php)$ {
                 root /usr/local/www/phpMyAdmin/;
                 fastcgi_pass unix:/var/run/php-fpm.sock;
                 include fastcgi_params;
                 fastcgi_param SCRIPT_FILENAME /usr/local/www/phpMyAdmin/$1;
                 fastcgi_param DOCUMENT_ROOT /usr/local/www/phpMyAdmin;
         }

         location / {
                 try_files $uri $uri/ /index.php?$args;
         }

         location ~ \.php$ {
                 fastcgi_pass unix:/var/run/php-fpm.sock;
                 fastcgi_param SCRIPT_FILENAME 
/usr/local/www/site1/wordpress$fastcgi_script_name;
                 fastcgi_param PATH_INFO $fastcgi_script_name;
                 include fastcgi_params;
         }

         error_page   500 502 503 504  /50x.html;
         location = /50x.html {
                 root   /usr/local/www/nginx-dist;
         }
     }
}
====================================================================

Admittedly, I don't know *why* what I changed fixed the problem, but it 
did. I relocated the phpMyAdmin entries to above the "location /" block 
from beneath the "location /" block.

From:
http {
server {
   root;
location / {
   try_files; ... }
location ~ \.php$ {
   fastcgi_pass ... }
location /phpmyadmin {
   alias; ... }
location ~ ^/phpmyadmin/(.*\.php)$ {
   root; ... }
location = /50x.html; {
   root; ... }
   }
  }
}

to:
http {
server {
   root;
location /phpmyadmin {
   alias; ... }
location ~ ^/phpmyadmin/(.*\.php)$ {
   root; ... }
location / {
   try_files; ... }
location ~ \.php$ {
   fastcgi_pass ... }
location = /50x.html; {
   root; ... }
   }
  }
}

The syntax is identical, just those two location blocks are in a 
different place. I would like to know why this works, but am just happy 
that it does. I look forward to better understanding this great program.

Thank you, all, for your participation.

-- 
syn.bsdbox.co



More information about the nginx mailing list