Nginx, PHP5-FPM and Permission Denied Errors

After upgrading to Nginx 1.4.7 and PHP 5.4.28 (or 5.5.12), you may start seeing errors like the following:

2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"

The fix is to edit /etc/php5/fpm/pool.d/www.conf and set the listen.mode to 666 (be sure to uncomment the line as well):

listen.mode = 0666

Load Balancing a Reverse Proxy with Nginx, PHP5-FPM & SSL

Continuing with our migration to Nginx (see previous posts here and here), the next set of servers to move were a load balanced group of PHP servers. Each server consists of an http server on port 80, an https server on port 443 and an upstream PHP server on port 8000.

  • 1 to n upstream PHP servers can be configured, either local or remote
  • configuration supports both http (80) and https (443)
  • SSL is terminated before being passed to the upstream server
  • PHP upstream server uses PHP5-FPM via a local socket
  • static files are served directly via Nginx and are set to max expires

There are also some future optimizations I’m currently looking at:

Configuring Nginx & CodeIgniter with Rewrite Rules

I’ve recently begun working with Nginx as we’re finally moving off of Apache in our infrastructure. The first thing I noticed is documentation for various types of configurations is a bit sporadic. A lot is outdated and many don’t use best practices.

The first application I’m working on is a CodeIgniter-based PHP site which needs a few rewrite rules to function properly. I dug upĀ this tutorial but it unfortunately uses a lot of if statements which I quickly learned are evil in Nginx.

Below is the configuration that I’ve settled upon (for now) which takes into account some best practices including:

  • uses php-fpm for the upstream server via a unix socket
  • redirects all http://www.example.com traffic to example.com
  • passes all requests under the root to the front-controller as long as they don’t exist (allows nginx to directly serve static files)
  • prevents uncontrolled requests from being passed to php
  • prevents any access to leftover .htaccess files

I’m hoping to add some of the additional rewrite functionality found in the tutorial at a later date.