[opensuse-factory] PHP-FPM and PHP 7.3.0
Is someone successfully using PHP-FPM and PHP 7.3.0 on Tumbleweed? None of my PHP applications worked after upgrading PHP-PHP and PHP, even simple phpinfo-scripts. I use the latest Apache2, PHP and PHP-FPM packages. At the beginning I used the old configuration from PHP 7.2, later I updated the configuration from *.rpmnew files. It did not help. Even the status check does not work: /etc/php7/fpm/php-fpm.d/www.conf: [...] pm.status_path = /status [...] myusername@mybox:~> SCRIPT_NAME=/status \
SCRIPT_FILENAME=/status \ QUERY_STRING=full \ REQUEST_METHOD=GET \ cgi-fcgi -bind -connect 127.0.0.1:9000
Primary script unknownStatus: 404 Not Found X-Powered-By: PHP/7.3.0 Content-type: text/html; charset=UTF-8 File not found. Unfortunately I didn't get useful logs from PHP-FPM, e.g. the "cgi-fcgi" script does not product logs for PHP-FPM. I gave up and returned to MOD_PHP7 (apache2-mod_php7). MOD_PHP7 works. Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Citeren Bjoern Voigt
Is someone successfully using PHP-FPM and PHP 7.3.0 on Tumbleweed?
I do. Except for php7-memcached (which needed an upgrade) it has been smooth sailing.
None of my PHP applications worked after upgrading PHP-PHP and PHP, even simple phpinfo-scripts. I use the latest Apache2, PHP and PHP-FPM packages.
At the beginning I used the old configuration from PHP 7.2, later I updated the configuration from *.rpmnew files. It did not help.
Even the status check does not work:
/etc/php7/fpm/php-fpm.d/www.conf: [...] pm.status_path = /status [...]
myusername@mybox:~> SCRIPT_NAME=/status \
SCRIPT_FILENAME=/status \ QUERY_STRING=full \ REQUEST_METHOD=GET \ cgi-fcgi -bind -connect 127.0.0.1:9000
Primary script unknownStatus: 404 Not Found X-Powered-By: PHP/7.3.0 Content-type: text/html; charset=UTF-8
File not found.
Unfortunately I didn't get useful logs from PHP-FPM, e.g. the "cgi-fcgi" script does not product logs for PHP-FPM.
I think the 'modern' way of running PHP-FPM is through mod_proxy_fcgi.
At least that is what I do here;
<IfModule mod_proxy_fcgi.c>
I gave up and returned to MOD_PHP7 (apache2-mod_php7). MOD_PHP7 works.
Greetings, Björn
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Arjen de Korte wrote:
I think the 'modern' way of running PHP-FPM is through mod_proxy_fcgi. At least that is what I do here;
<IfModule mod_proxy_fcgi.c>
# Note: The part that matters is /var/run/php-fpm/www.sock SetHandler "proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost" </FilesMatch> # Add index.php to the list of index pages. DirectoryIndex index.php </IfModule>
My PHP-FPM Apache configuration looks like this:
/etc/apache/conf.d/php7-fpm.conf:
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/srv/www/htdocs/$1
On Saturday 2019-01-05 00:54, Bjoern Voigt wrote:
Arjen de Korte wrote:
I think the 'modern' way of running PHP-FPM is through mod_proxy_fcgi. At least that is what I do here;
<IfModule mod_proxy_fcgi.c>
# Note: The part that matters is /var/run/php-fpm/www.sock SetHandler "proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost" </FilesMatch> # Add index.php to the list of index pages. DirectoryIndex index.php </IfModule>
My PHP-FPM Apache configuration looks like this:
/etc/apache/conf.d/php7-fpm.conf: ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/srv/www/htdocs/$1
</Proxy> SetHandler "proxy:fcgi://127.0.0.1:9000" </If> </FilesMatch> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
Well looks like tonight we're all sharing our approaches to fpm. Here's
mine in the bucket:
<IfModule mod_proxy_fcgi.c>
[Sat Jan 05 00:40:32.267686 2019] [proxy:warn] [pid 22833] [client ::1:58160] AH00917: connect to remote machine 127.0.0.1 blocked: IP 127.0.0.1 matched [Sat Jan 05 00:40:32.267713 2019] [proxy:error] [pid 22833] [client ::1:58160] AH00898: Connect to remote machine blocked returned by /phpinfo.php
I found with Wireshark, that Apache does not even try to communicate with php-fpm over port 9000.
FPM-FPM runs on port 9000:
# netstat -tulpen|grep 9000 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 0 322196 18092/php-fpm: mast
Greetings, Björn
If you are 100% sure that apparmor or firewalld are not blocking things or any kind of rule especially the following in your log the client of apache2 is accessing by ipv6 client ::1:58160 and then you goes to ipv4 with the way you configure it. Otherwise I can confirm socket way is the easiest one and safer when you have dual stack. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe supporter GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Citeren Bjoern Voigt
Arjen de Korte wrote:
I think the 'modern' way of running PHP-FPM is through mod_proxy_fcgi. At least that is what I do here;
<IfModule mod_proxy_fcgi.c>
# Note: The part that matters is /var/run/php-fpm/www.sock SetHandler "proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost" </FilesMatch> # Add index.php to the list of index pages. DirectoryIndex index.php </IfModule>
My PHP-FPM Apache configuration looks like this:
/etc/apache/conf.d/php7-fpm.conf: ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/srv/www/htdocs/$1
</Proxy> SetHandler "proxy:fcgi://127.0.0.1:9000" </If> </FilesMatch> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
You have PHP-FPM configured to listen on '127.0.0.1', but in the above configuration you also use 'localhost' in your proxy configuration. In a dual-stacked system these are not equivalent. If you need processes to communicate with each other you'll have to make a choice for one or the other. So either use '127.0.0.1' or 'localhost' (or [::] for that matter) everywhere. Or better yet, configure processes to communicate over a domain socket, which is not prone to this and is actually a bit more efficient.
Apache's error_log shows such errors: [Sat Jan 05 00:40:32.267686 2019] [proxy:warn] [pid 22833] [client ::1:58160] AH00917: connect to remote machine 127.0.0.1 blocked: IP 127.0.0.1 matched [Sat Jan 05 00:40:32.267713 2019] [proxy:error] [pid 22833] [client ::1:58160] AH00898: Connect to remote machine blocked returned by /phpinfo.php
I found with Wireshark, that Apache does not even try to communicate with php-fpm over port 9000.
FPM-FPM runs on port 9000:
# netstat -tulpen|grep 9000 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 0 322196 18092/php-fpm: mast
Greetings, Björn
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 04-01-2019 a las 19:40, Bjoern Voigt escribió:
Is someone successfully using PHP-FPM and PHP 7.3.0 on Tumbleweed?
Yes, there is something wrong with your configuration because it works for me, with apache-event Either with the ProxyPassMatch or the SetHandler "proxy:unix:...thing. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Thank you for all the tips.
Part of my problem was probably Ninja Firewall. I installed Ninja
Firewall (free) some weeks ago for testing. The free version does not
allow whitelisting. So for unknown reasons Ninja Firewall blocked
localhost/127.0.0.1/::1. After disabling, updating and re-enabling Ninja
Firewall I have access again.
But after some minutes I was blocked again for unknown reasons.
Now I switched from Apache2-PHP-FPM TCP connection to unix socket
connection. The setup works now:
/etc/apache2/conf.d/php7-fpm.conf:
<IfModule mod_proxy_fcgi.c>
participants (5)
-
Arjen de Korte
-
Bjoern Voigt
-
Bruno Friedmann
-
Cristian Rodríguez
-
Jan Engelhardt