On 13/04/17 02:18 PM, John Iliffe wrote:
I'm still trying to figure out what is actually happening here and I
have a result that is truly confusing now.
I decided to just route everything to php-fpm, mainly to check that it
is actually active, and I used a file that would have been routed there
by ProxyPass/ProxyPassMatch anyhow, so I would have expected php-fpm to
run and give me an html page as output.
Here's what happened:
I set the ProxyPass directive to:
ProxyPass / "fcgi://127.0.0.1:9000" enablereuse=on
and got the response:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /testfcgi.php
<http://192.168.1.6/testfcgi.php >.
Reason: DNS lookup failure for: 127.0.0.1:9000testfcgi.php
So, we know two things (I thought) - first that php-fpm is actually
working, and second that we need a / after the socket number to separate
the php file name. This should have gone to the root directory given in
the php-fpm configuration, ( chdir=/httpd/iliffe ) not to the DNS, right?
So, I changed the ProxyPass directive
ProxyPass / "fcgi://127.0.0.1:9000/" enablereuse=on
and I get:
File not found.
With the Loglevel set to debug in Apache and all incoming requests being
proxied to php-fpm, I get:
No input file specified.
from the browser with a log entry of
[Thu Apr 13 13:04:36.552776 2017] [proxy_fcgi:error] [pid 22944:tid
139858336442112] [client 192.168.1.10:48876] AH01071: Got error 'Unable
to open primary script: /httpd/iliffe/testfcgi.php (No such file or
directory)\n'
I didn't paste all the other entries as they are irrelevant to this
situation.
BUT:
[root@prod04 John]# ls -al /proc/22943/root/httpd/iliffe/test*
-rw-rw-r--. 1 John John 5740 Apr 12 16:40
/proc/22943/root/httpd/iliffe/testfcgi.php
So httpd's path includes the php file that I called.
So, tried php-fpm to see if it couldn't find the proper path:
[root@prod04 John]# ps -ef | grep php
root 22100 1 0 12:16 ? 00:00:00 php-fpm: master process
(/usr/php-7.1.3/etc/php-fpm.conf)
phpfpm 22101 22100 0 12:16 ? 00:00:00 php-fpm: pool www
phpfpm 22102 22100 0 12:16 ? 00:00:00 php-fpm: pool www
[root@prod04 John]# ls -al /proc/22100/root/httpd/iliffe/test*
-rw-rw-r--. 1 John John 5740 Apr 12 16:40
/proc/22100/root/httpd/iliffe/testfcgi.php
So php-fpm can also see the php file.
I have no idea why either php-fpm or httpd, whichever is throwing the
error, can't find the file.
It seems that this problem is fairly common, for example:
https://serverfault.com/questions/450628/apache-2-4-php-fpm- proxypassmatch
But this is from 2013, and they resolved it with rewrite rules. With all
the web sites on the Internet using Apache I'm sure that there is a
current solution that actually works!
Has anyone got any ideas?
Thanks,
John
==========================================
On Thursday 13 April 2017 11:10:47 you wrote:
On Wednesday 12 April 2017 22:24:03 Frank wrote:
> On 12/04/17 08:36 PM, John Iliffe wrote:
> > See below.
> >
> > On Wednesday 12 April 2017 20:02:10 Frank wrote:
> >> On 12/04/17 05:34 PM, John Iliffe wrote:
> >>> I am converting my web pages from mod_php to php-fpm, following
> >>> the directions found at: https://wiki.apache.org/httpd/PHP-FPM
> >>> Testing to date indicates that on this server all scripts work
> >>> properly under mod_php.
> >>>
> >>> Both of the following were tried within a <VirtualHost> container
> >>> for the default virtual host.
> >>>
> >>> If I use the "simple" approach from the Wiki:
> >>> ProxyPass "/*.php/" "fcgi://127.0.0.1:9000" enablereuse=on
> >>>
> >>> then the page SOURCE is displayed, PHP never executes. Adding a
> >>> first line of #! /path-to-php-executable doesn't accomplish
> >>> anything. Neither way leads to any errors showing in the php-fpm
> >>> log.
> >>>
> >>>
> >>> Using the "more flexible" approach:
> >>>
> >>> ProxyPassMatch ^/(.*\.php(/.*)?)$
> >>> fcgi://127.0.0.1:9000/httpd/iliffe/$1
> >>>
> >>> enablereuse=on
> >>>
> >>> Gives me a "No Input File Specified" error. This line was cribbed
> >>> from the Wiki example and the path /httpd/iliffe/ is precisely
> >>> where the php script lives, based on the server root and not the
> >>> document root as noted in the Wiki article.
> >>>
> >>> There is no php-fpm error message issued in either case and the
> >>> Apache error entry for the ProxyPassMatch case is:
> >>>
> >>> [Wed Apr 12 16:50:28.688837 2017] [proxy_fcgi:error] [pid
> >>> 13574:tid 140145512003328] [client 192.168.1.10:45240] AH01071:
> >>> Got error 'Unable to open primary script:
> >>> /httpd/iliffe/testfcgi.php (No such file or directory)\n'
> >>>
> >>> I am using mostly the defaults in the php-fpm config and pool
> >>> config files. The default path to the php executable has been
> >>> updated to point to where it really is.
> >>>
> >>> Can anybody see what I might have missed?
> >>>
> >>> Thanks in advance.
> >>>
> >>> John
> >>> =========================================
> >>>
> >>> ------------------------------------------------------------ ------
> >>> -- - To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>
> >> 1) ProxyPass doesn't use PCRE (the wiki does not use PCRE with
> >> ProxyPass, either). You need to use ProxyPassMatch to parse PCRE.
> >
> > I'm not sure what you are saying here. When I used only ProxyPass
> > using the default configuration in the Wiki, the correct page was
> > displayed, it just didn't execute the PHP script and adding the
> > bang-path didn't change anything. The source code was displayed as
> > the page.
> >
> > While it is possible that the ProxyPath directive didn't match
> > anything and Apache tried to handle the script file as a static
> > page, I have been unable to prove that conjecture. The page IS in
> > Apache's document root for this virtual host, so I suppose that is
> > possible. There is no SetHandler directive to handle the .php
> > extension, and my understanding of the documentation is that one
> > should not be required since Apache is not actually running the
> > script.
> >
> >> 2) /httpd/iliffe/testfcgi.php would need to exist on your
> >> filesystem or php-fpm chroot. The requested URI is literally
> >> appended to the path in the ProxyPassMatch directive.
> >
> > Yes, that's what I had expected to happen. php-fpm does not chroot;
> > the true path /httpd/iliffe/testfcgi.php exists in the file system
> > and is visible to php-fpm, based on the simpler configuration.
> > That's what's so weird, the same path gets completely different
> > results, depending on the way the script is called. In this case
> > the $1 amounts to a null since there is no passed data in the URL.
> >
> > Before you ask, I expect SELinux problems with these files because
> > of the tagging, but at the moment SELinux is in permissive mode.
> >
> > John
>
> ProxyPass *cannot* understand PCRE. ProxyPassMatch *can*. Hence, do
> *not* use PCRE with ProxyPass. That is all.
>
> Step 1) Make sure that mod_proxy_fcgi is loaded. See apachectl -M
[root@prod04 John]# /usr/apache-2.4.25/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
.......whole lot of modules skipped here.....
version_module (shared)
proxy_module (shared)
proxy_connect_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_fcgi_module (shared) <------
http2_module (shared)
proxy_http2_module (shared)
The necesary support modules for mod_proxy_fcgi (mod_proxy and
mod_proxy_http2) are also verified as being loaded.
> As for the "Primary Script Unknown" error, it always means that you
> mapped the request to a non-existent resource on the file system /
> chroot. Verify again.
Here is the process root info for php-fpm
[root@prod04 John]# ps -ef | grep php-
root 15368 1 0 Apr12 ? 00:00:00 php-fpm: master process
(/usr/php-7.1.3/etc/php-fpm.conf)
phpfpm 15369 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
phpfpm 15370 15368 0 Apr12 ? 00:00:00 php-fpm: pool www
[root@prod04 John]# ls -al /proc/15368/root
lrwxrwxrwx. 1 root root 0 Apr 13 10:34 /proc/15368/root -> /
Here is the directory for the document root and also the absolute path
that was passed to php-fpm
[root@prod04 John]# ls -al /httpd/iliffe/t*
-rw-rw-r--. 1 John John 5740 Apr 12 16:40 /httpd/iliffe/testfcgi.php
I had already done all of these checks before I asked for help on this
list. The commands used to invoke both ProxyPass and ProxyPassMatch
were cut and pasted from the Wiki. The only change I made was to put
in the correct base directory path.
Also, I did verify that the TCP port (9000) for php-fpm was present and
listening:
[root@prod04 John]# ss -a -n | grep 9000
tcp LISTEN 0 128 127.0.0.1:9000 *:*
tcp LISTEN 0 0 127.0.0.1:9000 *:*
While I don't think it is necessary, since the TCP port is on the
loopback interface, I also opened port 9000 on the internal firewall:
root@prod04 John]# firewall-cmd --list-ports
----other open ports not shown--------
9000/tcp
> The various methods listed on the wiki allow httpd to pass the request
> to a fcgi backend, which will process the php file, and return the
> output. You can use the SetHandler approach instead of ProxyPassMatch
> - it's up to you.
>
> ------------------------------------------------------------ ---------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
John,
What is the full filesystem path, without the chroot?
------------------------------------------------------------ ---------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx