On Thursday 13 April 2017 19:26:52 Daniel wrote: > Always match slashes! > > ProxyPass / "fcgi://127.0.0.1:9000/" > That leads to: File not found. with httpd error log info: [Thu Apr 13 23:01:34.559768 2017] [proxy_fcgi:debug] [pid 4066:tid 140533607941888] mod_proxy_fcgi.c(913): [client 192.168.1.10:43108] AH01076: url: fcgi://127.0.0.1:9000/testfcgi.php proxyname: (null) proxyport: 0 [Thu Apr 13 23:01:34.559774 2017] [proxy_fcgi:debug] [pid 4066:tid 140533607941888] mod_proxy_fcgi.c(920): [client 192.168.1.10:43108] AH01078: serving URL fcgi://127.0.0.1:9000/testfcgi.php [Thu Apr 13 23:01:34.559786 2017] [proxy:debug] [pid 4066:tid 140533607941888] proxy_util.c(2156): AH00942: FCGI: has acquired connection for (127.0.0.1) [Thu Apr 13 23:01:34.559794 2017] [proxy:debug] [pid 4066:tid 140533607941888] proxy_util.c(2209): [client 192.168.1.10:43108] AH00944: connecting fcgi://127.0.0.1:9000/testfcgi.php to 127.0.0.1:9000 [Thu Apr 13 23:01:34.559924 2017] [proxy:debug] [pid 4066:tid 140533607941888] proxy_util.c(2418): [client 192.168.1.10:43108] AH00947: connected /testfcgi.php to 127.0.0.1:9000 [Thu Apr 13 23:01:34.560085 2017] [proxy:debug] [pid 4066:tid 140533607941888] proxy_util.c(2884): AH02824: FCGI: connection established with 127.0.0.1:9000 (127.0.0.1) [Thu Apr 13 23:01:34.560878 2017] [proxy_fcgi:error] [pid 4066:tid 140533607941888] [client 192.168.1.10:43108] AH01071: Got error 'Primary script unknown\n' [Thu Apr 13 23:01:34.561013 2017] [proxy:debug] [pid 4066:tid 140533607941888] proxy_util.c(2171): AH00943: FCGI: has released connection for (127.0.0.1) ************************* Note previous e-mail; I spent some time this afternoon trying to figure out what is going in here and I ***think*** that I will have to use ProxyPassMatch anyway, so here is what I think the directive should look like. ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/httpd/iliffe/$1 enablereuse=on This DOESN'T WORK however, I still get a No input file specified. error, with httpd error log debug info: -------------------------- [Thu Apr 13 23:12:20.597376 2017] [authz_core:debug] [pid 4469:tid 140562504836864] mod_authz_core.c(835): [client 192.168.1.10:45883] AH01628: authorization result: granted (no directives) **** [Thu Apr 13 23:12:20.597432 2017] [proxy_fcgi:debug] [pid 4469:tid 140562504836864] mod_proxy_fcgi.c(84): [client 192.168.1.10:45883] AH01060: set r->filename to proxy:fcgi://127.0.0.1:9000/httpd/iliffe/testfcgi.php **** [Thu Apr 13 23:12:20.597456 2017] [proxy:debug] [pid 4469:tid 140562504836864] mod_proxy.c(1228): [client 192.168.1.10:45883] AH01143: Running scheme fcgi handler (attempt 0) [Thu Apr 13 23:12:20.597464 2017] [proxy_http:debug] [pid 4469:tid 140562504836864] mod_proxy_http.c(1895): [client 192.168.1.10:45883] AH01113: HTTP: declining URL fcgi://127.0.0.1:9000/httpd/iliffe/testfcgi.php [Thu Apr 13 23:12:20.597470 2017] [proxy_fcgi:debug] [pid 4469:tid 140562504836864] mod_proxy_fcgi.c(913): [client 192.168.1.10:45883] AH01076: url: fcgi://127.0.0.1:9000/httpd/iliffe/testfcgi.php proxyname: (null) proxyport: 0 [Thu Apr 13 23:12:20.597475 2017] [proxy_fcgi:debug] [pid 4469:tid 140562504836864] mod_proxy_fcgi.c(920): [client 192.168.1.10:45883] AH01078: serving URL fcgi://127.0.0.1:9000/httpd/iliffe/testfcgi.php [Thu Apr 13 23:12:20.597482 2017] [proxy:debug] [pid 4469:tid 140562504836864] proxy_util.c(2156): AH00942: FCGI: has acquired connection for (*) [Thu Apr 13 23:12:20.597490 2017] [proxy:debug] [pid 4469:tid 140562504836864] proxy_util.c(2209): [client 192.168.1.10:45883] AH00944: connecting fcgi://127.0.0.1:9000/httpd/iliffe/testfcgi.php to 127.0.0.1:9000 ********** [Thu Apr 13 23:12:20.597619 2017] [proxy:debug] [pid 4469:tid 140562504836864] proxy_util.c(2418): [client 192.168.1.10:45883] AH00947: connected /httpd/iliffe/testfcgi.php to 127.0.0.1:9000 *********** [Thu Apr 13 23:12:20.597771 2017] [proxy:debug] [pid 4469:tid 140562504836864] proxy_util.c(2884): AH02824: FCGI: connection established with 127.0.0.1:9000 (*) [Thu Apr 13 23:12:20.598196 2017] [proxy_fcgi:error] [pid 4469:tid 140562504836864] [client 192.168.1.10:45883] AH01071: Got error 'Unable to open primary script: /httpd/iliffe/testfcgi.php (No such file or directory)\n' [Thu Apr 13 23:12:20.598287 2017] [proxy:debug] [pid 4469:tid 140562504836864] proxy_util.c(2171): AH00943: FCGI: has released connection for (*) What I want to bring to your attention is that, according to the log, the second entry, marked by ***, the CORRECT path and file name are being passed to php-fpm. There is nothing at all reported in the php-fpm log. This same info is reiterated in line 9, also marked with *** where the file path/name are broken out separately and both are correct! I demonstrated in an earlier e-mail that the php file does exist and can be reached on both the httpd and php-fpm paths. That is, there is no alternate root activity involved. I'm sure this is a configuration problem but I can't find anything else that seems to be relevant. I have searched the documentation for php-fpm and also for ProxyPassMatch without any suggestions, and also a web search for similar problems (lots, but they all seem to be old or slightly off topic). How would you proceed to debug this? What additional logs are there or other information as to what php-fpm thinks it is seeing? > 2017-04-13 21:27 GMT+02:00 Frank <thumbs@xxxxxxxxxx>: > > On 13/04/17 02:18 PM, John Iliffe wrote: > >> I'm still trying to figure out what is actually happening here and I > >> have a result that is truly confusing now. > >> > >> I decided to just route everything to php-fpm, mainly to check that > >> it is actually active, and I used a file that would have been routed > >> there by ProxyPass/ProxyPassMatch anyhow, so I would have expected > >> php-fpm to run and give me an html page as output. > >> > >> Here's what happened: > >> > >> I set the ProxyPass directive to: > >> > >> ProxyPass / "fcgi://127.0.0.1:9000" enablereuse=on > >> > >> and got the response: > >> > >> Proxy Error > >> > >> The proxy server received an invalid response from an upstream > >> server. The proxy server could not handle the request GET > >> /testfcgi.php <http://192.168.1.6/testfcgi.php>. > >> > >> > >> Reason: DNS lookup failure for: 127.0.0.1:9000testfcgi.php > >> > >> So, we know two things (I thought) - first that php-fpm is actually > >> working, and second that we need a / after the socket number to > >> separate the php file name. This should have gone to the root > >> directory given in the php-fpm configuration, ( chdir=/httpd/iliffe > >> ) not to the DNS, right? > >> > >> So, I changed the ProxyPass directive > >> > >> ProxyPass / "fcgi://127.0.0.1:9000/" enablereuse=on > >> > >> and I get: > >> > >> File not found. > >> > >> With the Loglevel set to debug in Apache and all incoming requests > >> being proxied to php-fpm, I get: > >> > >> No input file specified. > >> > >> from the browser with a log entry of > >> > >> [Thu Apr 13 13:04:36.552776 2017] [proxy_fcgi:error] [pid 22944:tid > >> 139858336442112] [client 192.168.1.10:48876] AH01071: Got error > >> 'Unable to open primary script: /httpd/iliffe/testfcgi.php (No such > >> file or directory)\n' > >> > >> I didn't paste all the other entries as they are irrelevant to this > >> situation. > >> > >> BUT: > >> > >> [root@prod04 John]# ls -al /proc/22943/root/httpd/iliffe/test* > >> > >> -rw-rw-r--. 1 John John 5740 Apr 12 16:40 > >> /proc/22943/root/httpd/iliffe/testfcgi.php > >> > >> So httpd's path includes the php file that I called. > >> > >> So, tried php-fpm to see if it couldn't find the proper path: > >> > >> [root@prod04 John]# ps -ef | grep php > >> > >> root 22100 1 0 12:16 ? 00:00:00 php-fpm: master process > >> (/usr/php-7.1.3/etc/php-fpm.conf) > >> > >> phpfpm 22101 22100 0 12:16 ? 00:00:00 php-fpm: pool www > >> > >> phpfpm 22102 22100 0 12:16 ? 00:00:00 php-fpm: pool www > >> > >> [root@prod04 John]# ls -al /proc/22100/root/httpd/iliffe/test* > >> > >> -rw-rw-r--. 1 John John 5740 Apr 12 16:40 > >> /proc/22100/root/httpd/iliffe/testfcgi.php > >> > >> So php-fpm can also see the php file. > >> > >> I have no idea why either php-fpm or httpd, whichever is throwing the > >> error, can't find the file. > >> > >> It seems that this problem is fairly common, for example: > >> > >> https://serverfault.com/questions/450628/apache-2-4-php-fpm- > >> proxypassmatch > >> > >> But this is from 2013, and they resolved it with rewrite rules. With > >> all the web sites on the Internet using Apache I'm sure that there > >> is a current solution that actually works! > >> > >> Has anyone got any ideas? > >> > >> Thanks, > >> > >> John > >> > >> ========================================== > >> > >> On Thursday 13 April 2017 11:10:47 you wrote: > >> > >> On Wednesday 12 April 2017 22:24:03 Frank wrote: > >> > On 12/04/17 08:36 PM, John Iliffe wrote: > >> > > See below. > >> > > > >> > > On Wednesday 12 April 2017 20:02:10 Frank wrote: > >> > >> On 12/04/17 05:34 PM, John Iliffe wrote: > >> > >>> I am converting my web pages from mod_php to php-fpm, following > >> > >>> > >> > >>> > >> > >>> the directions found at: https://wiki.apache.org/httpd/PHP-FPM > >> > >>> > >> > >>> > >> > >>> Testing to date indicates that on this server all scripts work > >> > >>> > >> > >>> > >> > >>> properly under mod_php. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> Both of the following were tried within a <VirtualHost> > >> > >>> container > >> > >>> > >> > >>> > >> > >>> for the default virtual host. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> If I use the "simple" approach from the Wiki: > >> > >>> > >> > >>> > >> > >>> ProxyPass "/*.php/" "fcgi://127.0.0.1:9000" enablereuse=on > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> then the page SOURCE is displayed, PHP never executes. Adding a > >> > >>> > >> > >>> > >> > >>> first line of #! /path-to-php-executable doesn't accomplish > >> > >>> > >> > >>> > >> > >>> anything. Neither way leads to any errors showing in the > >> > >>> php-fpm > >> > >>> > >> > >>> > >> > >>> log. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> Using the "more flexible" approach: > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> ProxyPassMatch ^/(.*\.php(/.*)?)$ > >> > >>> > >> > >>> > >> > >>> fcgi://127.0.0.1:9000/httpd/iliffe/$1 > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> enablereuse=on > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> Gives me a "No Input File Specified" error. This line was > >> > >>> cribbed > >> > >>> > >> > >>> > >> > >>> from the Wiki example and the path /httpd/iliffe/ is precisely > >> > >>> > >> > >>> > >> > >>> where the php script lives, based on the server root and not > >> > >>> the > >> > >>> > >> > >>> > >> > >>> document root as noted in the Wiki article. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> There is no php-fpm error message issued in either case and the > >> > >>> > >> > >>> > >> > >>> Apache error entry for the ProxyPassMatch case is: > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> [Wed Apr 12 16:50:28.688837 2017] [proxy_fcgi:error] [pid > >> > >>> > >> > >>> > >> > >>> 13574:tid 140145512003328] [client 192.168.1.10:45240] AH01071: > >> > >>> > >> > >>> > >> > >>> Got error 'Unable to open primary script: > >> > >>> > >> > >>> > >> > >>> /httpd/iliffe/testfcgi.php (No such file or directory)\n' > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> I am using mostly the defaults in the php-fpm config and pool > >> > >>> > >> > >>> > >> > >>> config files. The default path to the php executable has been > >> > >>> > >> > >>> > >> > >>> updated to point to where it really is. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> Can anybody see what I might have missed? > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> Thanks in advance. > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> John > >> > >>> > >> > >>> > >> > >>> ========================================= > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> --------------------------------------------------------------- > >> > >>> --- > >> > >>> > >> > >>> > >> > >>> -- - To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >> > >>> > >> > >>> > >> > >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > >> > >> > >> > >> 1) ProxyPass doesn't use PCRE (the wiki does not use PCRE with > >> > >> > >> > >> > >> > >> ProxyPass, either). You need to use ProxyPassMatch to parse > >> > >> PCRE. > >> > > > >> > > I'm not sure what you are saying here. When I used only ProxyPass > >> > > > >> > > > >> > > using the default configuration in the Wiki, the correct page was > >> > > > >> > > > >> > > displayed, it just didn't execute the PHP script and adding the > >> > > > >> > > > >> > > bang-path didn't change anything. The source code was displayed > >> > > as > >> > > > >> > > > >> > > the page. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > While it is possible that the ProxyPath directive didn't match > >> > > > >> > > > >> > > anything and Apache tried to handle the script file as a static > >> > > > >> > > > >> > > page, I have been unable to prove that conjecture. The page IS in > >> > > > >> > > > >> > > Apache's document root for this virtual host, so I suppose that > >> > > is > >> > > > >> > > > >> > > possible. There is no SetHandler directive to handle the .php > >> > > > >> > > > >> > > extension, and my understanding of the documentation is that one > >> > > > >> > > > >> > > should not be required since Apache is not actually running the > >> > > > >> > > > >> > > script. > >> > > > >> > >> 2) /httpd/iliffe/testfcgi.php would need to exist on your > >> > >> > >> > >> > >> > >> filesystem or php-fpm chroot. The requested URI is literally > >> > >> > >> > >> > >> > >> appended to the path in the ProxyPassMatch directive. > >> > > > >> > > Yes, that's what I had expected to happen. php-fpm does not > >> > > chroot; > >> > > > >> > > > >> > > the true path /httpd/iliffe/testfcgi.php exists in the file > >> > > system > >> > > > >> > > > >> > > and is visible to php-fpm, based on the simpler configuration. > >> > > > >> > > > >> > > That's what's so weird, the same path gets completely different > >> > > > >> > > > >> > > results, depending on the way the script is called. In this case > >> > > > >> > > > >> > > the $1 amounts to a null since there is no passed data in the > >> > > URL. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > Before you ask, I expect SELinux problems with these files > >> > > because > >> > > > >> > > > >> > > of the tagging, but at the moment SELinux is in permissive mode. > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > John > >> > > >> > ProxyPass *cannot* understand PCRE. ProxyPassMatch *can*. Hence, do > >> > > >> > > >> > *not* use PCRE with ProxyPass. That is all. > >> > > >> > > >> > > >> > > >> > > >> > Step 1) Make sure that mod_proxy_fcgi is loaded. See apachectl -M > >> > >> [root@prod04 John]# /usr/apache-2.4.25/bin/apachectl -M > >> > >> > >> Loaded Modules: > >> > >> > >> core_module (static) > >> > >> > >> so_module (static) > >> > >> > >> .......whole lot of modules skipped here..... > >> > >> > >> > >> > >> version_module (shared) > >> > >> > >> proxy_module (shared) > >> > >> > >> proxy_connect_module (shared) > >> > >> > >> proxy_ftp_module (shared) > >> > >> > >> proxy_http_module (shared) > >> > >> > >> proxy_fcgi_module (shared) <------ > >> > >> > >> http2_module (shared) > >> > >> > >> proxy_http2_module (shared) > >> > >> > >> > >> > >> The necesary support modules for mod_proxy_fcgi (mod_proxy and > >> > >> > >> mod_proxy_http2) are also verified as being loaded. > >> > >> > As for the "Primary Script Unknown" error, it always means that you > >> > > >> > > >> > mapped the request to a non-existent resource on the file system / > >> > > >> > > >> > chroot. Verify again. > >> > >> Here is the process root info for php-fpm > >> > >> > >> > >> > >> [root@prod04 John]# ps -ef | grep php- > >> > >> > >> root 15368 1 0 Apr12 ? 00:00:00 php-fpm: master process > >> > >> > >> (/usr/php-7.1.3/etc/php-fpm.conf) > >> > >> > >> phpfpm 15369 15368 0 Apr12 ? 00:00:00 php-fpm: pool www > >> > >> > >> phpfpm 15370 15368 0 Apr12 ? 00:00:00 php-fpm: pool www > >> > >> > >> > >> > >> [root@prod04 John]# ls -al /proc/15368/root > >> > >> > >> lrwxrwxrwx. 1 root root 0 Apr 13 10:34 /proc/15368/root -> / > >> > >> > >> > >> > >> Here is the directory for the document root and also the absolute > >> path > >> > >> > >> that was passed to php-fpm > >> > >> > >> > >> > >> [root@prod04 John]# ls -al /httpd/iliffe/t* > >> > >> > >> -rw-rw-r--. 1 John John 5740 Apr 12 16:40 /httpd/iliffe/testfcgi.php > >> > >> > >> > >> > >> I had already done all of these checks before I asked for help on > >> this > >> > >> > >> list. The commands used to invoke both ProxyPass and ProxyPassMatch > >> > >> > >> were cut and pasted from the Wiki. The only change I made was to put > >> > >> > >> in the correct base directory path. > >> > >> > >> > >> > >> Also, I did verify that the TCP port (9000) for php-fpm was present > >> and > >> > >> > >> listening: > >> > >> > >> > >> > >> [root@prod04 John]# ss -a -n | grep 9000 > >> > >> > >> tcp LISTEN 0 128 127.0.0.1:9000 *:* > >> > >> > >> tcp LISTEN 0 0 127.0.0.1:9000 *:* > >> > >> > >> > >> > >> While I don't think it is necessary, since the TCP port is on the > >> > >> > >> loopback interface, I also opened port 9000 on the internal firewall: > >> > >> > >> > >> > >> root@prod04 John]# firewall-cmd --list-ports > >> > >> > >> ----other open ports not shown-------- > >> > >> > >> 9000/tcp > >> > >> > The various methods listed on the wiki allow httpd to pass the > >> > request > >> > > >> > > >> > to a fcgi backend, which will process the php file, and return the > >> > > >> > > >> > output. You can use the SetHandler approach instead of > >> > ProxyPassMatch > >> > > >> > > >> > - it's up to you. > >> > > >> > > >> > > >> > > >> > > >> > ------------------------------------------------------------------- > >> > -- > >> > > >> > > >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >> > > >> > > >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > John, > > > > What is the full filesystem path, without the chroot? > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx