Re: Apache 2.4 with event, PHP 8.0 fpm on FreeBSD 13, pool keeps dying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

The php-fpm has a user and group of www and the document root is owned
and viewable by that user and group.

The apache configuration block for the document root is:

<Directory "/usr/vhosts/example.com/htdocs/">
 Options FollowSymLinks
SSLRequireSSL
AllowOverride None
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip
Require all granted
</Directory>

Thanks.
Dave.


On 7/15/22, Deepak Goel <deicool@xxxxxxxxx> wrote:
> can you please check if that folder is accessible to php?
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are treated
> - Mahatma Gandhi"
>
> +91 73500 12833
> deicool@xxxxxxxxx
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
>
> On Fri, Jul 15, 2022 at 4:20 PM David Mehler <dave.mehler@xxxxxxxxx> wrote:
>
>> Hello,
>>
>> The info.php file is in my documentroot.
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/15/22, Deepak Goel <deicool@xxxxxxxxx> wrote:
>> > where have you stored the file info.php? Directory?
>> >
>> >
>> > Deepak
>> > "The greatness of a nation can be judged by the way its animals are
>> treated
>> > - Mahatma Gandhi"
>> >
>> > +91 73500 12833
>> > deicool@xxxxxxxxx
>> >
>> > Facebook: https://www.facebook.com/deicool
>> > LinkedIn: www.linkedin.com/in/deicool
>> >
>> > "Plant a Tree, Go Green"
>> >
>> > Make In India : http://www.makeinindia.com/home
>> >
>> >
>> > On Fri, Jul 15, 2022 at 10:34 AM David Mehler <dave.mehler@xxxxxxxxx>
>> > wrote:
>> >
>> >> Hello,
>> >>
>> >> I'm trying to run Apache 2.4 with event mpm, PHP 8.0 fpm on a FreeBSD
>> >> 13 system. To test I've got a PHP info file but when I atempt to load
>> >> it I'm getting a 5xx file not found message. Checking the PHP fpm and
>> >> other logs it looks like my pool is dying and restarting very quickly.
>> >> My configuration minus comments is below including logs.
>> >>
>> >> I'd appreciate any assistance.
>> >>
>> >> Thanks.
>> >> Dave.
>> >>
>> >> #cat example.com.conf
>> >> # The example.com http virtual host
>> >> <VirtualHost *:80>
>> >> # Redirects all http port 80 traffic to https port 443
>> >> RewriteEngine On
>> >> RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
>> >> </VirtualHost>
>> >>
>> >> # The example.com https virtual host
>> >> <VirtualHost *:443 [2600:3c03:e000:1aa:abcd::2073]:443>
>> >> ServerAdmin webmaster@xxxxxxxxxxx
>> >> ServerName example.com
>> >> ServerAlias www.example.com
>> >> DocumentRoot "/usr/vhosts/example.com/htdocs/"
>> >> # I have tried both with and without this next line, doesn't seem to
>> >> make a difference
>> >>         ProxyPassMatch ^/(.*\.php)$
>> >> fcgi://127.0.0.1:9000/usr/local/www/site1/public_html/$1
>> >>
>> >> ErrorLog /usr/vhosts/example.com/logs/error.log
>> >> CustomLog /usr/vhosts/example.com/logs/access.log combined
>> >> ExpiresActive on
>> >> ExpiresByType image/jpg "access plus 1 month"
>> >> ExpiresByType image/gif "access plus 1 month"
>> >> ExpiresByType image/jpeg "access plus 1 month"
>> >> ExpiresByType image/png "access plus 1 month"
>> >> ExpiresByType image/webp "access plus 1 month"
>> >>
>> >> # TLS Configuration
>> >> # RSA
>> >> SSLEngine on
>> >> SSLCertificateFile "/usr/local/etc/ssl/
>> acme.sh/example.com/fullchain.crt"
>> >> SSLCertificateKeyFile
>> >> "/usr/local/etc/ssl/acme.sh/example.com/private/server.key"
>> >>
>> >> # ECDSA
>> >> SSLCertificateFile "/usr/local/etc/ssl/
>> >> acme.sh/example.com_ecc/fullchain.crt"
>> >> SSLCertificateKeyFile
>> >> "/usr/local/etc/ssl/acme.sh/example.com_ecc/private/server-ec256.key"
>> >>
>> >> # Support OCSP Stapling
>> >> SSLCACertificateFile
>> >> "/usr/local/etc/ssl/acme.sh/example.com/cacert.crt
>> "
>> >> SSLUseStapling on
>> >>
>> >> ErrorDocument 404 /errordocs/error404.html
>> >>     ErrorDocument 500 /errordocs/error50x.html
>> >>     ErrorDocument 501 /errordocs/error50x.html
>> >>     ErrorDocument 502 /errordocs/error50x.html
>> >>     ErrorDocument 503 /errordocs/error50x.html
>> >>     ErrorDocument 504 /errordocs/error50x.html
>> >>
>> >>     <Files "error404.html">
>> >>         <If "-z %{ENV:REDIRECT_STATUS}">
>> >>             RedirectMatch 404 ^/errordocs/error404.html$
>> >>         </If>
>> >>     </Files>
>> >>
>> >>     <Files "error50x.html">
>> >>         <If "-z %{ENV:REDIRECT_STATUS}">
>> >>             RedirectMatch 404 ^/errordocs/error50x.html$
>> >>         </If>
>> >>     </Files>
>> >>
>> >> H2Direct on
>> >> Protocols h2 h2c http/1.1
>> >>
>> >> <Directory "/usr/vhosts/example.com/htdocs/">
>> >>  Options FollowSymLinks
>> >> SSLRequireSSL
>> >> AllowOverride None
>> >> SetOutputFilter DEFLATE
>> >> SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip
>> >> Require all granted
>> >> </Directory>
>> >> </VirtualHost>
>> >>
>> >> #cat ../modules.d/030_php-fpm.conf
>> >> <IfModule proxy_fcgi_module>
>> >> <IfModule dir_module>
>> >> DirectoryIndex index.php
>> >> </IfModule>
>> >> <FilesMatch "\.(php|phtml|inc)$">
>> >> SetHandler "proxy:fcgi://127.0.0.1:9000"
>> >> </FilesMatch>
>> >> </IfModule>
>> >>
>> >> #cat /usr/local/etc/php-fpm.conf
>> >> [global]
>> >> pid = run/php-fpm.pid
>> >> error_log = log/php-fpm.log
>> >> syslog.facility = daemon
>> >> syslog.ident = php-fpm
>> >> log_level = notice
>> >> emergency_restart_threshold = 2
>> >> emergency_restart_interval = 30
>> >> process_control_timeout = 60
>> >> process.max = 128
>> >> daemonize = yes
>> >> include=/usr/local/etc/php-fpm.d/*.conf
>> >>
>> >> #cat php-fpm.d/www.conf
>> >> [www]
>> >> user = www
>> >> group = www
>> >> listen = 127.0.0.1:9000
>> >> listen.backlog = -1
>> >> listen.allowed_clients = 127.0.0.1
>> >> pm = dynamic
>> >> pm.max_children = 5
>> >> pm.start_servers = 2
>> >> pm.min_spare_servers = 1
>> >> pm.max_spare_servers = 3
>> >> pm.max_requests = 500
>> >> request_terminate_timeout = 300
>> >> security.limit_extensions = .php
>> >>
>> >> #sockstat -4|grep 80
>> >> www      httpd      93392 3  tcp4   172.16.21.4:80        *:*
>> >> root     httpd      93169 3  tcp4   172.16.21.4:80        *:*
>> >>
>> >> #sockstat -4|grep 443
>> >> www      httpd      93392 4  tcp4   172.16.21.4:443       *:*
>> >> root     httpd      93169 4  tcp4   172.16.21.4:443       *:*
>> >>
>> >> #sockstat -4|grep 9000
>> >> www      php-fpm    97114 5  tcp4   127.0.0.1:9000        *:*
>> >> www      php-fpm    69517 5  tcp4   127.0.0.1:9000        *:*
>> >> root     php-fpm    68909 7  tcp4   127.0.0.1:9000        *:*
>> >>
>> >> The following logs show atempts to pull https://example.com/info.php
>> >> #tail -f /var/log/httpd-error.log
>> >> [Thu Jul 14 22:13:37.968678 2022] [:notice] [pid 92921:tid
>> >> 34372395008] ModSecurity: Status engine is currently disabled, enable
>> >> it by set SecStatusEngine to On.
>> >> [2022-07-14 22:13:38.001775] [ssl:warn] - - AH01873: Init: Session
>> >> Cache is not configured [hint: SSLSessionCache]
>> >> [2022-07-14 22:13:38.014566] [mpm_event:notice] - - AH00489:
>> >> Apache/2.4.54 (FreeBSD) OpenSSL/1.1.1o-freebsd configured -- resuming
>> >> normal operations
>> >> [2022-07-14 22:13:38.014640] [core:notice] - - AH00094: Command line:
>> >> '/usr/local/sbin/httpd -D NOHTTPACCEPT'
>> >>
>> >>  #cat /var/log/php-fpm.log
>> >> [14-Jul-2022 22:14:29] NOTICE: [pool www] child 97114 started
>> >> [14-Jul-2022 22:25:17] WARNING: [pool www] child 97114 exited with
>> >> code 1 after 647.455507 seconds from start
>> >> [14-Jul-2022 22:25:17] NOTICE: [pool www] child 33415 started
>> >>
>> >> #tail -f /var/log/php-fpm.log
>> >> [14-Jul-2022 19:28:06] WARNING: [pool www] child 79787 exited with
>> >> code 1 after 5.163854 seconds from start
>> >> [14-Jul-2022 19:28:06] NOTICE: [pool www] child 80268 started
>> >> [14-Jul-2022 19:56:37] WARNING: [pool www] child 80268 exited with
>> >> code 1 after 1710.418178 seconds from start
>> >> [14-Jul-2022 19:56:37] NOTICE: [pool www] child 79931 started
>> >> [14-Jul-2022 19:56:38] WARNING: [pool www] child 79931 exited with
>> >> code 1 after 1.087571 seconds from start
>> >> [14-Jul-2022 19:56:38] NOTICE: [pool www] child 80050 started
>> >> [14-Jul-2022 22:14:29] WARNING: [pool www] child 80050 exited with
>> >> code 1 after 8271.738229 seconds from start
>> >> [14-Jul-2022 22:14:29] NOTICE: [pool www] child 97114 started
>> >> [14-Jul-2022 22:25:17] WARNING: [pool www] child 97114 exited with
>> >> code 1 after 647.455507 seconds from start
>> >> [14-Jul-2022 22:25:17] NOTICE: [pool www] child 33415 started
>> >> [14-Jul-2022 22:26:56] WARNING: [pool www] child 33415 exited with
>> >> code 1 after 99.012734 seconds from start
>> >> [14-Jul-2022 22:26:56] NOTICE: [pool www] child 39965 started
>> >> [14-Jul-2022 22:27:34] WARNING: [pool www] child 39965 exited with
>> >> code 1 after 37.896866 seconds from start
>> >> [14-Jul-2022 22:27:34] NOTICE: [pool www] child 41537 started
>> >>
>> >> # cat error.log
>> >> [2022-07-14 22:14:29.944156] [proxy_fcgi:error] xxx.xxx.xxx.xxx:53446
>> >> YtDNhUBXweelCEHVKI1z7AAAEwk AH01067: Failed to read FastCGI header
>> >> [2022-07-14 22:14:29.944242] [proxy_fcgi:error] xxx.xxx.xxx.xxx:53446
>> >> YtDNhUBXweelCEHVKI1z7AAAEwk AH01075: Error dispatching request to :
>> >> [2022-07-14 22:25:17.335654] [ssl:error] - - AH01936:
>> >> stapling_check_response: response times invalid
>> >> [2022-07-14 22:25:17.335803] [ssl:error] - - AH01943:
>> >> stapling_renew_response: error in retrieved response!
>> >> [2022-07-14 22:25:17.412204] [proxy_fcgi:error] xxx.xxx.xxx.xxx:53467
>> >> YtDQDUBXweelCEHVKI1z8AAACwk AH01067: Failed to read FastCGI header
>> >> [2022-07-14 22:25:17.412280] [proxy_fcgi:error] xxx.xxx.xxx.xxx:53467
>> >> YtDQDUBXweelCEHVKI1z8AAACwk AH01075: Error dispatching request to :
>> >>
>> >> #ls -l info.php
>> >> -rw-r--r--  1 root  www  20 Jul 12 15:33 info.php
>> >>
>> >> #cat info.php
>> >> <?php
>> >> phpinfo();
>> >> ?>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux