karljohns0n / nginx-more

Development repository for nginx-more package
MIT License
120 stars 29 forks source link

Error 502 #15

Closed erus00 closed 4 years ago

erus00 commented 4 years ago

Hi Karl,

I know it is going to be a stupid question and I am very sorry for that but I am just beginning and have been trying to find the solution for 2 days. I just can't find why PHP is not working with nginx-more. Could you please put me in the right direction?

I deactivated SELinux for the tests just to be sure it is not on the way.

I installed nginx-more on a Google-Cloud instance. Here is the config:

Nginx works => I can see /usr/share/nginx/html/index.html when browsing the IP.

However, I cannot see any PHP files. => when creating /usr/share/nginx/html/phpinfo.php and visiting the IP/phpinfo.php I get NGINX / 502 Bad Gateway So I Nginx works but php-fpm is not responding apparently?

I do not understand as /etc/php-fpm.d/www.conf is pointing to /run/php-fpm/www.sock. The same install with normal Nginx works out of the box.

Here are the status:

sudo systemctl status nginx

● nginx.service - nginx - high performance web server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nginx.service.d └─php-fpm.conf Active: active (running) since Thu 2020-06-11 14:20:42 AEST; 18min ago Docs: http://nginx.org/en/docs/ Process: 9607 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS) Process: 9527 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 9610 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS) Main PID: 9612 (nginx) Tasks: 5 (limit: 22150) Memory: 23.1M CGroup: /system.slice/nginx.service ├─9612 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf ├─9613 nginx: worker process └─9614 nginx: cache manager process

Jun 11 14:20:42 centostest systemd[1]: Stopped nginx - high performance web server. Jun 11 14:20:42 centostest systemd[1]: Starting nginx - high performance web server... Jun 11 14:20:42 centostest systemd[1]: nginx.service: Can't open PID file /var/run/nginx.pid (yet?) after start: No such file or directory Jun 11 14:20:42 centostest systemd[1]: Started nginx - high performance web server.

sudo systemctl status php-fpm

● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-06-11 13:12:52 AEST; 1h 41min ago Main PID: 6762 (php-fpm) Status: "Processes active: 0, idle: 5, Requests: 6, slow: 0, Traffic: 0req/sec" Tasks: 6 (limit: 22150) Memory: 29.2M CGroup: /system.slice/php-fpm.service ├─6762 php-fpm: master process (/etc/php-fpm.conf) ├─6763 php-fpm: pool www ├─6764 php-fpm: pool www ├─6765 php-fpm: pool www ├─6766 php-fpm: pool www └─6767 php-fpm: pool www

Jun 11 13:12:52 centostest systemd[1]: Stopped The PHP FastCGI Process Manager. Jun 11 13:12:52 centostest systemd[1]: Starting The PHP FastCGI Process Manager... Jun 11 13:12:52 centostest systemd[1]: Started The PHP FastCGI Process Manager.

sudo systemctl status mysql

● mysqld.service - MySQL Server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-06-10 23:36:49 AEST; 15h ago Docs: man:mysqld(8) http://dev.mysql.com/doc/refman/en/using-systemd.html Process: 944 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS) Main PID: 1796 (mysqld) Status: "Server is operational" Tasks: 40 (limit: 22150) Memory: 550.4M CGroup: /system.slice/mysqld.service └─1796 /usr/sbin/mysqld

Jun 10 23:36:37 centostest systemd[1]: Starting MySQL Server... Jun 10 23:36:49 centostest systemd[1]: Started MySQL Server.

Thanks a lot

erus00 commented 4 years ago

I am now reading the USER-GUIDE, I think I will probably find answer to my questions there. Thanks

karljohns0n commented 4 years ago

Hi,

Nginx works => I can see /usr/share/nginx/html/index.html when browsing the IP.

However, I cannot see any PHP files. => when creating /usr/share/nginx/html/phpinfo.php and visiting the IP/phpinfo.php I get NGINX / 502 Bad Gateway So I Nginx works but php-fpm is not responding apparently?

Is your PHP-FPM listening on the default port (9000) or on a socket? If socket, try switching it for 127.0.0.1:9000 and the default vhost (/usr/share/nginx/html) with works out of the box.

For any other vhosts:

Use this line in your vhost if php is listening on 9000:

include conf.d/custom/fpm-default.conf;

Use this line in your vhost if php is listening on user socket:

set $fpmuser www;
include conf.d/custom/fpm-default-users.conf;

Karl

erus00 commented 4 years ago

Thanks so much Karl.

It works now, thank you very much. I finally understood that I have to build the mysitedomain.conf in "/etc/nginx/conf.d/vhosts". I was just putting my old mysitedomain.conf under /etc/nginx/conf.d/ so it wouldn't find it. Sorry...

I really like what you have done.

Could I ask you several questions please?:

1- How could I fix the following error in Nginx status: " Jun 11 14:20:42 centostest systemd[1]: nginx.service: Can't open PID file /var/run/nginx.pid (yet?) after start: No such file or directory"

2- Should I create a "mysitedomain-ssl.conf" based on "ssl.conf-example" for every host then include it in "mysitedomain.conf" or is there a smarter way to do it for multiple domains / hosts?

3- I use "include conf.d/custom/fpm-wordpress-cache-users.conf;" as I would like to activate the cache and setup 1 user/pool per domain but I am getting into problem doing this.

For example to serve a subdomain called "wp2.mysitedomain" with a pool called "wp2user" I:

The problem I am getting is that it will NOT work if I directly use "set $fpmuser wp2user;" in mysitedomain.conf. I have to first put "set $fpmuser www;" in mysitedomain.conf, then reloaded php-fpm and Nginx (then it works under www - HTOP shows), and then again change to "set $fpmuser wp2user;", then again reloaded php-fpm and Nginx (then it works under wp2user - HTOP shows).

The pool wp2user will not work by itself, it is like the "wp2.mysitedomain" site first has to be started under "www" pool before to be passed to "wp2user" pool. wp2user poll can't "initiate" it by itself.

If I reboot the system, wp2user will stop working after reboot. I have to do the www / wp2user exchange trick again to make it work.

Do you know why it is doing this and the way to make wp2user pool work independently from www pool?

Thank you very much for your help Karl.

karljohns0n commented 4 years ago

Hi,

1- How could I fix the following error in Nginx status: " Jun 11 14:20:42 centostest systemd[1]: nginx.service: Can't open PID file /var/run/nginx.pid (yet?) after start: No such file or directory"

I can't reproduce this in a CentOS 8 docker:

[root@5cf0574aa9b1 ~]# yum install nginx-more -q -y
[root@5cf0574aa9b1 ~]# systemctl start nginx
[root@5cf0574aa9b1 ~]# ls -al /var/run/nginx.pid 
-rw-r--r-- 1 root root 4 Jun 15 23:19 /var/run/nginx.pid
[root@5cf0574aa9b1 ~]# cat /var/run/nginx.pid 
205
[root@5cf0574aa9b1 ~]# systemctl status 205
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-06-15 23:19:40 UTC; 3min 40s ago
     Docs: http://nginx.org/en/docs/
  Process: 204 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 205 (nginx)
    Tasks: 11 (limit: 25004)
   Memory: 26.3M
   CGroup: /docker/5cf0574aa9b1d3bbaa8e7c1737dea13c638a1048a23eb1df03776d5260cfff45/system.slice/nginx.service
           ├─205 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           ├─206 nginx: worker process
           ├─207 nginx: worker process
           ├─208 nginx: worker process
           ├─209 nginx: worker process
           └─210 nginx: cache manager process

Jun 15 23:19:40 5cf0574aa9b1 systemd[1]: Starting nginx - high performance web server...
Jun 15 23:19:40 5cf0574aa9b1 systemd[1]: Started nginx - high performance web server.
[root@5cf0574aa9b1 ~]# 

2- Should I create a "mysitedomain-ssl.conf" based on "ssl.conf-example" for every host then include it in "mysitedomain.conf" or is there a smarter way to do it for multiple domains / hosts?

It's really up to you. On small setup, I use the same ssl.global.conf for all vhosts using Let's Encrypt. This way, it takes only few seconds to add new websites with SSL. For large or custom setup, you could use different ssl configuration for each vhost.

3- I use "include conf.d/custom/fpm-wordpress-cache-users.conf;" as I would like to activate the cache and setup 1 user/pool per domain but I am getting into problem doing this.

For example to serve a subdomain called "wp2.mysitedomain" with a pool called "wp2user" I:

  • created "/etc/php-fpm.d/wp2user.conf" with light content
  • put "set $fpmuser wp2user" in /etc/nginx/conf.d/vhosts/mysitedomain.conf
  • created user and group called "wp2user"
  • reloaded php-fpm and nginx

The problem I am getting is that it will NOT work if I directly use "set $fpmuser wp2user;" in mysitedomain.conf. I have to first put "set $fpmuser www;" in mysitedomain.conf, then reloaded php-fpm and Nginx (then it works under www - HTOP shows), and then again change to "set $fpmuser wp2user;", then again reloaded php-fpm and Nginx (then it works under wp2user - HTOP shows).

The pool wp2user will not work by itself, it is like the "wp2.mysitedomain" site first has to be started under "www" pool before to be passed to "wp2user" pool. wp2user poll can't "initiate" it by itself.

If I reboot the system, wp2user will stop working after reboot. I have to do the www / wp2user exchange trick again to make it work.

Do you know why it is doing this and the way to make wp2user pool work independently from www pool?

Your issue seems related to php-fpm, it has nothing to do with nginx. Your fpm pool shouldn't stop working after a reboot. Set your "www" pool on TCP 9000 and your "wp2user" pool on a socket, lets say wp2user.sock. It's getting out of nginx-more support but here's how it should looks like:

[wp2user]
user = wp2user
group = wp2user
listen = /run/php-fpm/wp2user.sock
listen.owner = nginx
listen.group = wp2user

Karl

erus00 commented 4 years ago

Thanks a lot Karl,

I got PHP-FPM working with the following in /etc/php-fpm.d/wp2user.conf :

If "listen.group" is not = Nginx then it won't work.

`[wp2user] user = wp2user group = wp2user listen = /run/php-fpm/wp2user.sock listen.owner = wp2user listen.group = nginx ;listen.mode = 0660

listen.allowed_clients = 127.0.0.1

pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3

;pm.process_idle_timeout = 10s; ;pm.max_requests = 500 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 128M php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache ;php_value[opcache.file_cache] = /var/lib/php/opcache

;php_admin_value[disable_functions] = exec,passthru,shell_exec,system ;php_admin_flag[allow_url_fopen] = off `

The last question is about GEOIP2:

I put the following in /etc/nginx/nginx.conf, just at the top of http {...}

` geoip2 /home/testprofile/server/assets/GeoLite2-Country.mmdb { auto_reload 60m; $geoip2_metadata_country_build metadata build_epoch; $geoip2_data_country_code country iso_code; $geoip2_data_country_name country names en; $geoip2_data_continent_code continent code; }

    map $geoip2_data_country_code $allowed_country {
    default no;
    CA yes;
    US yes;
    }

`

And I put the following in /etc/nginx/conf.d/vhosts/wp2.mydomain.conf

` if ($allowed_country = no) { return 403; }

add_header X-GeoCode $geoip2_data_country_code; `

After reloading Nginx and visiting the website from AU I still have full access. If I check the headers, I can't find X-GeoCode anywhere.

I do not seem to be able to add headers. I noticed that you implemented "headers-more-nginx-module", is the reason for not being able to "add-header" or am I just not doing it the right way?

Thanks a lot.

erus00 commented 4 years ago

It is FIXED

It seems that the problem was coming from the fact that I was calling GeoLite2-Country.mmdb from a different directory than /usr/share/GeoIP2/? I fixed that and it is working now.

sudo vim /etc/nginx/nginx.conf

http { geoip2 /usr/share/GeoIP2/GeoLite2-Country.mmdb { auto_reload 60m; $geoip2_metadata_country_build metadata build_epoch; $geoip2_data_country_code country iso_code; $geoip2_data_country_name country names en; $geoip2_data_continent_code continent code; } ....}

===========================

sudo vim /etc/nginx/conf.d/vhosts/wp2.mydomain.conf

=========================== map $geoip2_data_country_code $allowed_country { default no; CA yes; US yes; }

server { listen 80; server_name wp3.mydomain.com.au www.wp3.mydomain.com.au; return 301 https://wp3.mydomain.com.au$request_uri; }

server { listen 443 ssl http2; server_name wp3.mydomain.com.au www.wp3.mydomain.com.au; root /var/www/html/wp3.mydomain.com.au; index index.php index.html index.htm;

    access_log /var/log/nginx/wp3.mydomain.com.au-access_log main;
    error_log /var/log/nginx/wp3.mydomain.com.au-error_log warn;

    add_header X-GeoCode $geoip2_data_country_code;
    set $fpmuser wp3user;n 444; }return 403; } 

==========================

However, I am getting a new problem: When accessing the test site from allowed countries I am getting issues with the css:

image

image

If I refresh it a few time it works correctly, then refresh again and the css is gone again.

Do you have any idea, please? Thanks

karljohns0n commented 4 years ago

If I refresh it a few time it works correctly, then refresh again and the css is gone again.

Do you have any idea, please?

The 404 seems to be on a CSS file optimized by PageSpeed. You could try disabling PageSpeed for this vhost (comment the include), see if it fix this issue and then investigate from there.

Karl

erus00 commented 4 years ago

Thanks Karl, I don't know what happened/I did but the error is not there anymore so I am happy.

I have put "add_header x-geocountry $geoip2_data_country_code;" in the conf file so I am receiving "x-geocountry:AU" in the headers. I would like to use this value is a snippet in WordPress.

Could you please let me know how I could transfer the GEOIP value from PHP to a variable in my Wordpress snippet? Thanks a lot

karljohns0n commented 4 years ago

Sorry, PHP / WordPress support is out of scope here.