Question:
I am trying to configure my webserver using Nginx and php-fpm
I have successfully configured before in my local computer and dev server, but not now in AWS.
The only difference is I installed Nginx from a source in production server
It gives an error like these in my /var/log/nginx/error.log
|
1 2 |
2014/03/11 11:09:19 [error] 11138#0: *1 FastCGI sent in stderr: "Access to the script '/home/ambassador-portal/ambassador-api/web' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 202.62.16.225, server: brandapi.whatiwear.com, request: "GET /app_dev.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "brandapi.whatiwear.com", referrer: "http://brandapi.whatiwear.com/" |
While the error log in php-fpm gives no error
Here is my nginx.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
user root; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /usr/local/nginx/conf/sites-enabled/*.conf; } |
Here is my nginx_host.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
server { server_name brandapi.whatiwear.com; access_log /var/log/nginx/brandapi_access.log; error_log /var/log/nginx/brandapi_error.log; root /home/ambassador-portal/ambassador-api/web; disable_symlinks off; autoindex on; location / { try_files $uri $uri/ /app.php$uri?$args; } location ~ \.htaccess { deny all; } location ~ \.php$ { fastcgi_split_path_info ^((?U).+\.php)(.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include /usr/local/nginx/conf/fastcgi_params; } } |
Here is my /etc/php5/fpm/conf/www.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
; Start a new pool named 'www'. [www] listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 user = ec2-user group = ec2-user pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log security.limit_extensions = .php .php3 .php4 .php5 .html .htm php_admin_value[error_log] = /var/log/php-fpm/5.5/www-error.log php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 128M ; Set session path to a directory owned by process user php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/5.5/session |
I’ve read from access denied on nginx and php and try to chmod and I’ve tried the solution from Nginx 403 forbidden for all files and here is my result
|
1 2 3 4 5 6 |
dr-xr-xr-x root root / drwxr-xr-x root root home drwxr-xr-x ec2-user ec2-user ambassador-portal drwxr-xr-x ec2-user ec2-user ambassador-api drwxr-xr-x ec2-user ec2-user web |
I turned the autoindex on just for seeing if my root directory is right, the weird thing is I can open all files except PHP files
You can see a live example at http://brandapi.whatiwear.com/
What is wrong with my webserver..?
Answer:
I removed these two configurations from the nginx.conf file.
|
1 2 3 |
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; |
It works.