After an update of my system I ran into a bad gateway error of my PHP apps running on Nginx.
1 connect() to unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock:", host: "xx.xx.xx.xx"
The problem is caused by bad permissions of the php-fpm sockets used, in fact I see /var/run/php-fcgi.sock
owned by root:root
but nginx and php-fpm use as user www-data
.
I've already edited the php-fpm config at /etc/php-fpm.d/www.conf
with:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
but it doesn't solve the problem and when i restart nginx and php-fpm the sockets are created with root:root
as user/group.
The only way I've found to fix it is to change the owner of the sockets to www-data:www-data manually. But this is not a real solution because everytime I restart my services I've to apply it again.
How can I fix this problem? I'm on CentOS 6.5
Edit:
I use Ajenti-V to configure my vhosts and my PHP-FPM. It creates a new socket for each website/vhost, and them are set in /etc/php-fpm.conf
They have this structure:
[vhostname-php-fcgi-0]
user = www-data
group = www-data
listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
If I add to each entry these strings:
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
Everything works correctly.
So looks like the www.conf is not included (maybe?). This is my php-fpm.conf:
[global]
pid = /var/run/php-fpm/php-fpm.pid
error_log = /var/log/php5-fpm.log
[global-pool]
user = www-data
group = www-data
listen = /var/run/php-fcgi.sock
pm = dynamic
pm.start_servers = 1
pm.max_children = 5
pm.min_spare_servers = 1
pm.max_spare_servers = 5
[vhostname-php-fcgi-0]
user = www-data
group = www-data
listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
PHP 5.4.28 (cli) (built: May 2 2014 19:09:57)
– Denis VPHP 5.4.29 (cli) (built: Jun 5 2014 16:07:48)
. The last thing that I can imagine is that www.conf is for some reason not used in your case. – Denis V