nginx error connect to php5-fpm.sock failed (13: Permission denied)

298

I update nginx to 1.4.7 and php to 5.5.12, After that I got the 502 error. Before I update everything works fine.

nginx-error.log

2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"

nginx.conf

user  www www;
worker_processes  1;

        location / {
            root   /usr/home/user/public_html;
            index  index.php index.html index.htm;
        }
        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME    /usr/home/user/public_html$fastcgi_script_name;
            include fastcgi_params;
        }

This question is tagged with unix nginx php

~ Asked on 2014-05-03 10:47:54

The Best Answer is


632

I had a similar error after php update. PHP fixed a security bug where o had rw permission to the socket file.

  1. Open /etc/php5/fpm/pool.d/www.conf or /etc/php/7.0/fpm/pool.d/www.conf, depending on your version.
  2. Uncomment all permission lines, like:

    listen.owner = www-data
    listen.group = www-data
    listen.mode = 0660
    
  3. Restart fpm - sudo service php5-fpm restart or sudo service php7.0-fpm restart

Note: if your webserver runs as user other than www-data, you will need to update the www.conf file accordingly

~ Answered on 2014-05-06 06:30:09


109

All the fixes currently mentioned here basically enable the security hole all over again.

What I ended up doing is adding the following lines to my PHP-FPM configuration file.

listen.owner = www-data
listen.group = www-data

Make sure that www-data is actually the user the nginx worker is running as. For debian it's www-data by default.

Doing it this way does not enable the security problem that this change was supposed to fix.

~ Answered on 2014-05-11 18:25:14


Most Viewed Questions: