Setup PHP FPM for Nginx

The Nginx+PHP FPM is the ideal web-server setup as this is more faster web service. This article should be a continuation of this article (just skip the "Configure Apache" section and if you are not using Virtualmin, skip the "Configure Virtualmin" section.).

The following procedures are tested on Linode server running Centos 7 64-bit Linux distribution.

Install PHP FPM

  1. If you are to replace Apache, execute the following:

          
    systemctl stop httpd
    systemctl disable httpd
          
        
  2. Install PHP FPM:

          
    yum install php-fpm
          
        

    If you are using the rh software collections' PHP 5.6, you can install PHP FPM by:

          
    yum install rh-php56-php-fpm
          
        
  3. Lets configure our PHP FPM. The following configurations works very well with my current 2 GB RAM and 1 CPU Core Linode system.

    Edit the /etc/php-fpm.conf (if using rh software collections' PHP 5.6, edit /etc/opt/rh/rh-php56/php-fpm.conf) the following parameters and match the values shown below:

          
    emergency_restart_threshold = 10
    emergency_restart_interval = 1m
    process_control_timeout = 5
          
        

    We will define two backend servers in our Nginx upstream so we will create two PHP FPM pools.

    Rename the default pool configuration:

          
    mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www1.conf
          
        

    If using rh software collections' PHP 5.6:

          
    mv /etc/opt/rh/rh-php56/php-fpm.d/www.conf /etc/opt/rh/rh-php56/php-fpm.d/www1.conf
          
        

    The important parameter that we need to determine is the pm.max_children and this can be computed by:

          
    pm.max_children = [(server's total RAM) - (other process' RAM consumption)] / (PHP process' RAM consumed per request)
          
        

    In my case:

          
    server's total RAM = 2GB
    other process' RAM consumption = 512MB
    PHP process' RAM consumed per request = 196MB
    pm.max_children = 7.8 (lets use 8)
          
        

    Edit the /etc/php-fpm.d/www1.conf (if using rh software collections' PHP 5.6, edit /etc/opt/rh/rh-php56/php-fpm.d/www1.conf) the following parameters and match the values shown below:

          
    [www1]
    ;listen = /var/run/php-fpm-one.sock
    listen = 127.0.0.1:9001
    user = apache
    group = apache
    pm = dynamic
    pm.max_children = 8 ; Total number of processes allowed
    pm.start_servers = 3 ; Number of processes waiting for requests when nginx starts
    pm.min_spare_servers = 3 ; Number of spare processes nginx will create
    pm.max_spare_servers = 8 ; Number of spare processes that will be attempted to create
    pm.max_requests = 500
    pm.status_path = /fpm-status-one
    ping.path = /ping-one
          
        

    If you desire to use the UNIX socket, uncomment the listen = /var/run/php-fpm-one.sock and comment listen = 127.0.0.1:9001.

    Copy the pool www1.conf file to www2.conf as our second backend server in our Nginx upstream and edit the following parameters and match the values shown below:

          
    [www2]
    ;listen = /var/run/php-fpm-two.sock
    listen = 127.0.0.1:9002
    pm.status_path = /fpm-status-two
    ping.path = /ping-two
          
        

    If you desire to use the UNIX socket, uncomment the listen = /var/run/php-fpm-two.sock and comment listen = 127.0.0.1:9002.

  4. Start the PHP FPM service:

          
    systemctl start php-fpm
          
        

    If using rh software collections' PHP 5.6:

          
    systemctl start rh-php56-php-fpm
          
        

Configure Nginx

  1. Create the file /etc/nginx/utils/fastcgi/microcache.conf and copy the following scripts to this file:

          
    ## The cache zone referenced.
    fastcgi_cache microcache;
    ## The cache key.
    fastcgi_cache_key $scheme$request_method$host$request_uri;
    
    ## For 200 and 301 make the cache valid for 10s seconds.
    fastcgi_cache_valid 200 301 10s;
    ## For 302 make it valid for 1 minute.
    fastcgi_cache_valid 302 1m;
    ## For 404 make it valid 1 second.
    fastcgi_cache_valid 404 1s;
    ## If there are any upstream errors or the item has expired use
    ## whatever it is available.
    fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503 off;
    ## The Cache-Control and Expires headers should be delivered untouched
    ## from the upstream to the client.
    fastcgi_ignore_headers Cache-Control Expires;
    ## Bypass the cache.
    fastcgi_cache_bypass $no_cache;
    fastcgi_no_cache $no_cache;
    
    ## To avoid any interaction with the cache control headers we expire
    ## everything on this location immediately.
    expires epoch;
    
    ## Cache locking mechanism for protecting the backend of too many
    ## simultaneous requests.
    fastcgi_cache_lock on;
    ## The default timeout, i.e., the time to way before forwarding the
    ## second request upstream if no reply as arrived in the meantime is 5s.
    fastcgi_cache_lock_timeout 5000; # in miliseconds.
          
        
  2. Create the file /etc/nginx/utils/fastcgi/microcache_auth.conf and copy the following scripts to this file:

          
    ## The cache zone referenced.
    fastcgi_cache microcache;
    ## The cache key.
    fastcgi_cache_key $cache_uid@$scheme$request_method$host$request_uri;
    
    ## For 200 and 301 make the cache valid for 10s.
    fastcgi_cache_valid 200 301 10s;
    ## For 302 make it valid for 1 minute.
    fastcgi_cache_valid 302 1m;
    ## For 404 make it valid 1 second.
    fastcgi_cache_valid 404 1s;
    ## If there are any upstream errors or the item has expired use
    ## whatever it is available.
    fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503 off;
    ## The Cache-Control and Expires headers should be delivered untouched
    ## from the upstream to the client.
    fastcgi_ignore_headers Cache-Control Expires;
    fastcgi_pass_header Set-Cookie;
    fastcgi_pass_header Cookie;
    ## Bypass the cache.
    fastcgi_cache_bypass $no_auth_cache;
    fastcgi_no_cache $no_auth_cache;
    
    ## To avoid any interaction with the cache control headers we expire
    ## everything on this location immediately.
    expires epoch;
    
    ## Cache locking mechanism for protecting the backend of too many
    ## simultaneous requests.
    fastcgi_cache_lock on;
    ## The default timeout, i.e., the time to way before forwarding the
    ## second request upstream if no reply as arrived in the meantime is 5s.
    fastcgi_cache_lock_timeout 5000; # in miliseconds.
          
        
  3. Create the file /etc/nginx/utils/fastcgi/microcache_zone.conf and copy the following scripts to this file:

          
    ## Defining the FastCGI cache zone for the microcache as presented at:
    ## http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n.
    
    ## If youre using a Nginx version greater than 1.1.1 then you can
    ## tweak the Tweaking of the cache loader parameters.
    ## Cf. http://forum.nginx.org/read.php?21,213197,213209#msg-213209 for
    ## rationale.
    fastcgi_cache_path /var/cache/nginx/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h loader_threshold=2592000000 loader_sleep=1 loader_files=100000;
          
        
  4. Create the file /etc/nginx/utils/fastcgi/params.conf and copy the following scripts to this file:

          
    ## General fastcgi parameters.
    
    fastcgi_param QUERY_STRING   $query_string;
    fastcgi_param REQUEST_METHOD $request_method;
    fastcgi_param CONTENT_TYPE   $content_type;
    fastcgi_param CONTENT_LENGTH $content_length;
    
    fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param REQUEST_URI     $request_uri;
    fastcgi_param DOCUMENT_URI    $document_uri;
    fastcgi_param DOCUMENT_ROOT   $document_root;
    fastcgi_param SERVER_PROTOCOL $server_protocol;
    
    fastcgi_param GATEWAY_INTERFACE CGI/1.1;
    fastcgi_param SERVER_SOFTWARE   nginx/$nginx_version;
    
    fastcgi_param REMOTE_ADDR $remote_addr;
    fastcgi_param REMOTE_PORT $remote_port;
    fastcgi_param SERVER_ADDR $server_addr;
    fastcgi_param SERVER_PORT $server_port;
    fastcgi_param SERVER_NAME $server_name;
    
    fastcgi_param HTTP_HTTPS $https;
    fastcgi_param HTTPS $https;
    
    ## PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param REDIRECT_STATUS 200;
          
        

    To use this, add the following line to your nginx script:

          
    include utils/fastcgi/params.conf
          
        
  5. Create the file /etc/nginx/utils/fastcgi/php_fpm_status_vhost.conf and copy the following scripts to this file:

          
    ## The configuration for the status pages of php-fpm. As described in
    ## http://www.php.net/manual/en/install.fpm.configuration.php.
    
    ## php-fpm provides a status and a heartbeat page that is served through the web server.
    ## Here's an example configuration for them.
    
    ## The status page is at /fpm-status-one. Only local access is
    ## allowed. Non authorized access returns a 404 through the error_page
    ## directive.
    location = /fpm-status-one {
      if ($dont_show_fpm_status) {
        return 404;
      }
      fastcgi_pass www1;
    }
    
    ## The ping page is at /ping-one and returns the string configured at the php-fpm level.
    ## Also only local network connections (loopback and LAN) are permitted.
    location = /ping-one {
      if ($dont_show_fpm_status) {
        return 404;
      }
      fastcgi_pass www1;
    }
    
    ## This is for the second pool. It assumes that you've configured
    ## php-fpm to have two pools and the URIs configured for the status
    ## and ping pages are as specified below.
    
    ## The status page is at /fpm-status-two. Only local access is
    ## allowed. Non authorized access returns a 404 through the error_page
    ## directive.
    location = /fpm-status-two {
      if ($dont_show_fpm_status) {
        return 404;
      }
      fastcgi_pass www2;
    }
    
    ## The ping page is at /ping-two and returns the string configured at the php-fpm level.
    ## Also only local network connections (loopback and LAN) are permitted.
    location = /ping-two {
      if ($dont_show_fpm_status) {
        return 404;
      }
      fastcgi_pass www2;
    }
          
        
  6. Create the file /etc/nginx/utils/fastcgi/php_pass.conf and copy the following scripts to this file:

          
    ## Fastcgi configuration
    
    ## 1. Parameters.
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_param REQUEST_METHOD $request_method;
    fastcgi_param CONTENT_TYPE $content_type;
    fastcgi_param CONTENT_LENGTH $content_length;
    
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param REQUEST_URI $request_uri;
    fastcgi_param DOCUMENT_URI $document_uri;
    fastcgi_param DOCUMENT_ROOT $document_root;
    fastcgi_param SERVER_PROTOCOL $server_protocol;
    
    fastcgi_param GATEWAY_INTERFACE CGI/1.1;
    fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
    
    fastcgi_param REMOTE_ADDR $remote_addr;
    fastcgi_param REMOTE_PORT $remote_port;
    fastcgi_param SERVER_ADDR $server_addr;
    fastcgi_param SERVER_PORT $server_port;
    fastcgi_param SERVER_NAME $server_name;
    ## PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param REDIRECT_STATUS 200;
    fastcgi_param SCRIPT_FILENAME $document_root/index.php;
    fastcgi_param HTTP_HTTPS $https;
    fastcgi_param HTTPS $https;
    fastcgi_pass phpfcgi;
    
    ## 2. Nginx FCGI specific directives.
    fastcgi_buffers 256 4k;
    fastcgi_intercept_errors on;
    ## Allow 4 hrs - pass timeout responsibility to upstream.
    fastcgi_read_timeout 14400;
    fastcgi_index index.php;
    ## Hide the X-Drupal-Cache header provided by Pressflow.
    fastcgi_hide_header 'X-Drupal-Cache';
    ## Hide the Drupal 7 header X-Generator.
    fastcgi_hide_header 'X-Generator';
          
        
  7. Create the file /etc/nginx/utils/fastcgi/upstream.conf and copy the following scripts to this file:

          
    ## Include the upstream servers for PHP FastCGI handling config.
    ## This one uses the FCGI process listening on TCP sockets.
    include utils/fastcgi/upstream_tcp.conf;
    
    ## Include the upstream servers for PHP FastCGI handling
    ## configuration. This setup uses UNIX sockets for talking with the
    ## upstream.
    #include utils/fastcgi/upstream_unix.conf;
          
        

    By default the TCP sockets is enabled. If your PHP FPM setup is using UNIX sockets comment the include utils/fastcgi/upstream_tcp.conf; and uncomment the include utils/fastcgi/upstream_unix.conf;

  8. Create the file /etc/nginx/utils/fastcgi/upstream_tcp.conf and copy the following scripts to this file:

          
    ## Upstream configuration for PHP FastCGI.
    
    ## Add as many servers as needed:
    ## Cf. http://wiki.nginx.org/HttpUpstreamModule.
    ## Note that this configuration assumes by default that keepalive
    ## upstream connections are supported and that you have a Nginx
    ## version with the fair load balancer.
    
    ## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
    upstream phpfcgi {
      ## Use the least connection algorithm for load balancing. This
      ## algorithm was introduced in versions 1.3.1 and 1.2.2.
      least_conn;
    
      server 127.0.0.1:9001;
      server 127.0.0.1:9002;
      ## Create a backend connection cache. Note that this requires
      ## Nginx version greater or equal to 1.1.4.
      ## Cf. http://nginx.org/en/CHANGES.
      keepalive 5;
    }
    
    ## The upstreams below are used only for monitoring php-fpm status,
    
    ## The PHP TCP upstream that corresponds to the first pool: www1.
    upstream www1 {
      server 127.0.0.1:9001;
    }
    
    ## The PHP TCP upstream that corresponds to the second pool: www2.
    upstream www2 {
      server 127.0.0.1:9002;
    }
          
        
  9. Create the file /etc/nginx/utils/fastcgi/upstream_unix.conf and copy the following scripts to this file:

          
    ## Upstream configuration for PHP FastCGI.
    
    ## Add as many servers as needed:
    ## Cf. http://wiki.nginx.org/HttpUpstreamModule.
    ## Note that this configuration assumes by default that keepalive
    ## upstream connections are supported and that you have a Nginx
    ## version with the fair load balancer.
    
    ## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
    upstream phpfcgi {
      ## Use the least connection algorithm for load balancing. This
      ## algorithm was introduced in versions 1.3.1 and 1.2.2.
      least_conn;
    
      server unix:/var/run/php-fpm-one.sock;
      server unix:/var/run/php-fpm-two.sock;
      ## Create a backend connection cache. Note that this requires
      ## Nginx version greater or equal to 1.1.4.
      ## Cf. http://nginx.org/en/CHANGES.
      keepalive 5;
    }
    
    ## The upstreams below are used only for monitoring php-fpm status,
    
    ## The PHP TCP upstream that corresponds to the first pool: www1.
    upstream www1 {
      server unix:/var/run/php-fpm-one.sock;
    }
    
    ## The PHP TCP upstream that corresponds to the second pool: www2.
    upstream www2 {
      server unix:/var/run/php-fpm-two.sock;
    }
          
        
  10. To enable this Nginx + PHP FPM, execute the following:

          
    rm /etc/nginx/utils/service
    ln -s /etc/nginx/utils/fastcgi /etc/nginx/utils/service
          
        
  11. Restart Nginx:

          
    systemctl restart nginx
          
        

Comments

boss where is the setup for nginx.conf ?

Great Article.

Can you share conf's over github/gist ?

If I start the PHP FPM service I'll get:
Job for php-fpm.service failed because the control process exited with error code. See "systemctl status php-fpm.service" and
"journalctl -xe" for details.

If I check the status, I'll get:
[root@webserver etc]# systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2018-02-04 14:54:18 UTC; 43s ago
Process: 16925 ExecStart=/usr/sbin/php-fpm --nodaemonize (code=exited, status=78)
Main PID: 16925 (code=exited, status=78)
Feb 04 14:54:18 webserver systemd[1]: Starting The PHP FastCGI Process Manager...
Feb 04 14:54:18 webserver php-fpm[16925]: [04-Feb-2018 14:54:18] ERROR: [/etc/php-fpm.d/www1.conf:110] unable to par... zero)
Feb 04 14:54:18 webserver php-fpm[16925]: [04-Feb-2018 14:54:18] ERROR: Unable to include /etc/php-fpm.d/www1.conf f...ne 110
Feb 04 14:54:18 webserver php-fpm[16925]: [04-Feb-2018 14:54:18] ERROR: failed to load configuration file '/etc/php-fpm.conf'
Feb 04 14:54:18 webserver php-fpm[16925]: [04-Feb-2018 14:54:18] ERROR: FPM initialization failed
Feb 04 14:54:18 webserver systemd[1]: php-fpm.service: main process exited, code=exited, status=78/n/a
Feb 04 14:54:18 webserver systemd[1]: Failed to start The PHP FastCGI Process Manager.
Feb 04 14:54:18 webserver systemd[1]: Unit php-fpm.service entered failed state.
Feb 04 14:54:18 webserver systemd[1]: php-fpm.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Please advice.

We need more information to be able to help. Please execute the following command to show lines that were ellipsized in full and paste the output here:
  
systemctl status php-fpm.service -l
  
Please also copy and paste here the line 110 in your /etc/php-fpm.d/www1.conf

Feb 07 19:01:31 webserver systemd[1]: Starting The PHP FastCGI Process Manager...
Feb 07 19:01:31 webserver php-fpm[7662]: [07-Feb-2018 19:01:31] ERROR: [/etc/php-fpm.d/www1.conf:110] unable to parse value for entry 'pm.max_childr
en': is not a valid number (greater or equal than zero)
Feb 07 19:01:31 webserver php-fpm[7662]: [07-Feb-2018 19:01:31] ERROR: Unable to include /etc/php-fpm.d/www1.conf from /etc/php-fpm.conf at line 110
Feb 07 19:01:31 webserver php-fpm[7662]: [07-Feb-2018 19:01:31] ERROR: failed to load configuration file '/etc/php-fpm.conf'
Feb 07 19:01:31 webserver php-fpm[7662]: [07-Feb-2018 19:01:31] ERROR: FPM initialization failed
Feb 07 19:01:31 webserver systemd[1]: php-fpm.service: main process exited, code=exited, status=78/n/a
Feb 07 19:01:31 webserver systemd[1]: Failed to start The PHP FastCGI Process Manager.
Feb 07 19:01:31 webserver systemd[1]: Unit php-fpm.service entered failed state.
Feb 07 19:01:31 webserver systemd[1]: php-fpm.service failed.
[root@webserver welcome]#

Line 110:
pm.max_children = 4 # Total number of processes allowed

If I remove this from top to bottom 1 by one (and recheck), then I get error at next line, and then the other line and so on
pm.max_children = 8 # Total number of processes allowed
pm.start_servers = 3 # Number of processes waiting for requests when nginx starts
pm.min_spare_servers = 3 # Number of spare processes nginx will create
pm.max_spare_servers = 8 # Number of spare processes that will be attempted to create

ps aux | grep fpm
root 762 0.0 0.9 462612 16712 ? Ss 15:16 0:00 php-fpm: master process (/etc/opt/remi/php72/php-fpm.conf)
apache 895 0.0 0.5 462612 9456 ? S 15:16 0:00 php-fpm: pool www
apache 897 0.0 0.5 462612 9456 ? S 15:16 0:00 php-fpm: pool www
apache 901 0.0 0.5 462612 9456 ? S 15:16 0:00 php-fpm: pool www
apache 905 0.0 0.5 462612 9456 ? S 15:16 0:00 php-fpm: pool www
apache 906 0.0 0.5 462612 9460 ? S 15:16 0:00 php-fpm: pool www
root 9531 0.0 0.0 112660 972 pts/0 R+ 19:12 0:00 grep --color=auto fpm

I'm sorry, I made a typo in my article step 3. The comment character for php-fpm configuration should be comma "," and not hash sign "#". Please change the following lines in your /etc/php-fpm.d/www1.conf file from:
  
pm.max_children = 8 # Total number of processes allowed
pm.start_servers = 3 # Number of processes waiting for requests when nginx starts
pm.min_spare_servers = 3 # Number of spare processes nginx will create
pm.max_spare_servers = 8 # Number of spare processes that will be attempted to create
  
... to:
  
pm.max_children = 8 ; Total number of processes allowed
pm.start_servers = 3 ; Number of processes waiting for requests when nginx starts
pm.min_spare_servers = 3 ; Number of spare processes nginx will create
pm.max_spare_servers = 8 ; Number of spare processes that will be attempted to create
  

Thank you, that solved it! PHP-fpm and nginx is working:
[root@webserver nginx]# systemctl status php-fpm.service -l
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-02-08 10:47:59 UTC; 1h 36min ago
Main PID: 742 (php-fpm)
Status: "Processes active: 0, idle: 6, Requests: 0, slow: 0, Traffic: 0req/sec"
CGroup: /system.slice/php-fpm.service
├─742 php-fpm: master process (/etc/php-fpm.conf
├─743 php-fpm: pool www1
├─744 php-fpm: pool www1
├─745 php-fpm: pool www1
├─746 php-fpm: pool www2
├─747 php-fpm: pool www2
└─748 php-fpm: pool www2

nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─override.conf
Active: active (running) since Thu 2018-02-08 10:53:18 UTC; 1h 37min ago
Docs: http://nginx.org/en/docs/
Process: 2581 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 19943 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 2592 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
Process: 2585 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Process: 2584 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 2588 (nginx)
CGroup: /system.slice/nginx.service
├─ 2588 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
├─19944 nginx: worker process
└─19945 nginx: cache manager process

Feb 08 10:53:18 webserver systemd[1]: Starting nginx - high performance web server...
Feb 08 10:53:18 webserver nginx[2584]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Feb 08 10:53:18 webserver nginx[2584]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Feb 08 10:53:18 webserver systemd[1]: Started nginx - high performance web server.
Feb 08 10:56:27 webserver systemd[1]: Reloaded nginx - high performance web server.
Feb 08 11:07:36 webserver systemd[1]: Reloaded nginx - high performance web server.
Feb 08 12:23:58 webserver systemd[1]: Reloaded nginx - high performance web server.
Feb 08 12:24:03 webserver systemd[1]: Reloaded nginx - high performance web server.

But I can't connect op my external google instance ip on port 80 (traffic for http and https is open in google cloud dns). Other port like 10000 for Virtual min is working, but only port 80 not.

Iptables:

Is listening:
[root@webserver nginx]# netstat -tunlp | grep 80
tcp 0 0 35.226.111.46:80 0.0.0.0:* LISTEN 2588/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 780/sshd
tcp6 0 0 :::22 :::* LISTEN 780/sshd

The iptables is filled correctly:
[root@webserver nginx]# iptables --line -vnL
Chain INPUT (policy ACCEPT 31638 packets, 31M bytes)
num pkts bytes target prot opt in out source destination
1 33 2580 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2 102K 11M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 195 11052 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
4 1143 89708 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,ESTABLISHED
5 12 480 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
6 5809 608K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,ESTABLISHED
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,ESTABLISHED
8 8 340 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,ESTABLISHED
9 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 ctstate NEW,ESTABLISHED
10 1269 65988 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
11 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED
12 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
13 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
14 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
2 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 119K packets, 19M bytes)
num pkts bytes target prot opt in out source destination
1 1522 61936 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 ctstate ESTABLISHED
2 4257 901K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 ctstate ESTABLISHED
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 ctstate ESTABLISHED
4 8 320 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 ctstate ESTABLISHED
5 13712 1132K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 ctstate ESTABLISHED
6 2942 176K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

curl localhost:
[root@webserver nginx]# curl localhost
curl: (7) Failed connect to localhost:80; Connection refused

Curl locahost:
Gives the html output of the Virtualmin login page.

Please help me because I'm stuck and I have tried everything.

If I do nslookup localhost, I get:

[root@webserver nginx]# nslookup localhost
Server: 169.254.169.254
Address: 169.254.169.254#53

Seams like the localhost is not resolving to 127.0.0.1 and vice versa...

Phew that was quite a ride but I found it! In the site-enabled .conf file I had to change the listen to 0.0.0.0:80 instead of :80.
Because else the output was to only allow from internal 127.0.0.1 address
THANK YOU:)

The nginx uses port 80 because it is a webserver. If you want to change it, edit your nginx configuration. Under all your server context, find the listen directive and change port 80 to something else.

almost there, If I open a php page then I see in the left upper corner of the page: Access denied.
I can open .html pages but not .php
I've checked the permissions of the nginx directory (and subs) and it is set to 755, the owner of all /etc/nginx is apache:apache.

Error when running tail -f /var/log/nginx/error.log:
2018/02/10 00:40:25 [error] 6230#6230: *45 FastCGI sent in stderr: "Access to the script '/etc/nginx/utils/fastcgi/params.conf' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 95.96.179.86, server: , request: "GET /info.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydjroom.com"
2018/02/10 00:40:25 [error] 6230#6240: [ngx_pagespeed 1.12.34.2-0] AprMemCache::Put error: Could not find specified socket in poll list. (70015) on key prop_page/https://mydjroom.com/info.php_ay6yEwPVcU@Desktop@dom, value-size 44

sites-enabled/example.com.conf:

server {
listen 80;

return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
location / {
root /home/ericson/public_html/example.com;
index index.php;

}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ \.php$ {

include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /etc/nginx/utils/fastcgi/params.conf;
}

}

You did not follow my articles. Please review your nginx scripts, e.g. you coded this wrong:
  
fastcgi_param SCRIPT_FILENAME /etc/nginx/utils/fastcgi/params.conf;
  

Hello, the PHP-FPM has a systemd variable defined per your instructions. RHEL6 has no idea what systemd is. If I comment out this variable. The PHP-FPM script seems to be looking for this data. Error value is NULL for a ZEND_INI_PARSER_ENTRY. Can you assist?

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.