Forum
Problems after changing to php5-fpm
Julius K.
31 March 2013, 17:59
Hello,
today I changed to php5-fpm.
But when I want to open a php script in the browser there comes an error that says: "403: Forbidden".
Can you say me where my problem is?
This is my hiawatha.conf:
and this my php5-fpm.conf:
Hiawatha version: 9.0
Operating System: Debian Wheezy
today I changed to php5-fpm.
But when I want to open a php script in the browser there comes an error that says: "403: Forbidden".
Can you say me where my problem is?
This is my hiawatha.conf:
ServerId = www-data
ConnectionsTotal = 4000
ConnectionsPerIP = 20
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ServerString = Webserver
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
TimeForRequest = 3,20
MaxRequestSize = 32768
MaxKeepAlive = 30
MaxUploadSize = 64
}
Binding {
Port = 443
TimeForRequest = 3,20
SSLcertFile = ssl_epicforge.pem
Interface = SECRET
MaxRequestSize = 32768
MaxUploadSize = 32
}
Binding {
Port = 443
TimeForRequest = 3,20
SSLcertFile = ssl_mail.pem
Interface = SECRET
MaxRequestSize = 32768
MaxUploadSize = 32
}
## IPv6 ##
Binding {
Port = 80
Interface = SECRET
}
Binding {
Port = 443
Interface = SECRET
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi
#
#CGIwrapper = /usr/sbin/cgi-wrapper
FastCGIserver {
FastCGIid = PHP5
ConnectTo = 127.0.0.1:9000
Extension = php, php5
SessionTimeout = 30
}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
## Toolkit's ##
UrlToolkit {
ToolkitID = rewrite
RequestURI exists Return
Match /(.*) Rewrite /index.php?page=$1
}
UrlToolkit {
ToolkitID = wordpress
RequestURI exists Return
Match .* Rewrite /index.php
}
UrlToolkit {
ToolkitID = owncloud
Match ^/data DenyAccess
}
# VIRTUAL HOSTS
## SECRET##
VirtualHost {
Hostname = SECRET
WebsiteRoot = /var/www/SECRET
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
TimeForCGI = 60
#UseFastCGI = PHP5
#RequireSSL = yes
ErrorHandler = 404:/404.html
}
## SECRET
VirtualHost {
Hostname = SECRET
WebsiteRoot = /var/www/SECRET
StartFile = index.php
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
TimeForCGI = 5
#UseFastCGI = PHP5
ErrorHandler = 404:/404.html
}
# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
# Path = /home/baduser
# ExecuteCGI = no
# UploadSpeed = 10,2
#}
and this my php5-fpm.conf:
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;
; All relative paths in this configuration file are relative to PHP's install
; prefix (/usr). This prefix can be dynamicaly changed by using the
; '-p' argument from the command line.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p arguement)
; - /usr otherwise
;include=/etc/php5/fpm/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
[global]
; Pid file
; Note: the default prefix is /var
; Default Value: none
pid = /var/run/php5-fpm.pid
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = static
pm.max_children = 100
chroot = /var/www/
chdir =/
; Error log file
; If it's set to "syslog", log is sent to syslogd instead of being written
; in a local file.
; Note: the default prefix is /var
; Default Value: log/php-fpm.log
error_log = /var/log/php5-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = notice
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
;emergency_restart_threshold = 0
; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated. This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;emergency_restart_interval = 0
; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;process_control_timeout = 0
; The maximum number of processes FPM will fork. This has been design to control
; the global number of processes when using dynamic PM within a lot of pools.
; Use it with caution.
; Note: A value of 0 indicates no limit
; Default Value: 0
; process.max = 128
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
;daemonize = yes
; Set open file descriptor rlimit for the master process.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit for the master process.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Specify the event mechanism FPM will use. The following is available:
; - select (any POSIX os)
; - poll (any POSIX os)
; - epoll (linux >= 2.5.44)
; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
; - /dev/poll (Solaris >= 7)
; - port (Solaris >= 10)
; Default Value: not set (auto detection)
; events.mechanism = epoll
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
; Multiple pools of child processes may be started with different listening
; ports and different management options. The name of the pool will be
; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway
; To configure the pools it is recommended to have one .conf file per
; pool in the following directory:
include=/etc/php5/fpm/pool.d/*.conf
Hiawatha version: 9.0
Operating System: Debian Wheezy
Hugo Leisink
31 March 2013, 19:52
In your virtual hosts, you have disabled PHP execution by commeting the UseFastCGI option.
It's fine with me that you've replaced the hostnames, paths and interfaces with 'SECRET', but if the security of your websites depend on the secrecy of those values, I strongly advice you to rethink your security strategy!
It's fine with me that you've replaced the hostnames, paths and interfaces with 'SECRET
', but if the security of your websites depend on the secrecy of those values, I strongly advice you to rethink your security strategy!This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
