Forum

I have the exact same problem as the one highlighted in this thread. But I didnt understand the solution.

"It was permissiom problem - system PHP was running as www-data, so they provided a new config file and init script to easily run my own PHP daemon without the need for complete PHP install."

Does this mean my php should not run as www-data? Because thats what it runs as. Its my own server, so I dont need to worry about running my own php daemon.

I advice you to check the file permissions of the unix socket file. Does it allow the user www-data to access that file?

yes:

$ ls -al /var/lib/hiawatha/
total 12
drwx------  3 www-data www-data 4096 Oct  7 00:57 .
drwxr-xr-x 40 root     root     4096 Oct  6 23:34 ..
srw-rw----  1 www-data www-data    0 Oct  7 00:57 php5-fcgi.sock

here are the php-fpm processes:

root      4773  0.0  0.9 110740 20284 ?        Ss   Oct07   0:39 php-fpm: master process (/etc/php5/fpm/php-fpm.conf)
www-data  4775  0.0  0.3 110740  6224 ?        S    Oct07   0:00 php-fpm: pool www
www-data  4776  0.0  0.3 110740  6224 ?        S    Oct07   0:00 php-fpm: pool www
www-data  4777  0.0  0.3 110740  6224 ?        S    Oct07   0:00 php-fpm: pool www

and php-fpm conf file in php5/fpm/pool.d/www.conf:

[www]
user = www-data
group = www-data
listen = /var/lib/hiawatha/php5-fcgi.sock
listen.owner = www-data
listen.group = www-data
pm = static
pm.max_children = 3
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

and hiawatha settings:

ServerId = www-data
ConnectionsTotal = 1000
ConnectionsPerIP = 25
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log

CGIhandler = /usr/bin/php5-cgi:php,php5
                                                                                                                                                             
CGIextension = cgi
                                              
FastCGIserver {
        FastCGIid = PHP5
        ConnectTo = /var/lib/hiawatha/php-fcgi.sock
        Extension = php
}

VirtualHost {
        ...
        TimeForCGI = 120
#       ExecuteCGI = yes
        UseFastCGI = PHP5                                                                                                                                                                        
	...
}

I cant rememeber if executecgi and usefastcgi are both supposed to be present or only one, but in any case i tried it both ways with no success. Not sure what im missing because it seems pretty straight forward with a unix socket.

Hmm, I don't know. The only extra php-fpm setting I have is 'listen.mode = 0600'. But I don't think that could be the issue.

Could it be a security kernel tool like AppArmor or GRSecurity blocking access?

No, im not running anything abnormal. Its almost a fresh install of debian on an arm board.

Heres more info, just in case. I also tried it with php5-fpm creating the sock with permissions 0777 (listen.mode = 0777) just to try it out, with pretty much the same result.

PHP 5.6.13-0+deb8u1 (cli) (built: Sep 8 2015 12:46:37)

Hiawatha v9.14, cache, IPv6, Monitor, reverse proxy, TLS (2.0.0), Tomahawk, URL toolkit, XSLT

uname -a: Linux --- 4.2.0-armv7-x1 #1 SMP Fri Sep 11 03:39:30 UTC 2015 armv7l GNU/Linux

What if you open a shell with user ID www-data, are you then able to read the UNIX socket file?

Yes, Ive already tried that. Definitely can read the file as www-root.

Is it possible to get more from the logs than "-0400|FastCGI server PHP5 is still (partially) unavailable"

Hmm, I see a typo. The PHP config points to /var/lib/hiawatha/php5-fcgi.sock, while the Hiawatha config points to /var/lib/hiawatha/php-fcgi.sock.

/facepalm

Thanks Hugo, sorry for wasting your time!

No problem. I know these kind of silly mistakes too well. You can stare at them for hours.