1 FastCGI sent in stderr: "Primary script unknown"

Question

My first time using Nginx, but I am more than familiar with Apache and Linux. I am using an existing project and when ever I am trying to see the index.php I get a 404 File not found.

Here is the access.log entry:

2013/06/19 16:23:23 [error] 2216#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.ordercloud.lh"

And here is the sites-available file:

server {
# Listening on port 80 without an IP address is only recommended if you are not running multiple v-hosts
    listen       80;
# Bind to the public IP bound to your domain
#listen 127.0.0.11:80;
# Specify this vhost's domain name
    server_name www.ordercloud.lh;
    root /home/willem/git/console/frontend/www;
    index index.php index.html index.htm;

# Specify log locations for current site
    access_log /var/log/access.log;
    error_log /var/log/error.log warn;

# Typically I create a restrictions.conf file that I then include across all of my vhosts
#include conf.d/restrictions.conf;
# I've included the content of my restrictions.conf in-line for this example

# BEGIN restrictions.conf
# Disable logging for favicon
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

# Disable logging for robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
# END restrictions.conf

# Typically I create a yiiframework.conf file that I then include across all of my yii vhosts
#include conf.d/yiiframework.conf;
# I've included the content of my yiiframework.conf in-line for this example

# BEGIN yiiframework.conf
# Block access to protected, framework, and nbproject (artifact from Netbeans)
    location ~ /(protected|framework|nbproject) {
        deny all;
        access_log off;
        log_not_found off;
    }

# Block access to theme-folder views directories
    location ~ /themes/\w+/views {
        deny all;
        access_log off;
        log_not_found off;
    }

# Attempt the uri, uri+/, then fall back to yii's index.php with args included
# Note: old examples use IF statements, which nginx considers evil, this approach is more widely supported
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
# END yiiframework.conf

# Tell browser to cache image files for 24 hours, do not log missing images
# I typically keep this after the yii rules, so that there is no conflict with content served by Yii
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 24h;
        log_not_found off;
    }

# Block for processing PHP files
# Specifically matches URIs ending in .php
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_intercept_errors on;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
        #fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
        include fastcgi_params;
        #fastcgi_param  PATH_INFO        $fastcgi_path_info;
        #fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
        fastcgi_pass 127.0.0.1:9000;

    }
}

My /home/willem/git/console is owned by www-data:www-data (my web user running php etc) and I have given it 777 permissions out of frustration...

Can anybody advise?

Answer 1

"Primary script unknown" is caused by SELinux security context.

client get the response

File not found.

nginx error.log has the following error message

*19 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream

so just change security context type of web root folder to httpd_sys_content_t

chcon -R -t httpd_sys_content_t /var/www/show

there are 3 users for nginx/php-fpm config

/etc/nginx/nginx.conf

user nobody nobody;  ### `user-1`, this is the user run nginx woker process
...
include servers/*.conf;

/etc/nginx/servers/www.conf

location ~ \.php$ {
#   fastcgi_pass 127.0.0.1:9000;  # tcp socket
    fastcgi_pass unix:/var/run/php-fpm/fpm-www.sock;  # unix socket
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

/etc/php-fpm.d/www.conf

[www]
user = apache  ### `user-2`, this is the user run php-fpm pool process
user = apache

;listen = 127.0.0.1:9000  # tcp socket
listen = /var/run/php-fpm/fpm-www.sock  # unix socket

listen.onwer = nobody  ### `user-3`, this is the user for unix socket, like /var/run/php-fpm/fpm-www.sock
listen.group = nobody  # for tcp socket, these lines can be commented
listen.mode = 0660

user-1 and user-2 is not necessary to be the same.

for unix socket, user-1 need to be the same as user-3, as nginx fastcgi_pass must have read/write permission on the unix socket.

otherwise nginx will get 502 Bad Gateway, and nginx error.log has the following error message

*36 connect() to unix:/var/run/php-fpm/fpm-www.sock failed (13: Permission denied) while connecting to upstream

Answer 2

I dont know how the $document_root is calculated but I resolved the issue , by really making sure that my document root is at /usr/share/nginx/ just wher the html folder exist

Answer 3

In case anyone had the same error: in my case the problem was the missing root directive inside the location block in nginx.conf, as explained in the Arch wiki

Answer 4

That message from the fastcgi server usually means that the SCRIPT_FILENAME that it was given was not found or inaccessible as a file on its filesystem.

Checkout file permissions on /home/willem/git/console/frontend/www/index.php

Is it 644?

And /home/willem/git/console/frontend/www/

Is it 755?

Answer 5

Ok, so 3 things I found after a day of struggling

1. For some reason I had already something running on port 9000 so I changed to 9001
2. My default site was intercepting my new one, once again I don't under stand why since it shouldn't, but I just unlinked it
3. Nginx doesn't automatically do the sym link for sites-available to site-enabled.

Hope this saves someone some trouble!

Here is a more detailed link in server fault: https://serverfault.com/questions/517190/nginx-1-fastcgi-sent-in-stderr-primary-script-unknown/517207#517207