CODEWITHSUNDEEP
phpnginx
Hasan
Hasan

Reputation: 175

access denied on nginx and php

Using nginx web server and php. nginx is working, I see 'Welcome to nginx!' but I get 'access denied' when trying to access a php page. I also installed php-fastcgi.

Here is my nginx default conf: 

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
    root   /usr/share/nginx/html;
    fastcgi_index  index.php;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    include fastcgi_params;
   # fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    include        fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny  all;
}

I activited security.limit_extensions = .php .php3 .php4 .php5 .html and listen = /var/run/php5-fpm.sock in /etc/php-fpm.d/www.conf and cgi.fix_pathinfo = 0 in /etc/php5/fpm/php.ini

I restarted nginx and php5-fpm.

Thanks for helping.

Upvotes: 12

Views: 59482

Answers (6)

Usama Majid
Usama Majid

Reputation: 1274

In my case, nginx does not have access to my php-fpm.sock path.

You can check nginx error log using this:

tail -f /var/log/nginx/error.log

normally nginx error.log is located here:

/var/log/nginx

So using this command you can give php-fpm access to nginx (in my case it looks like this)

sudo chown username:nginx /opt/cpanel/ea-php80/root/usr/var/run/php-fpm/ac2f1a1c01ab7cd98f10650b49bc3c9b0fa24bb7.sock

Upvotes: 0

duise
duise

Reputation: 51

On Ubuntu and openSUSE, the access denied error could also be related to AppArmor. You can easily check this by running

sudo grep -i denied /var/log/audit/audit.log

If you get something like this, it's AppArmor:

type=AVC msg=audit(1678543274.258:837): apparmor="DENIED" operation="open" profile="php-fpm" name="/srv/www/htdocs/test.php" pid=31787 comm="php-fpm" requested_mask="r" denied_mask="r" fsuid=487 ouid=1000

Besides that, the line "include fastcgi_params;" in the nginx.conf file should come before any fastcgi_param definitions so that these do not get overwritten by existing definitions in the included fastcgi_params file.

Upvotes: 0

ObiHill
ObiHill

Reputation: 11876

In the event that you are trying to use NGINX to parse HTML as PHP and you are getting an Access denied error, you need to change a PHP configuration setting.

On Ubuntu 16, the file you need to update is in /etc/php/7.0/fpm/pool.d/www.conf.

Go to the line where it says ;security.limit_extensions = .php .php3 .php4 .php5 .php7

Replace that with this security.limit_extensions = .php .html. Notice that the leading semi-colon has been removed.

Then restart PHP sudo systemctl restart php7.0-fpm. The issue should be fixed.

For more information please see this more detailed guide: Fix "access denied" error when parsing HTML as PHP with Nginx

Upvotes: 9

Pian0_M4n
Pian0_M4n

Reputation: 2548

Do like this where you have your secondary location

location / {

        try_files $uri $uri/ =404;  

        root /path/to/your/www;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

        fastcgi_param   PATH_INFO         $fastcgi_path_info;
            fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;

    }

These 2 parameters are the magic sauce:

fastcgi_param   PATH_INFO         $fastcgi_path_info;
fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;

Upvotes: 12

Xianlin
Xianlin

Reputation: 1189

Please check your fastcgi_params file and change it accordingly to this post https://askubuntu.com/questions/164627/nginx-php-fpm-access-denied-error

I solved my problem by using the above method.

Upvotes: 1

liepumartins
liepumartins

Reputation: 494

I know some possible scenarios when nginx and php cannot access files:

  1. Most likely php-fpm process is run by user that does not have read permission on corresponding .php files. This gives plain error Access denied.

  2. nginx process does not have read and traverse permissions on root directory containing the sites files. This gives 403 Forbidden error.

  3. php-fpm process cannot traverse the absolute path to root directory. This gives File not found error.

Since author mentions, that problem appears only when accessing php files, I would say that first scenario applies here.

I believe the case is that nginx is run as one user and php-fpm as another, only the php-fpm user has been forgotten to give read access.

Upvotes: 2

Related Questions