Apache2 + FastCGI + php-fpm on CentOS 6.4 ==> Works, but errors in error_log

StackOverflow https://stackoverflow.com/questions/16227694

Вопрос

Please help. I've been trying to configure FastCGI + php-fpm on CentOS 6.4. Finally it's working, but there are some errors at Apache log. I'd like to understand them and get rid of them. Here's what I did after fresh install of CentOS (minimal) + MySQL + Apache2 + PHP:

# echo "" > /var/log/httpd/error_log
# service httpd restart
# cat /var/log/httpd/error_log

[Fri Apr 26 05:06:49 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:06:50 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:06:50 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:06:50 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:06:50 2013] [notice] Digest: done
[Fri Apr 26 05:06:50 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

# yum -y install php-fpm
# chkconfig --levels 235 php-fpm on
# service php-fpm start
# /etc/init.d/php-fpm status

php-fpm (pid  1644) running...

# cat /var/log/php-fpm/error.log

[26-Apr-2013 05:07:17] NOTICE: fpm is running, pid 1644
[26-Apr-2013 05:07:17] NOTICE: ready to handle connections

# yum -y install wget make gcc libtool httpd-devel apr-devel apr
# wget http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz
# tar xf mod_fastcgi-current.tar.gz
# cd mod_fastcgi-2.4.6
# make -f Makefile.AP2 top_dir=/usr/lib/httpd
# cp .libs/mod_fastcgi.so /usr/lib/httpd/modules/

# mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled

# mkdir /var/www/fastcgi
# cat > /etc/httpd/conf.d/fastcgi.conf <<EOF
# LoadModule fastcgi_module modules/mod_fastcgi.so
# FastCgiWrapper Off
# DirectoryIndex index.php index.html index.shtml index.cgi
# Alias /phpfpm /var/www/fastcgi/phpfpm
# AddType application/x-httpd-php .php
# Action application/x-httpd-php /phpfpm
# FastCgiExternalServer /var/www/fastcgi/phpfpm -host 127.0.0.1:9000 -flush -pass-header Authorization
# EOF

# setsebool httpd_can_network_connect on

# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log

[Fri Apr 26 05:07:33 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:07:34 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:07:34 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:07:34 2013] [error] (13)Permission denied: FastCGI: apr_dir_open() failed
[Fri Apr 26 05:07:34 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:07:34 2013] [notice] Digest: done
[Fri Apr 26 05:07:34 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:07:34 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:07:34 2013] [notice] FastCGI: process manager initialized (pid 1841)
[Fri Apr 26 05:07:34 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log

[Fri Apr 26 05:10:05 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:10:05 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:10:05 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:10:05 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:10:05 2013] [notice] Digest: done
[Fri Apr 26 05:10:05 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [notice] FastCGI: process manager initialized (pid 1866)
[Fri Apr 26 05:10:05 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

UPD:
I completely disabled SELinux (setenforce 0 and SELINUX=disabled in /etc/sysconfig/selinux) and I also disabled suEXEC (mv /usr/sbin/suexec /usr/sbin/suexec.disabled and chmod 600 /usr/sbin/suexec.disabled). Here's what I got: 

# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log

[Tue Apr 30 12:02:52 2013] [notice] caught SIGTERM, shutting down
[Tue Apr 30 12:02:53 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Apr 30 12:02:53 2013] [notice] Digest: done
[Tue Apr 30 12:02:53 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [notice] FastCGI: process manager initialized (pid 1769)
[Tue Apr 30 12:02:53 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

Same errors.

# ls -ld /etc/httpd/logs/fastcgi/dynamic

drwx------. 2 apache apache 4096 Apr 26 05:07 /etc/httpd/logs/fastcgi/dynamic

# chmod 777 /etc/httpd/logs/fastcgi/dynamic

# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log

[Tue Apr 30 12:18:44 2013] [notice] caught SIGTERM, shutting down
[Tue Apr 30 12:18:44 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:18:44 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Apr 30 12:18:44 2013] [notice] Digest: done
[Tue Apr 30 12:18:44 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:18:44 2013] [notice] FastCGI: process manager initialized (pid 1888)
[Tue Apr 30 12:18:44 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

Still some errors. Any thoughts?

Thanks for your attention. Best regards, Anton Kizernis.

Это было полезно?

Решение

You did 

# chmod 777 /etc/httpd/logs/fastcgi/dynamic

But don't you need to set the readable bit for the grandparent directory, and make the parent directory writable? E.g.

# chmod -R a+rX /etc/httpd/logs
# chmod -R a+w  /etc/httpd/logs/fastcgi

This worked for me...

Другие советы

You should disable your selinux security policies. Selinux is not recommended with web server.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top