對 FastCGI 使用 ProxyPassMatch,導致連接埠 9000 上的連線被拒絕

tag-icon tag-icon mod-proxy apache-2.4 fcgi mod-proxy-fcgi
對 FastCGI 使用 ProxyPassMatch,導致連接埠 9000 上的連線被拒絕

我不確定這是否是 php、apache 或 iptables 設定問題,但在嘗試存取檔案時收到以下錯誤.php。如果您需要更多資訊來幫助我診斷,請告訴我,我不知道下一步要檢查什麼。謝謝。

error.log

[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed
[Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1

我跟著本指南以及正在運行的 PHP 5.5.9 和 Apache 2.4.7

我確實已加載mod_proxymod_proxy_so模組:

# grep LoadModule /etc/apache2/apache2.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so

這是 ProxyPassMatch 指令:

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1

我還嘗試使用帶有以下指令的 UDS,但 apache 配置測試抱怨絕對 url:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/

這是iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-   unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:finger
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5   LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

答案1

檢查是否PHP-FPM正在運作。錯誤日誌顯示apache無法連線到 127.0.0.1:9000。讓它運行,(也許)錯誤就會消失。

也要檢查是否PHP-FPM透過套接字運作。也許它正在運行但沒有在 TCP/IP 堆疊中偵聽。

答案2

根據 Chris 的評論,我只是想添加如果 apache/php 確實支援套接字連接(看起來如果 apache > 2.4.10,它可以支援它),您也可以更改為在 apache 配置中使用它。我檢查了 php vi /etc/php/7.0/fpm/pool.d/www.conf 檔案以查看偵聽行中偵聽的套接字:

listen = /run/php/php7.0-fpm.sock

然後將其添加到我的 /etc/apache2/sites-enabled/000-default.conf 檔案(或您想要啟用的任何網站)中...

<FilesMatch \.php$>
    # 2.4.10+ can proxy to unix socket
    # SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/"

    # Else we can just use a tcp socket:
    # SetHandler "proxy:fcgi://127.0.0.1:9000"

    SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>

然後重新啟動網頁伺服器,然後index.php就會出現:

sudo service apache2 restart

相關內容