Nginx/PHP-FPM “Access denied.” error

I'm trying to set up a freshly installed Ubuntu (12.04) server, but I can't get PHP files running through php-fpm. No matter what I do, I always get a "Access denied." page (plain text, not html or anything).

 

Installed packages:

nginx
nginx-common
nginx-full
php5
php5-cli
php5-common
php5-fpm

Configuration details:

PHP-FPM:

user = www-data
group = www-data
listen = /var/run/php5-fpm.sock

Nginx:

user www-data;
worker_processes 3;
events { worker_connections 1024; }

Default/test domain:

server {
    listen       80;
    server_name  localhost;
    root         /extra/htdocs/default;
    index        index.html index.php

    access_log   /extra/logs/default/access.log;
    error_log    /extra/logs/default/error.log;

    location / {
        try_files  $uri $uri/ /index.html;
    }

    location ~ \.php
    {
        fastcgi_split_path_info  ^(.+\.php)(/.+)$;

        include fastcgi_params;

        fastcgi_index   index.php;
        fastcgi_pass    unix:/var/run/php5-fpm.sock;
        fastcgi_param   PATH_INFO         $fastcgi_path_info;
        fastcgi_param   PATH_TRANSLATED   $document_root$fastcgi_path_info;
        fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;
    }
}

/extra/htdocs/default/index.php:

<?php
phpinfo();

Everything else is default. Both the Nginx and php-fpm logs show no errors. Yet when I load http://<server-ip>/index.php I get the "Access denied" page.

Troubleshooting:

  • The index.html file works just fine. Therefore it must be either php-fpm, or the fastcgi binding between Nginx and php-fpm.
  • I've set the ownership (both user and group) of the entire /extra directory to www-data, and ownership to 777, just to be sure (I'll tone it down once it works of course). So it's certainly not a permissions issue
  • It's not the security.limit_extensions issue that I see a lot: by default that is set to .php, which is exactly what I'm requesting. I've explicitly set it to .php .html, with the same result.

I'm really getting tired of this, I've installed this setup twice already (albeit on OSX machines), and everything worked flawlessly. Is there anything I'm overlooking?

The log contents:

The Nginx error log is empty.

Nginx access log (removed ip).

 

Solution

 

 

The culprit was this line in my config:

fastcgi_param   PATH_TRANSLATED     $document_root$fastcgi_path_info;

If I commented this line, everything worked fine. However I saw this in almost every post I read about Nginx configs, so it bothered me. When looking at my configs for the millionth time, I saw that cgi.fix_pathinfo (in php.ini) was set to 0, where it should have been 1. The default value PHP uses is also 1, so I must have changed this in my debugging hours, because I remember reading about this value, and thought it was set correct.

 

 

Revisions

No comments yet.

Leave a Reply