Nginx/PHP-FPM “Access denied.” error

I'm trying to set up a freshly installed Ubuntu (12.04) server, but I can't get PHP files running through php-fpm. No matter what I do, I always get a "Access denied." page (plain text, not html or anything).


Installed packages:


Configuration details:


user = www-data
group = www-data
listen = /var/run/php5-fpm.sock


user www-data;
worker_processes 3;
events { worker_connections 1024; }

Default/test domain:

server {
    listen       80;
    server_name  localhost;
    root         /extra/htdocs/default;
    index        index.html index.php

    access_log   /extra/logs/default/access.log;
    error_log    /extra/logs/default/error.log;

    location / {
        try_files  $uri $uri/ /index.html;

    location ~ \.php
        fastcgi_split_path_info  ^(.+\.php)(/.+)$;

        include fastcgi_params;

        fastcgi_index   index.php;
        fastcgi_pass    unix:/var/run/php5-fpm.sock;
        fastcgi_param   PATH_INFO         $fastcgi_path_info;
        fastcgi_param   PATH_TRANSLATED   $document_root$fastcgi_path_info;
        fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;



Everything else is default. Both the Nginx and php-fpm logs show no errors. Yet when I load http://<server-ip>/index.php I get the "Access denied" page.


  • The index.html file works just fine. Therefore it must be either php-fpm, or the fastcgi binding between Nginx and php-fpm.
  • I've set the ownership (both user and group) of the entire /extra directory to www-data, and ownership to 777, just to be sure (I'll tone it down once it works of course). So it's certainly not a permissions issue
  • It's not the security.limit_extensions issue that I see a lot: by default that is set to .php, which is exactly what I'm requesting. I've explicitly set it to .php .html, with the same result.

I'm really getting tired of this, I've installed this setup twice already (albeit on OSX machines), and everything worked flawlessly. Is there anything I'm overlooking?

The log contents:

The Nginx error log is empty.

Nginx access log (removed ip).





The culprit was this line in my config:

fastcgi_param   PATH_TRANSLATED     $document_root$fastcgi_path_info;

If I commented this line, everything worked fine. However I saw this in almost every post I read about Nginx configs, so it bothered me. When looking at my configs for the millionth time, I saw that cgi.fix_pathinfo (in php.ini) was set to 0, where it should have been 1. The default value PHP uses is also 1, so I must have changed this in my debugging hours, because I remember reading about this value, and thought it was set correct.




No comments yet.

Leave a Reply