Tag: «php-fpm»
Cheat sheet for setting up nginx+php-fpm from Homebrew
If after configuring nginx and php-fpm to work through php5-fpm.sock, Nginx throws a 502 bad gateway error and the log contains something like this:
*20 connect() to unix:/usr/local/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream
Then the permissions problem can be fixed like this:
cd /usr/local/var/run
sudo chmod 666 php5-fpm.sock
If that helped, then in /usr/local/etc/php/5.5/php-fpm.conf you should also uncomment this line:
listen.mode = 0666
FCKEditor and the «Access Denied» error
Updated Nginx and PHP on my server to the latest stable versions. PHP is currently 5.4.6.
After the update FCKEditor stopped working — instead of it I was getting an «Access Denied» message.
FCKEditor is rendered on the page through an iframe, and that’s where the message was hanging. I dug through the editor’s sources thinking maybe there was some PHP version check somewhere, but didn’t find anything special. The iframe loads fckeditor/editor/fckeditor.html. Opening that file directly produced the same error. I started suspecting Nginx, but it turned out to be neither Nginx nor the editor’s code — it was PHP itself (php-fpm).
Googling «Access Denied» wasn’t easy, but glancing into the error logs I spotted the keyword security.limit_extensions. From the name, this php-fpm.conf option controls which file extensions PHP code is allowed to execute in. Starting with PHP 5.3.9, for security reasons, if this option isn’t specified in the config, PHP only runs in .php files (I don’t know what it was before). FCKEditor wires itself up through PHP in some clever/messy way that ends up executing code in that very fckeditor.html file (even though there’s no PHP code inside — just a long framework setup). That’s why php-fpm was returning «Access Denied».
Fix: in php-fpm.conf, or better, in the pool .conf file (something like /etc/php-fpm/pulls/mysite.conf), add this line:
security.limit_extensions = .php .htmlThat’s the fix. Spent almost an hour and a half tracking it down — without knowing the editor’s code I couldn’t immediately figure out where to dig. So I’ll leave this here. Maybe it’ll save someone else the same trouble.