使用 ProxyPassMatch 进行 FastCGI 导致端口 9000 上的连接被拒绝

tag-icon tag-icon mod-proxy apache-2.4 fcgi mod-proxy-fcgi
使用 ProxyPassMatch 进行 FastCGI 导致端口 9000 上的连接被拒绝

我不确定这是 php、apache 还是 iptables 配置问题,但尝试访问文件时收到以下错误.php。如果您需要更多信息来帮助我诊断,请告诉我,我不知道下一步该检查什么。谢谢。

error.log

[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed
[Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1

我跟着本指南并运行 PHP 5.5.9 和 Apache 2.4.7

我确实已经加载了mod_proxymod_proxy_so模块:

# grep LoadModule /etc/apache2/apache2.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so

以下是 ProxyPassMatch 指令:

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1

我也尝试过使用带有以下指令的 UDS,但是 apache 配置测试对绝对 url 有所抱怨:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/

这是iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-   unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:finger
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5   LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

答案1

检查它是否PHP-FPM正在运行。错误日志显示apache无法连接到 127.0.0.1:9000。让它运行,(也许)错误就会消失。

还要检查是否PHP-FPM通过套接字运行。也许它正在运行,但没有在 TCP/IP 堆栈中监听。

答案2

根据 Chris 的评论,我只想补充一下,如果 apache/php 确实支持套接字连接(看起来如果 apache > 2.4.10,它可以支持它),您也可以在 apache 配置中更改为使用它。我检查了 php vi /etc/php/7.0/fpm/pool.d/www.conf 文件以查看 listen 行中正在监听什么套接字:

listen = /run/php/php7.0-fpm.sock

然后将其添加到我的 /etc/apache2/sites-enabled/000-default.conf 文件(或您想要启用的任何网站)...

<FilesMatch \.php$>
    # 2.4.10+ can proxy to unix socket
    # SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/"

    # Else we can just use a tcp socket:
    # SetHandler "proxy:fcgi://127.0.0.1:9000"

    SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>

然后重新启动 Web 服务器,index.php 就会显示出来:

sudo service apache2 restart

相关内容