我当前的配置:
GCE f1-micro(1 vCPU,0.6GB)Haswell,CentOS 7.2,NGINX 1.10.2,PHP 7.0.12
- 静态页面运行无问题。
- phpinfo() 页面服务器没有问题。
- WordPress 设置页面 CPU 超载,导致我重置服务器。
[错误] 29111#0:* 43 FastCGI 在 stderr 中发送:“PHP 消息:PHP 警告:未知:无法打开流:第 0 行未知中的权限被拒绝
无法打开主脚本:/var/www/mysite.com/public/index.php(权限被拒绝)”从上游读取响应标头时,客户端:XX.XXX.XXX.XXX,服务器:_,请求:“GET / HTTP/1.1”,上游:“fastcgi://unix:/var/run/php-fpm/php-fpm.sock:”,主机:“XXX.XXX.XXX.XXX”
NGINX *.conf 文件位置指令
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi.conf;
}
location ~ ^/(status|ping)$ {
access_log off;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
NGINX
用户=rocky
PHP-FPM
用户=rocky
组 = 岩石
listen.owner = rocky
listen.group = rocky
listen.mode = 0660
公共权限
/变量/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 www
/var/www/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mydomain
/var/www/我的域名/
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 public
在/var/www/mydomain/公共
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 index.html
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 index.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 info.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 license.txt
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 readme.html
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-activate.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-admin
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-blog-header.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-comments-post.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-config-sample.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-content
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-cron.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-includes
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-links-opml.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-load.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-login.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-mail.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-settings.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-signup.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-trackback.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 xmlrpc.php
审计日志
类型 = SYSCALL msg = 审核(1480104445.879:461):arch = c000003e syscall = 9 成功 = 否退出 = -13 a0 = 0 a1 = 10000 a2 = 7 a3 = 22 项目 = 0 ppid = 1270 pid = 1275 auid = 4294967295 uid = 1000 gid = 1001 euid = 1000 suid = 1000 fsuid = 1000 egid = 1001 sgid = 1001 fsgid = 1001 tty =(无)ses = 4294967295 comm =“php-fpm”exe =“/usr/sbin/php-fpm”subj = system_u:system_r:httpd_t:s0 key =(null)
类型 = AVC 消息 = 审核(1480104445.879:461):avc:拒绝 pid = 1275 的 { execmem } comm =“php-fpm”scontext = system_u:system_r:httpd_t:s0 tcontext = system_u:system_r:httpd_t:s0 tclass = process
答案1
问题出在 SELinux 上。我通过允许 httpd 访问 execmem 解决了该问题。
setsebool -P httpd_execmem 1