Apache 2.4.10 + mod_proxy_fcgi + PHP-FPM 与 CHROOT => 404 错误

标签 apache php chroot

首先,我尝试在 Debian Jessie(测试)机器上为 Apache 2.4、mod_proxy_fcgi 和 PHP-FPM 设置基本配置。

打开 .php 文件时一切正常。

但是,如果我激活 PHP-FPM 的 chroot,我只会在浏览器中收到“找不到文件。” 消息。
.

配置

apache2.conf的部分内容

<FilesMatch \.php$>
   SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
</FilesMatch>

/var/wwww/html 的内容

x1@vm1:~$ ls -l /var/www/html/
-rw-r--r-- 1 www-data     www-data       19 Jan 15 23:37 index.php

/etc/php5/fpm/pool.d/www*的部分内容

prefix = /var/www/html
chroot = $prefix
chdir = /
catch_workers_output = yes

.

搜索错误的步骤/日志文件

Apache 错误日志

[proxy_fcgi:error] [pid 12615:tid 140653535131392] [client 1.2.3.4:123] AH01071: Got error 'Primary script unknown\n'

Apache Access.log

1.2.3.4- - [16/Jan/2015:01:22:58 +0100] "GET /index.php HTTP/1.1" 404 365 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

php5-fpm.log

[16-Jan-2015 01:22:55] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful
[16-Jan-2015 01:22:56] NOTICE: fpm is running, pid 12781
[16-Jan-2015 01:22:56] NOTICE: ready to handle connections
[16-Jan-2015 01:22:56] NOTICE: systemd monitor interval set to 10000ms

Apache error.log,日志级别为 Trace8,并且 PHP5-FPM chroot 已开启

    [core:trace6] [pid 9794:tid 140072171042560] core_filters.c(527): [client 1.2.3.4:61149] core_output_filter: flushing because of FLUSH bucket
[core:trace5] [pid 9794:tid 140072332166912] protocol.c(618): [client 1.2.3.4:61152] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(301): [client 1.2.3.4:61152] Headers received from client:
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Host: example.com
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Connection: keep-alive
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072332166912] request.c(238): [client 1.2.3.4:61152] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1938): [client 1.2.3.4:61152] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1972): [client 1.2.3.4:61152] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072332166912] mod_proxy.c(1155): [client 1.2.3.4:61152] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(786): [client 1.2.3.4:61152] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(793): [client 1.2.3.4:61152] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2184): [client 1.2.3.4:61152] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2217): [client 1.2.3.4:61152] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2385): [client 1.2.3.4:61152] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:error] [pid 9794:tid 140072332166912] [client 1.2.3.4:61152] AH01071: Got error 'Primary script unknown\n'
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(522): [client 1.2.3.4:61152] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   Status: 404 Not Found
[proxy_fcgi:trace1] [pid 9794:tid 140072332166912] util_script.c(602): [client 1.2.3.4:61152] Status line from script 'index.php': 404 Not Found
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   Content-type: text/html; charset=UTF-8
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072332166912] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072332166912] http_filters.c(1045): [client 1.2.3.4:61152] Response sent with status 404, headers:
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1052): [client 1.2.3.4:61152]   Date: Thu, 15 Jan 2015 23:54:44 GMT
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1055): [client 1.2.3.4:61152]   Server: Apache
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Content-Length: 16
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Content-Type: text/html; charset=UTF-8

Apache error.log,日志级别trace8和PHP5-FPM chroot关闭

[core:trace5] [pid 9794:tid 140072323774208] protocol.c(618): [client 1.2.3.4:61135] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(301): [client 1.2.3.4:61135] Headers received from client:
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Host: example.com
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Connection: keep-alive
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072323774208] request.c(238): [client 1.2.3.4:61135] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1938): [client 1.2.3.4:61135] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1972): [client 1.2.3.4:61135] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072323774208] mod_proxy.c(1155): [client 1.2.3.4:61135] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(786): [client 1.2.3.4:61135] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(793): [client 1.2.3.4:61135] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2184): [client 1.2.3.4:61135] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2217): [client 1.2.3.4:61135] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2385): [client 1.2.3.4:61135] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(522): [client 1.2.3.4:61135] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135]   X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135]   Content-type: text/html; charset=UTF-8
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/rss+xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match

[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/x-javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/ecmascript'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'text/css'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(175): [client 1.2.3.4:61135] ... matched 'text/html'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' matched

[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072323774208] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072323774208] http_filters.c(1045): [client 1.2.3.4:61135] Response sent with status 200, headers:
[...]

[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1052): [client 1.2.3.4:61135]   Date: Thu, 15 Jan 2015 23:53:47 GMT
[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1055): [client 1.2.3.4:61135]   Server: Apache
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Vary: Accept-Encoding
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Content-Length: 2
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Content-Type: text/html; charset=UTF-8

如您所见,这两者之间没有区别

 AH00947: connected /var/www/html/index.php to httpd-UDS:0

.

有人遇到过类似的问题并且知道解决办法吗? 此外,我还来自 tcpdump 的数据(而 PHP5-FPM 正在监听 TCP 端口而不是使用套接字,并且我来自嗅探套接字的数据
如果需要这些,请告诉我 - 我不想让问题太大。

.

编辑:

我做了一些进一步的研究,希望能找到问题所在。 也许这可以帮助我们进一步......

PHP-FPM 状态页面 Difference between chroot enabled and disabled

工作进程上的 strace(chroot = 关闭)

accept(0, {sa_family=AF_INET, sin_port=htons(50759), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1397, 223489054}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718096640
poll([{fd=5, events=POLLIN}], 1, 5000)  = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8)         = 8
read(5, "\0\1\1\0\0\0\0\0", 8)          = 8
read(5, "\1\4\0\1\3\341\0\0", 8)        = 8
read(5, "\t\30UNIQUE_IDVLmGr38AAQEAAAVjkB4AAAAE\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8)          = 8

lstat("/var/www/html/index.php", {st_mode=S_IFREG|0644, st_size=538, ...}) = 0
lstat("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

工作进程上的 strace(chroot = on)

accept(0, {sa_family=AF_INET, sin_port=htons(50751), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1208, 313176419}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718077750
poll([{fd=5, events=POLLIN}], 1, 5000)  = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8)         = 8
read(5, "\0\1\1\0\0\0\0\0", 8)          = 8
read(5, "\1\4\0\1\3\341\0\0", 8)        = 8
read(5, "\t\30UNIQUE_IDVLmF8n8AAQEAAAVjkB0AAAAS\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8)          = 8

lstat("/var/www/html/index.php", 0x7fff98aa5d20) = -1 ENOENT (No such file or directory)
stat("/var/www/html", 0x7fff98aa8160)   = -1 ENOENT (No such file or directory)
stat("/var/www", 0x7fff98aa8160)        = -1 ENOENT (No such file or directory)
stat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("", 0x7fff98aa8160)                = -1 ENOENT (No such file or directory)

最佳答案

当您使用指令时

<FilesMatch \.php$>
   SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
</FilesMatch>

发送到代理的脚本路径是FilesMatch匹配的文件的完整路径,但该路径在chroot中不存在。

在php.ini中设置doc_root可以解决这个问题

关于Apache 2.4.10 + mod_proxy_fcgi + PHP-FPM 与 CHROOT => 404 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27975734/

上一篇:.net - "GenerateResource"任务意外失败 Windows 通用项目中出现错误

下一篇:ios8 - Coreplot 1.5.x arm64 - 架构 arm64 的 undefined symbol :

相关文章:

Django + Celery + Apache mod_wsgi + Postgres + RabbitMQ 多个客户端的应用程序

python - 我可以将 apache mahout 与 django 应用程序一起使用吗

php - 插入前检查 PostgreSQL 表

php - mySQL 与 PHP 到 JSON 用于客户端图表

linux - chroot jail + ssh key 被拒绝

apache - 将 web.config 重写规则转换为 htaccess 重写规则(所有不带扩展名的文件将被处理为 .cfm)

python - Django + apache & mod_wsgi : having to restart apache after changes

php - 如何通过单选按钮创建列表评级帖子?

bash 重新匹配为 chroot

c - Windows 服务器应用程序的 fork/chroot 等效项

©2024 IT工具网  联系我们