1

Conclusion : Ok so, now my configuration works, and I think the problem comes from the location of my project, in another user's directory. For some reasons, the either nginx or php-fpm is unhappy with it, and doesn't seem to work.

What's still bugging me is that it was a 404 error, not a 403.

Well, I don't think I will find the final answer.

I have read zillions of ways to do that, and unfortunately I don't understand what could go wrong.

server {
    server_name  onepage.cendrounet.com;
    listen       80;
    root /home/pag/workspace/test_css_platform;

    location / {
        fastcgi_pass unix:/var/run/php-fpm/www.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

Nginx is running.

# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Drop-In: /usr/lib/systemd/system/nginx.service.d
            └─php-fpm.conf
   Active: active (running) since Fri 2017-12-22 09:48:06 CET; 10h ago

Php-fpm is running :

# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-12-22 09:40:29 CET; 10h ago

Php-fpm is indeed an unix socket

# ls -l /var/run/php-fpm/www.sock
srw-rw----+ 1 root root 0 déc.  22 09:40 /var/run/php-fpm/www.sock

I am running fedora, but ausearch -m avc doesn't yield anything. (In case I don't understand how selinux works, setenforce 0 hasn't yielded any better resutls. But still, I returned it on.)

Furthermore, curl -i 'http://onepage.cendrounet.com' returns 

HTTP/1.1 404 Not Found
Server: nginx/1.12.1
Date: Fri, 22 Dec 2017 19:11:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.12

Furthermore, my user nginx belongs to my group pag.

I have set my permissions like so :

# namei -om /home/pag/workspace/css_test_platform/index.php
f: /home/pag/workspace/css_test_platform/index.php
 dr-xr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x pag  pag  pag
 drwxr-xr-x pag  pag  workspace
 drwxrwxr-x pag  pag  css_test_platform
 -rw-rw-r-- pag  pag  index.php

The configuration of php-fpm is the default one, some details picked :

user = apache
group = apache
listen = /run/php-fpm/www.sock
listen.acl_users = apache,nginx
listen.allowed_clients = 127.0.0.1

Theorically, user and group should be for RPM stuff, but I still have given the pag group to apache.

What could cause a 404 error on my index ?

Improve this question

2 Answers 2

Reset to default
2

This was on Arch, but it is systemd related.

This solution is for use on a development machine, and for good reasons, you shouldn't run a public site from your /home folder.

I configured php-fpm and nginx to run as my user. Edit the following file, and remove the ProtectHome=true line

sudo vi /etc/systemd/system/multi-user.target.wants/php-fpm.service

Reload, and restart everything;

systemctl daemon-reload
systemctl restart nginx.service
systemctl restart php-fpm.service
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I can't say for sure it was the solution to my problem, but I didn't know of that ProtectHome line.
I hope you solved your problem. I added my solution as I came across your question, and wanted to cover myself if I forget, and found myself here again!
0

You need to add try_files $uri /index.php; or similar in your location block:

location / {
    try_files $uri /index.php;
    fastcgi_pass unix:/var/run/php-fpm/www.sock;
    include fastcgi.conf;
}
Improve this answer

1 Comment

With that it gives an error 500, rewrite or internal redirection cycle while internally redirecting to "/index.php"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.