PHP Primary script unknown Solution Summary
- 2021-12-19 06:25:49
- OfStack
I believe many people who configure php environment have encountered this annoying problem:
The browser accesses the php file and returns File not found View/var/log/nginx/error. log, with "Primary script unknown", similar to the following:
2019/01/03 10:24:02 [error] 11931#11931: *260 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream,
client: 1.2.3.4, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: www.example.com
There are only two reasons, one is that php-fpm cannot find php file, and the other is that php-fpm does not have permission to read and execute files.
1. File problem not found
The php section of the site configuration file for nginx should look like this:
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ { #root The path configuration must be there, and it must be written correctly (don't laugh, it can really be written wrong)
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; #SCRIPT_FILENAME Use $document_root Instead of a specific path
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
2. Authority issues
It is also the one with the most pits.
1) Process users
user configuration in nginx. conf should be similar to php-fpm. d/www. conf 1, for example, nginx is used, or phpuser is a custom user (another nonsense, this user needs to be built in advance).
nginx. conf:
user phpuser;
worker_processes auto;
php-fpm. d/www. conf:
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = phpuser
group = phpuser
nginx and php-fpm process/listening information:
root 19107 0.0 0.1 207644 5852 ? Ss 1 Month 02 0:03 php-fpm: master process (/usr/local/etc/php-fpm.conf)
phpuser 19108 0.0 0.1 207644 7108 ? S 1 Month 02 0:00 php-fpm: pool www
phpuser 19109 0.0 0.1 207644 7112 ? S 1 Month 02 0:00 php-fpm: pool www
root 24676 0.0 0.0 56660 1024 ? Ss 13:08 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
phpuser 24677 0.0 0.7 84680 29976 ? S 13:08 0:00 nginx: worker process
phpuser 24678 0.0 0.7 84324 29236 ? S 13:08 0:00 nginx: worker process
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 19107/php-fpm: mast
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24676/nginx: master
tcp6 0 0 :::80 :::* LISTEN 24676/nginx: master
If nginx is modified, users must also change some directory permissions:
chown -R phpuser:phpuser /var/log/nginx
chown -R phpuser:phpuser /var/cache/nginx
chown -R phpuser:phpuser /usr/share/nginx/html
There are also/etc/logrotate. d/nginx, create 640 nginx adm lines to be changed:
create 640 phpuser adm
2) Directory and file permissions
The php file doesn't have to be set to 777, which makes people worry. As long as nginx and php-fpm run, it can be read and written by users, and 1 can be 770.
php file directory and file sample:
drwxrwx--- 6 phpuser phpuser 4.0K 2019-01-03 13:09 /usr/share/nginx/html
-rwxrwx--- 1 phpuser phpuser 40 2019-01-03 13:09 /usr/share/nginx/html/phpinfo.php
There is a deep hole here, which is likely to be a trick for using other directories to place php files, that is, phpuser should be allowed to access every layer directory of/path/to/phpfiles, and Permission denied will be found if one layer is missing.
In this example, every layer of directories above/usr/share/nginx/html is owned by root and has o+rx, that is, everyone has read and execute permissions (read and execute permissions are fundamental to directory access), so phpuser can access the html directory.
drwxr-xr-x. 13 root root 155 2018-07-10 15:42 /usr
drwxr-xr-x. 86 root root 4.0K 2018-12-17 07:33 /usr/share/
drwxr-xr-x 4 root root 40 2018-12-17 08:06 /usr/share/nginx/
drwxrwx--- 6 phpuser phpuser 4.0K 2019-01-03 13:11 /usr/share/nginx/html/
Test method:
sudo -u phpuser ls -l /usr/share/nginx/html/
3) SELINUX
nginx/apache Web page file selinux context, if change directory needs to be matched. (Testing on Cenots7+php7.3, static file 404 without selinux context, but php file did not encounter problems and did not delve into it.)
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ { #root The path configuration must be there, and it must be written correctly (don't laugh, it can really be written wrong)
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; #SCRIPT_FILENAME Use $document_root Instead of a specific path
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
0
Configure the selinux context:
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ { #root The path configuration must be there, and it must be written correctly (don't laugh, it can really be written wrong)
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; #SCRIPT_FILENAME Use $document_root Instead of a specific path
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
1
Or simply shut down selinux (you need to restart the server)
/etc/selinux/config:
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ { #root The path configuration must be there, and it must be written correctly (don't laugh, it can really be written wrong)
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; #SCRIPT_FILENAME Use $document_root Instead of a specific path
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
2
3. Finally
echo "<p align='center'>Good Luck :)</p><?php phpinfo(); ?>" > /usr/share/nginx/html/phpinfo.php
That's all about the ultimate solution for PHP Primary script unknown. Thank you for supporting this site.