jlazerus
By:
jlazerus

403 Error - Wordpress, Nginx, 2nd domain on 1 droplet

February 17, 2017 301 views
WordPress Nginx Ubuntu

I setup a wordpress droplet on Ubuntu and the first site I have on there works fine. I wanted to add a second site to the server so I followed the instructions here. Granted, these are specific to apache and I'm on nginx, they should be pretty close.

When I go to the site, I get a 403 Forbidden and the following error in my nginx error log:

2017/02/17 00:53:04 [error] 29074#29074: *5 directory index of "/var/www/lazerusdesigns/" is forbidden, client: 73.60.85.71, server: www.lazerusdesigns.com, request: "GET / HTTP/1.1", host: "www.lazerusdesigns.com"

2017/02/17 00:53:04 [error] 29074#29074: *6 open() "/var/www/lazerusdesigns/favicon.ico" failed (2: No such file or directory), client: 73.60.85.71, server: www.lazerusdesigns.com, request: "GET /favicon.ico HTTP/1.1", host: "www.lazerusdesigns.com"

I tried checking the permissions on the folder and files where the site is stored.

In my wordpress file in sites-available, I added the following:

server {
root /var/www/lazerusdesigns;
servername www.lazerusdesigns.com;
access
log /var/log/nginx/www.lazerusdesigns.com.access.log;
errorlog /var/log/nginx/www.lazerusdesigns.com.error.log;
location ~.php$ {
include snippets/fastcgi-php.conf;
fastcgi
pass 127.0.0.1:9000;
fastcgiparam SCRIPTFILENAME $documentroot$fastcgiscriptname;
include fastcgi
params;
}
}

I'm at a loss. Any thoughts anyone? BTW, I'm no linux guru so you may have to spell out what you're thinking lol.

1 comment
7 Answers
jlazerus February 18, 2017
Accepted Answer

Okay, its fixed. I had to open my php.ini file and change the value of cgi.fix_pathinfo from 0 to 1.

@jlazerus

What's inside the file below?

include snippets/fastcgi-php.conf;

Also, just a quick restructure of your server block, just to keep things a little more organized and add a bit that's missing.

server {
    listen 80;
    servername lazerusdesigns.com www.lazerusdesigns.com;

    root /var/www/lazerusdesigns;

    accesslog /var/log/nginx/www.lazerusdesigns.com.access.log;
    errorlog /var/log/nginx/www.lazerusdesigns.com.error.log;

    location ~.php$ {
        include snippets/fastcgi-php.conf;
        fastcgipass 127.0.0.1:9000;
        fastcgiparam SCRIPTFILENAME $documentroot$fastcgiscriptname;
        include fastcgiparams;
    }
}
  • Thanks for the response. My fastcgi-php.conf is below. Thanks too for the tips on fixing the server block. I'll do that now.

    # regex to split $uri to $fastcgi_script_name and $fastcgi_path
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    
    # Check that the PHP script exists before passing it
    try_files $fastcgi_script_name =404;
    
    # Bypass the fact that try_files resets $fastcgi_path_info
    # see: http://trac.nginx.org/nginx/ticket/321
    set $path_info $fastcgi_path_info;
    fastcgi_param PATH_INFO $path_info;
    
    fastcgi_index index.php;
    include fastcgi.conf;
    
    

@jlazerus

In the new server block I provided, replace:

    location ~.php$ {
        include snippets/fastcgi-php.conf;
        fastcgipass 127.0.0.1:9000;
        fastcgiparam SCRIPTFILENAME $documentroot$fastcgiscriptname;
        include fastcgiparams;
    }

... with (i.e use only my configuration, none of the custom configuration you have right now):

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;

        include fastcgi_params;
    }

If you want to change /etc/nginx/fastcgi_params, you can make a backup:

cp /etc/nginx/fastcgi_params /usr/local/src/fastcgi_params

Remove it:

rm -rf /etc/nginx/fastcgi_params

And then create a new one:

nano /etc/nginx/fastcgi_params

... and paste in:

    fastcgi_param  SCRIPT_FILENAME    $request_filename;

    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;

    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;

    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";

    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;

    fastcgi_param  REDIRECT_STATUS    200;

You'd then reload NGINX:

systemctl reload nginx

or

service nginx reload

The above is, of course, assuming you have PHP-FPM setup to use TCP instead of the default socket.

To check this, you'd need to change to your PHP-FPM directory:

cd /etc/php/*/fpm/pool.d

The above should put you in the correct directory. You'd then edit the file inside and look for the listen directive and make sure it's set to 127.0.0.1:9000.

  • @jlazerus

    What you should end up with is this:

    server {
        listen 80;
        servername lazerusdesigns.com www.lazerusdesigns.com;
    
        root /var/www/lazerusdesigns;
    
        accesslog /var/log/nginx/www.lazerusdesigns.com.access.log;
        errorlog /var/log/nginx/www.lazerusdesigns.com.error.log;
    
        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
    
            include fastcgi_params;
        }
    }
    

So I made the changes you suggested but now I'm getting a 403 Forbidden. My other website is still up though so that's good.

This is the error.log now.

2017/02/17 23:20:34 [crit] 9966#9966: *77 connect() to unix:/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 108.162.221.218, server: www.infosecured.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "www.infosecured.org"
2017/02/17 23:20:37 [crit] 9966#9966: *79 connect() to unix:/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 108.162.219.134, server: www.infosecured.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "www.infosecured.org"
2017/02/17 23:20:38 [crit] 9966#9966: *81 connect() to unix:/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 141.101.102.44, server: www.infosecured.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "www.infosecured.org"
2017/02/17 23:24:04 [emerg] 10078#10078: invalid number of arguments in "fastcgi_pass" directive in /etc/nginx/sites-enabled/wordpress:26
2017/02/17 23:45:36 [emerg] 10352#10352: unknown directive "locate" in /etc/nginx/sites-enabled/wordpress:30
2017/02/18 00:39:56 [emerg] 11183#11183: invalid number of arguments in "fastcgi_pass" directive in /etc/nginx/sites-enabled/wordpress:26
2017/02/18 01:02:48 [notice] 11484#11484: signal process started
2017/02/18 01:03:55 [notice] 11503#11503: signal process started
2017/02/18 01:35:32 [alert] 11783#11783: *4 open socket #14 left in connection 5
2017/02/18 01:35:32 [alert] 11783#11783: aborting

If I add index index.php; to my server block, I get a 502 error again.

Its fixed. I had to edit my php.ini and change the value of cgi.fix_pathinfo from 0 to 1.

Have another answer? Share your knowledge.