[Solved] lighttpd2 and php under fast-cgi returns 403 "Permission denied"
Added by Torxed about 10 years ago
lighttpd2 is under development but it's faar enough to where i want to start using it.
I've overcome the hurdle of installing it and getting vhost etc working.
- PHP 5.6.6 (cgi-fcgi) (built: Feb 20 2015 17:27:21)
- lighttpd-angel/2.0.0 - a fast and lightweight webserver | Build date: Mar 17 2015 13:42:32
- Arch Linux | linux 3.18.6-1
- VMWare Workstation 11.1.0 build-2496824
- http://redmine.lighttpd.net/projects/lighttpd2/wiki/Howto_PHP
- http://doc.lighttpd.net/lighttpd2/mod_fastcgi.html
They differ a bit so I tried both and I've tried the best of both of them but nothing works.
However php gives me the worst headache.
`/etc/lighttpd2/php.conf` looks as follows:
if phys.path =$ ".php" {
log.write "Accessing php file";
fastcgi "unix:/srv/http/php.sock";
}The sock used to reside under /var/run/lighttpd2/ but for access/debugging purposes I moved it to /srv/http where the entire doc-root is.
And this is what my `/etc/lighttpd2/lighttpd.conf` looks like:
setup {
module_load [
"mod_accesslog",
"mod_dirlist",
"mod_vhost"
"mod_fastcgi"
];
listen "0.0.0.0:80";
listen "[::]:80";
log [
"info" => "/var/log/lighttpd2/info.log",
"error" => "/var/log/lighttpd2/error.log",
"abort" => "/var/log/lighttpd2/error.log",
"backend" => "/var/log/lighttpd2/backend.log",
"debug" => "/var/log/lighttpd2/debug.log",
default => "/var/log/lighttpd2/error.log"
];
accesslog "/var/log/lighttpd2/access.log";
accesslog.format "%h V %u %t \"%r\" %>s %b \"{Referer}i\" \"%{User-Agent}i\"";
static.exclude_extensions [ ".php", ".pl", ".fcgi", "~", ".inc" ];
}
include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";
#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];
dirlist;
static;Not sure if I should comment out `static` at the end or not.
And finally, my "startup script" for php looks as follows:
#!/bin/sh
exec 2>&1
PHP_FCGI_CHILDREN=2 \
PHP_FCGI_MAX_REQUESTS=10000 \
LANG=C LC_ALL=C \
exec /usr/bin/spawn-fcgi n -s /srv/http/php.sock -u www-data -U www-data - /usr/bin/php-cgiMy logs are almost empty, but never the less here's what they say:
Startup log from systemd
---
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (info) lighttpd_worker.c:141: going down
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: debug (angel_server.c:367): instance released
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_main.c:94): going down
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:171): activate: core
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_server.c:184): Instance (30976) spawned: /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_main.c:90): parsed config file
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) lighttpd_worker.c:105: config path: /etc/lighttpd2/lighttpd.conf
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_accesslog'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_dirlist'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_vhost'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_fastcgi'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: loading (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:638): listen to ipv4: '0.0.0.0:80' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:679): listen to ipv6: '::' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: running (dest: running)Error-log is empty, but `info.log` says:
17/Mar/2015 17:14:21 CET (info) server.c:58: Got signal, shutdown`debug.log` says:
17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspended (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: running (dest: running)And `access.log` (after I've requested index.php) says:
192.168.253.1 192.168.253.130 - [17/Mar/2015:17:12:36 +0100] "GET / HTTP/1.1" 403 3744 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"Access on files
---
If I comment out everything to do with php, I get the file as a downloaded object with the proper content of:
<?php
header($_SERVER['SERVER_PROTOCOL'] . ' 302 Ok', true, 302);
print 'OK!';
?>The `header()` mod is just to make sure that lighttp doesn't screw up the headers because it's CGI (it's happned before and this should not affect the end result in a bad way).
The permissions looks as follows:
-rwxrwxrwx 1 www-data www-data 84 Mar 17 16:40 index.php
srw-r----- 1 www-data www-data 0 Mar 17 16:47 php.sock
-rw-r--r-- 1 root root 5 Mar 17 17:06 wham.html
"Funny" thing is that I can request `wham.html` without a problem and it's owned by root, but according to the documentation only working should be run as non-root, which I am:
root 30975 0.0 0.6 5104 3140 ? Ss 17:14 0:00 /usr/sbin/lighttpd2 -c /etc/lighttpd2/angel.conf
www-data 30976 0.0 0.7 52048 3760 ? Ssl 17:14 0:00 /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker --angel -c /etc/lighttpd2/lighttpd.conf
Where the hell am I going wrong about this?
---
My conclusion is that it's something to do with `php.conf`, because `log.write` never executes, or at least I can't see anything in any of the logs.
So I need help, badly!
Replies (2)
RE: lighttpd2 and php under fast-cgi returns 403 "Permission denied" - Added by stbuehler about 10 years ago
Hi!
The lighttpd2 config is basically a programming language, i.e. a list of actions that are executed in order. Only a small set of these actions are actually options that are set in the request context.
If, at the time of executing the contents of php.conf, the physical path doesn't end in ".php" it won't run the php; but it's only at the end of the main config that you have it search for the index.php! (and you didn't actually request "/index.php", the request was just for "/")
- vhost.conf should probably set the docroot in all cases; have it also handle the "default" docroot.
- either call index in the vhosts you want it, or call it after vhost.conf to run for all of them; but put it before "php.conf"
- you can use log.write to debug the contents of phys.path in php.conf before the if:
log.write "%{phys.path}";
Btw: the howto shows the correct order :)
I usually put (almost) everything into vhost configurations (see http://doc.lighttpd.net/lighttpd2/mod_vhost.html for handling default vhosts and the generic concept); I especially activate php only in the blocks I really want it; you can define aliases for common config actions (like the php howto is demonstrating).
RE: lighttpd2 and php under fast-cgi returns 403 "Permission denied" - Added by Torxed about 10 years ago
You're awesome!
I've sort of understood that the "conf" is more like a programming language, but it's not until you sad it that it really clicked and made sense.
If i defined docroot in all cases, the index [] part wasn't working properly before, but that most likely had with the order of things to do.
I change the order of config from
include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];to
docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";At first I got 403 even when calling /index.php directly, but this morning when i tried the config i posted here that worked but the index [] part didn't. Changing the above made all the difference and everything is working now!
All I can say, is thank you! :)