in

PHP-FPM and Nginx 502 Bad Gateway issue (lab I)

PHP-FPM and Nginx 502 Bad Gateway issue (lab I)

While building This blog website Server Environment I, get Connection reset, and Prematurely closed connection from PHP-FPM Daemon side. That cause Nginx 502 Bad Gateway issue.
recv() failed (104: Connection reset by peer) while reading response header from upstream
and
upstream prematurely closed connection while reading response header from upstream 
error messages logged into nginx log file.

It’s live On Centos 6.9Linode VPS and  This web-server  software is: Nginx, PHP, and PHP-FPM.

Drupal system info as shown below.
PHP-FPM and Nginx 502 Bad Gateway issue (lab I)

I found That;
this issue is related to PHP-FPM (FastCGI Process Manager) daemon side, but the best solution we can set here is to set PHP-FPM to listen through socket instead of localhost:port default listen way.

so at PHP-FPM config file:
/etc/php-fpm.d/www.conf

comment the default listen parameter and add socket path as following

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
;                            specific port;
;   '[::]:port'            - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock

and adjustment nginx server settings to fastcgi_pass to the php-fpm socket path.

/etc/nginx/conf.d/netslovers.conf

location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_pass unix:/var/run/php5-fpm.sock;

        fastcgi_index index.php;

        include fastcgi_params;
        include fastcgi.conf;
        .......

and restart the nginx daemon. That works in this case.

many Linux admins as I read while searching about this issue, say that; this issue is timeout  one.

ie. PHP-FPM process_control_timeout value. and its really sound like that (good logic).

please read this article from selivan.github.io

Problem is in php-fpm parameter process_control_timeout(documentation). It controls time for child process to process signals from master and defaults to 0. So effectively reload kills worker, and you get errors. I recommend setting this parameter to same value as max_execution_time, so worker have time to finish processing request.

and I think best to extend timeouts with using socket method will good thing to do too.
One last Step to do here is to set users and groups that own the PHP-FPM process is the same as nginx user

so edit /etc/php-fpm.d/www.conf config file

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
;                            specific port;
;   '[::]:port'            - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock

; Set listen(2) backlog.
; Default Value: 65535
;listen.backlog = 65535

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

hope that helps.

Good Referencies:

https://www.scalescale.com/tips/nginx/php5-fpm-sock-failed-13-permission-denied-error/

https://selivan.github.io/2016/10/25/php-fpm-502-error-on-reload.html

Thanks

What do you think?

x64dbg

X64dbg The Open Source Reverse Engineering debugger tool for windows

How to Configure Nginx as a reverse-proxy (lab II)

How to Configure Nginx as a reverse-proxy (lab II)