Mod-Proxy
將 ProxyPassMatch 用於 FastCGI,導致埠 9000 上的連接被拒絕
我不確定這是否是 php、apache 或 iptables 配置問題,但在嘗試訪問
.php
文件時收到以下錯誤。如果您需要更多資訊來幫助我診斷,請告訴我,我不知道接下來要檢查什麼。謝謝你。
error.log
:[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed [Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1
我按照本指南和正在執行的 PHP 5.5.9 和 Apache 2.4.7
我確實載入了
mod_proxy
和模組:mod_proxy_so
# grep LoadModule /etc/apache2/apache2.conf LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
這是 ProxyPassMatch 指令:
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1
我也嘗試使用帶有以下指令的 UDS,但 apache 配置測試抱怨絕對 url:
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/
這是
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port- unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:finger ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:webmin ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
檢查是否
PHP-FPM
正在執行。錯誤日誌顯示apache
無法連接到 127.0.0.1:9000。讓它執行,(也許)錯誤就會消失。還要檢查是否
PHP-FPM
通過套接字執行。也許它正在執行但沒有在 TCP/IP 堆棧中偵聽。
根據 Chris 的評論,我只是想補充一下 apache/php 是否支持套接字連接(看起來如果 apache > 2.4.10,它可以支持它),您也可以更改為在您的 apache 配置中使用它。我檢查了 php vi /etc/php/7.0/fpm/pool.d/www.conf 文件以查看監聽行中監聽的套接字:
listen = /run/php/php7.0-fpm.sock
然後將其添加到我的 /etc/apache2/sites-enabled/000-default.conf 文件(或您要啟用的任何網站)…
<FilesMatch \.php$> # 2.4.10+ can proxy to unix socket # SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/" # Else we can just use a tcp socket: # SetHandler "proxy:fcgi://127.0.0.1:9000" SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/" </FilesMatch>
然後重新啟動網路伺服器,然後 index.php 為我顯示:
sudo service apache2 restart