Mod-Proxy

將 ProxyPassMatch 用於 FastCGI,導致埠 9000 上的連接被拒絕

  • June 12, 2017

我不確定這是否是 php、apache 或 iptables 配置問題,但在嘗試訪問.php文件時收到以下錯誤。如果您需要更多資訊來幫助我診斷,請告訴我,我不知道接下來要檢查什麼。謝謝你。

error.log:

[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed
[Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1

我按照本指南和正在執行的 PHP 5.5.9 和 Apache 2.4.7

我確實載入了mod_proxy和模組:mod_proxy_so

# grep LoadModule /etc/apache2/apache2.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so 

這是 ProxyPassMatch 指令:

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1

我也嘗試使用帶有以下指令的 UDS,但 apache 配置測試抱怨絕對 url:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/

這是iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-   unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:finger
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5   LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

檢查是否PHP-FPM正在執行。錯誤日誌顯示apache無法連接到 127.0.0.1:9000。讓它執行,(也許)錯誤就會消失。

還要檢查是否PHP-FPM通過套接字執行。也許它正在執行但沒有在 TCP/IP 堆棧中偵聽。

根據 Chris 的評論,我只是想補充一下 apache/php 是否支持套接字連接(看起來如果 apache > 2.4.10,它可以支持它),您也可以更改為在您的 apache 配置中使用它。我檢查了 php vi /etc/php/7.0/fpm/pool.d/www.conf 文件以查看監聽行中監聽的套接字:

listen = /run/php/php7.0-fpm.sock

然後將其添加到我的 /etc/apache2/sites-enabled/000-default.conf 文件(或您要啟用的任何網站)…

<FilesMatch \.php$>
   # 2.4.10+ can proxy to unix socket
   # SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/"

   # Else we can just use a tcp socket:
   # SetHandler "proxy:fcgi://127.0.0.1:9000"

   SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>

然後重新啟動網路伺服器,然後 index.php 為我顯示:

sudo service apache2 restart

引用自:https://serverfault.com/questions/594020