Моя текущая конфигурация:
GCE f1-micro (1 виртуальный ЦП, 0,6 ГБ) Haswell, CentOS 7.2, NGINX 1.10.2, PHP 7.0.12
[ошибка] 29111 # 0: * 43 FastCGI отправлено в stderr: "Сообщение PHP: Предупреждение PHP: Неизвестно: не удалось открыть поток: В разрешении отказано в Неизвестном в строке 0
Невозможно открыть основной скрипт: /var/www/mysite.com/public/index.php (Permission denied) "при чтении заголовка ответа из восходящего потока, клиент: XX.XXX.XXX.XXX, сервер: _, запрос:" GET / HTTP / 1.1 ", восходящий поток:" fastcgi: // unix: /var/run/php-fpm/php-fpm.sock: ", хост:" XXX.XXX.XXX.XXX "
Директивы расположения файлов NGINX * .conf
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi.conf;
}
location ~ ^/(status|ping)$ {
access_log off;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
NGINX
пользователь = рок
PHP-FPM
пользователь = рок
группа = рок
listen.owner = рок
listen.group = рок
listen.mode = 0660
Публичные разрешения
/ var /
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 www
/ var / www /
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mydomain
/ var / www / mydomain /
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 public
/ var / www / mydomain / public
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 index.html
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 index.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 info.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 license.txt
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 readme.html
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-activate.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-admin
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-blog-header.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-comments-post.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-config-sample.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-content
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-cron.php
drwxr-xr-x. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-includes
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-links-opml.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-load.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-login.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-mail.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-settings.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-signup.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-trackback.php
-rw-r--r--. rocky rocky unconfined_u:object_r:httpd_sys_rw_content_t:s0 xmlrpc.php
Журнал аудита
type = SYSCALL msg = audit (1480104445.879: 461): arch = c000003e syscall = 9 success = no exit = -13 a0 = 0 a1 = 10000 a2 = 7 a3 = 22 items = 0 ppid = 1270 pid = 1275 auid = 4294967295 uid = 1000 gid = 1001 euid = 1000 suid = 1000 fsuid = 1000 egid = 1001 sgid = 1001 fsgid = 1001 tty = (none) ses = 4294967295 comm = "php-fpm" exe = "/ usr / sbin / php-fpm" subj = system_u: system_r: httpd_t: s0 key = (ноль)
type = AVC msg = audit (1480104445.879: 461): avc: denied {execmem} for pid = 1275 comm = "php-fpm" scontext = system_u: system_r: httpd_t: s0 tcontext = system_u: system_r: httpd_t: s0 tclass = process
Проблема была в SELinux. Я решил проблему, разрешив httpd доступ к execmem.
setsebool -P httpd_execmem 1