e update nginx to 1.4.7 and php to 5.5.12, After that I got the 502 error. Before we update everything works fine.
- we had a similar error after php update. PHP fixed a security bug where o had rw permission to the socket file.
- Open /etc/php5/fpm/pool.d/www.conf or /etc/php/7.0/fpm/pool.d/www.conf, depending on your version.
Uncomment all permission lines, like:
Restart fpm – sudo service php5-fpm restart or sudo service php7.0-fpm restart
Note: if your webserver runs as user other than www-data, you will need to update the www.conf file accordingly
- All the fixes currently mentioned here basically enable the security hole all over again.
- What we ended up doing is adding the following lines to my PHP-FPM configuration file.
Make sure that www-data is actually the user the nginx worker is running as. For debian it’s www-data by default.
Doing it this way does not enable the security problem that this change was supposed to fix.
- Make sure you have these lines uncommented in /etc/php5/fpm/pool.d/www.conf:
Make sure /etc/nginx/fastcgi_params looks like this:
These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there!
Then, restart php5-fpm and nginx. Should do the trick.
- In fact, “listen.mode” should be: “0660” and not “0666” as Other Writable or Other Readable is never a good choice here.
- So try to find out as which user/group your webserver runs.
I use CentOs and it runs as user “nginx” So add to your php-fpm.conf:
- Check which user runs nginx. As of Ubuntu 12.04 nginx runs by nginx user which is not a member of www-data group.
and restarting nginx and php5-fpm daemons solves the problem of nginx error.
- Alternative to broadening permissions in your php config, you could change the user specified in your nginx config.
- On the first line of your nginx.conf excerpt above, the user and group are specified as www and www, respectively.
Meanwhile, your php config probably specifies a user and group of www-data:
You might change the line in your nginx.conf, to any of the following, then:
- Consideration must also be given to your individual FPM pools, if any.
- The listen.user and listen.group were duplicated on a per-pool basis.
- If you used pools for different user accounts like, where each user account owns their FPM processes and sockets, setting only the default listen.owner and listen.group configuration options to ‘nginx’ will simply not work.
- And obviously, letting ‘nginx‘ own them all is not acceptable either.
For each pool, make sure that
Otherwise, you can leave the pool’s ownership and such alone.
- Simple but works..