所以我有以下工作虚拟主机:
<VirtualHost 192.168.128.20:80>
ServerName euclid.domain.tld
#LogLevel debug
ErrorLog /var/www/euclid/logs/error_log
SuexecUserGroup fastcgi www_euclid
FastCgiExternalServer /var/www/euclid/htdocs/cgi-bin -socket /var/run/php-fpm/euclid.sock -user fastcgi -group www_euclid
AddHandler php-fastcgi .php
Action php-fastcgi /cgi-bin
Alias /cgi-bin /var/www/euclid/htdocs/cgi-bin
<Location /cgi-bin>
Order Deny,Allow
Deny from All
# Prevent accessing this path directly
Allow from env=REDIRECT_STATUS
Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch
</Location>
DocumentRoot /var/www/euclid/htdocs
<Directory /var/www/euclid/htdocs>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
我似乎不明白的是,为什么我需要同时拥有SuexecUserGroup fastcgi www_eucld和FastCgiExternalServer中的一个/两个带有-user fastcgi-group www_eUCLD标志。FPM启用了池,每个池都在自己的用户/组下运行。这是正确的,没有问题。如果我删除了SuexecUserGroup和/或-user-fastcgi-group www_eucld参数,我会得到以下错误,我不知道为什么。另外,fastcgi使用哪个uid和gid来访问套接字文件?它当然不是fastcgi:ww_eucld。
(13)Permission denied: FastCGI: failed to connect to server
"/var/www/euclid/htdocs/cgi-bin": connect() failed FastCGI:
incomplete headers (0 bytes) received from server
"/var/www/euclid/htdocs/cgi-bin"
好的,我相信我已经弄清楚问题出在哪里了。简单的答案是:;mod_fastcgi糟透了。它陈旧、未经维护且记录不足。为什么在查找如何运行php-fpm时它不断出现,我无法理解。省省你自己的头痛,不要使用它!
真正的解决方案很简单:
<VirtualHost 192.168.128.20:80>
ServerName euclid.domain.tld
#LogLevel debug
ErrorLog /var/www/euclid/logs/error_log
<IfDefine PROXY>
#If you want to use mod_proxy (Probably the best option)
ProxyPassMatch ^/(.*.php(/.*)?)$ fcgi://localhost:9000/var/www/euclid/htdocs/$1
</IfDefine>
<IfDefine FASTCGI_HANDLER>
#If you want to use mod_fastcgi_handler (3rd party)
AddHandler fcgi:/var/run/php-fpm-euclid.sock .php
</IfDefine>
DocumentRoot /var/www/euclid/htdocs
<Directory /var/www/euclid/htdocs>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
您是偶然使用SELinux吗?我遇到了一个类似的问题,它是由SELinux安全策略引起的,该策略阻止Apache连接到Django的fastcgi套接字。运行setenforce Permissive允许它工作。