Apache 2.4.10 + mod_proxy_fcgi + PHP-FPM с CHROOT = & gt; Ошибка 404

Прежде всего я попытался настроить базовую конфигурацию для Apache 2.4, mod_proxy_fcgi и PHP-FPM на компьютере Debian Jessie (Testing).

Все отлично работает при открытии .php-файлов.

Однако, если я активирую chroot для PHP-FPM, я получаю только «Файл не найден.» сообщение внутри моего браузера.
.

конфигурация

частичное содержание apache2.conf

<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"</FilesMatch>

содержание / var / wwww / html

x1@vm1:~$ ls -l /var/www/html/
-rw-r--r-- 1 www-data     www-data       19 Jan 15 23:37 index.php

частичное содержание /etc/php5/fpm/pool.d/www*

prefix = /var/www/html
chroot = $prefix
chdir = /
catch_workers_output = yes

.

Шаги / лог файлы для поиска ошибки

Apache error.log

[proxy_fcgi:error] [pid 12615:tid 140653535131392] [client 1.2.3.4:123] AH01071: Got error 'Primary script unknown\n'

Apache Access.log

1.2.3.4- - [16/Jan/2015:01:22:58 +0100] "GET /index.php HTTP/1.1" 404 365 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

php5-fpm.log

[16-Jan-2015 01:22:55] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful
[16-Jan-2015 01:22:56] NOTICE: fpm is running, pid 12781
[16-Jan-2015 01:22:56] NOTICE: ready to handle connections
[16-Jan-2015 01:22:56] NOTICE: systemd monitor interval set to 10000ms

Apache error.log с loglevel trace8 и включенным chroot PHP5-FPM

    [core:trace6] [pid 9794:tid 140072171042560] core_filters.c(527): [client 1.2.3.4:61149] core_output_filter: flushing because of FLUSH bucket
[core:trace5] [pid 9794:tid 140072332166912] protocol.c(618): [client 1.2.3.4:61152] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(301): [client 1.2.3.4:61152] Headers received from client:
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Host: example.com
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Connection: keep-alive
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072332166912] http_request.c(305): [client 1.2.3.4:61152]   Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072332166912] mod_authz_core.c(809): [client 1.2.3.4:61152] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072332166912] request.c(238): [client 1.2.3.4:61152] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1938): [client 1.2.3.4:61152] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072332166912] proxy_util.c(1972): [client 1.2.3.4:61152] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072332166912] mod_proxy.c(1155): [client 1.2.3.4:61152] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(786): [client 1.2.3.4:61152] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072332166912] mod_proxy_fcgi.c(793): [client 1.2.3.4:61152] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2184): [client 1.2.3.4:61152] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2217): [client 1.2.3.4:61152] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2385): [client 1.2.3.4:61152] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:error] [pid 9794:tid 140072332166912] [client 1.2.3.4:61152] AH01071: Got error 'Primary script unknown\n'
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(522): [client 1.2.3.4:61152] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   Status: 404 Not Found
[proxy_fcgi:trace1] [pid 9794:tid 140072332166912] util_script.c(602): [client 1.2.3.4:61152] Status line from script 'index.php': 404 Not Found
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072332166912] util_script.c(523): [client 1.2.3.4:61152]   Content-type: text/html; charset=UTF-8
[proxy:debug] [pid 9794:tid 140072332166912] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072332166912] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072332166912] http_filters.c(1045): [client 1.2.3.4:61152] Response sent with status 404, headers:
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1052): [client 1.2.3.4:61152]   Date: Thu, 15 Jan 2015 23:54:44 GMT
[http:trace5] [pid 9794:tid 140072332166912] http_filters.c(1055): [client 1.2.3.4:61152]   Server: Apache
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Content-Length: 16
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072332166912] http_filters.c(874): [client 1.2.3.4:61152]   Content-Type: text/html; charset=UTF-8

Apache error.log с лог-уровнем trace8 и отключенной поддержкой PHP5-FPM

[core:trace5] [pid 9794:tid 140072323774208] protocol.c(618): [client 1.2.3.4:61135] Request received from client: GET /index.php HTTP/1.1
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(301): [client 1.2.3.4:61135] Headers received from client:
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Host: example.com
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Connection: keep-alive
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Cache-Control: max-age=0
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept-Encoding: gzip, deflate, sdch
[http:trace4] [pid 9794:tid 140072323774208] http_request.c(305): [client 1.2.3.4:61135]   Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 9794:tid 140072323774208] mod_authz_core.c(809): [client 1.2.3.4:61135] AH01626: authorization result of <RequireAny>: granted
[core:trace3] [pid 9794:tid 140072323774208] request.c(238): [client 1.2.3.4:61135] request authorized without authentication by access_checker_ex hook: /index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1938): [client 1.2.3.4:61135] *: found reverse proxy worker for unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/html/index.php
[proxy:trace2] [pid 9794:tid 140072323774208] proxy_util.c(1972): [client 1.2.3.4:61135] *: rewrite of url due to UDS(/var/run/php5-fpm.sock): fcgi://localhost/var/www/html/index.php (proxy:fcgi://localhost/var/www/html/index.php)
[proxy:debug] [pid 9794:tid 140072323774208] mod_proxy.c(1155): [client 1.2.3.4:61135] AH01143: Running scheme unix handler (attempt 0)
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(786): [client 1.2.3.4:61135] AH01076: url: fcgi://localhost/var/www/html/index.php proxyname: (null) proxyport: 0
[proxy_fcgi:debug] [pid 9794:tid 140072323774208] mod_proxy_fcgi.c(793): [client 1.2.3.4:61135] AH01078: serving URL fcgi://localhost/var/www/html/index.php
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2131): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2184): [client 1.2.3.4:61135] AH00944: connecting fcgi://localhost/var/www/html/index.php to localhost:8000
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2217): [client 1.2.3.4:61135] AH02545: fcgi: has determined UDS as /var/run/php5-fpm.sock
[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2385): [client 1.2.3.4:61135] AH00947: connected /var/www/html/index.php to httpd-UDS:0
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(522): [client 1.2.3.4:61135] Headers from script 'index.php':
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135]   X-Powered-By: PHP/5.6.4-4
[proxy_fcgi:trace4] [pid 9794:tid 140072323774208] util_script.c(523): [client 1.2.3.4:61135]   Content-type: text/html; charset=UTF-8
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/rss+xml'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match

[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/x-javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/javascript'
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'application/ecmascript'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(181): [client 1.2.3.4:61135] ... did not match 'text/css'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' did not match
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(169): [client 1.2.3.4:61135] Content-Type 'text/html; charset=UTF-8' ...
[filter:trace4] [pid 9794:tid 140072323774208] mod_filter.c(175): [client 1.2.3.4:61135] ... matched 'text/html'
[filter:trace2] [pid 9794:tid 140072323774208] mod_filter.c(188): [client 1.2.3.4:61135] Content-Type condition for 'deflate' matched

[proxy:debug] [pid 9794:tid 140072323774208] proxy_util.c(2146): AH00943: FCGI: has released connection for (*)
[headers:trace2] [pid 9794:tid 140072323774208] mod_headers.c(874): AH01502: headers: ap_headers_output_filter()
[http:trace3] [pid 9794:tid 140072323774208] http_filters.c(1045): [client 1.2.3.4:61135] Response sent with status 200, headers:
[...]

[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1052): [client 1.2.3.4:61135]   Date: Thu, 15 Jan 2015 23:53:47 GMT
[http:trace5] [pid 9794:tid 140072323774208] http_filters.c(1055): [client 1.2.3.4:61135]   Server: Apache
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Powered-By: PHP/5.6.4-4
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Frame-Options: SAMEORIGIN
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Vary: Accept-Encoding
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-XSS-Protection: 1; mode=block
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Content-Security-Policy: allow 'self';
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   X-Frame-Options: DENY
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Content-Length: 2
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Keep-Alive: timeout=5, max=100
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Connection: Keep-Alive
[http:trace4] [pid 9794:tid 140072323774208] http_filters.c(874): [client 1.2.3.4:61135]   Content-Type: text/html; charset=UTF-8

Как видите, между этими двумя до разницы нет

 AH00947: connected /var/www/html/index.php to httpd-UDS:0

.

Кто-нибудь сталкивался с подобной проблемой и знает решение?
Дальше я данные из tcpdump (в то время как PHP5-FPM прослушивал порт TCP вместо использования сокета, и я данные от прослушивания сокета.
Если они нужны, пожалуйста, дайте мне знать — я не хотел делать вопрос слишком большим.

.

Редактировать:

Я провел дальнейшие исследования в надежде локализовать проблему.
Может быть, это помогает нам дальше …

Страница состояния PHP-FPM
Разница между включенным и выключенным chroot

strace для рабочего процесса (chroot = off)

accept(0, {sa_family=AF_INET, sin_port=htons(50759), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1397, 223489054}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718096640
poll([{fd=5, events=POLLIN}], 1, 5000)  = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8)         = 8
read(5, "\0\1\1\0\0\0\0\0", 8)          = 8
read(5, "\1\4\0\1\3\341\0\0", 8)        = 8
read(5, "\t\30UNIQUE_IDVLmGr38AAQEAAAVjkB4AAAAE\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8)          = 8

lstat("/var/www/html/index.php", {st_mode=S_IFREG|0644, st_size=538, ...}) = 0
lstat("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

.
strace для рабочего процесса (chroot = on)

accept(0, {sa_family=AF_INET, sin_port=htons(50751), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
clock_gettime(CLOCK_MONOTONIC, {1208, 313176419}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718077750
poll([{fd=5, events=POLLIN}], 1, 5000)  = 1 ([{fd=5, revents=POLLIN}])
read(5, "\1\1\0\1\0\10\0\0", 8)         = 8
read(5, "\0\1\1\0\0\0\0\0", 8)          = 8
read(5, "\1\4\0\1\3\341\0\0", 8)        = 8
read(5, "\t\30UNIQUE_IDVLmF8n8AAQEAAAVjkB0AAAAS\21\1proxy-nokeepalive1\t&HTTP_HOSTexample.com\17\nHTTP_CONNECTIO"..., 993) = 993
read(5, "\1\4\0\1\0\0\0\0", 8)          = 8

lstat("/var/www/html/index.php", 0x7fff98aa5d20) = -1 ENOENT (No such file or directory)
stat("/var/www/html", 0x7fff98aa8160)   = -1 ENOENT (No such file or directory)
stat("/var/www", 0x7fff98aa8160)        = -1 ENOENT (No such file or directory)
stat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("", 0x7fff98aa8160)                = -1 ENOENT (No such file or directory)

1

Решение

Когда вы используете директиву

<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"</FilesMatch>

путь к сценарию, отправленный на прокси-сервер, — это полный путь к файлу, который соответствует FilesMatch, но этот путь не существует в chroot.

Установка doc_root в php.ini решает эту проблему

2

Другие решения

Других решений пока нет …