Today I updated my Ubuntu Server to 12.04.5 LTS (release 12.04, codename: precise), and got “502 Bad Gateway” on all my websites.
I checked Nginx log files and found that Nginx cannot open the socket created by PHP-FPM:
2014/09/11 19:01:03 [crit] 2741#0: *107 connect() to unix:/var/run/www-devnote.sock failed (13: Permission denied) while connecting to upstream, client: XXX.XX.X.XX, server: ~^(www\.)?(?<domain>.+)$, request: “GET /2014/04/using-a-wpf-control-in-a-mfc-application/ HTTP/1.1”, upstream: “fastcgi://unix:/var/run/www-devnote.sock:”, host: “developernote.com”
So I reconfigure my PHP-FPM to create sockets under www-data user (initially they was created as root by default) by adding file socket-owner.conf to /etc/php5/fpm directory containing the following:
; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data listen.mode = 0660
and including it to all pool.d/* files as follows:
[site1] user = nobody group = site1 listen = /var/run/www-site1.sock include=/etc/php5/fpm/socket-owner.conf pm = ondemand pm.max_children = 10 pm.start_servers = 0 pm.min_spare_servers = 0 pm.max_spare_servers = 4 chdir = /
I did not investigate what has been changed in Ubuntu, but looks like new version of Ubuntu does not allow Nginx workers running under www-data to access the sockets created as root with 0660 (srw-rw—-) permissions. To list my sockets I used the following command:
ll /var/run/www-*