Category Archives: Web Servers

How I fixed 504 Gateway Timeout error on Nginx + PHP-FPM

Today I got 504 Gateway Timeout error while updating my Joomla website and solved this issue by adding “fastcgi_read_timeout 300” into Nginx virtual host:

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/run/php/www-shar.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
    fastcgi_read_timeout 300;
}

I already had request_terminate_timeout option set to 300s in the pool configuration file:

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 300s

(more…)

Securing Nginx with Let’s Encrypt on Ubuntu 16.04

First we need to install certbot utility:

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx

After that, we can easily generate SSL certificates for all the domains listed in Nginx ‘server_name’ attributes in alive (working) virtual hosts. The examples are:

certbot --nginx certonly -d slogpost.ru -d www.slogpost.ru
certbot --nginx certonly -d psiholog-s-vami.ru -d www.psiholog-s-vami.ru
certbot certonly --nginx --cert-name sharlines.com -d sharlines.com -d www.sharlines.com
certbot certonly --nginx --cert-name developernote.com -d developernote.com -d www.developernote.com -d comprice.developernote.com -d herb.developernote.com -d mastermag.developernote.com -d pechat.developernote.com -d geographx.developernote.com -d geographx.net -d www.geographx.net -d xn--80aajg7ac1agj.xn--p1ai -d www.xn--80aajg7ac1agj.xn--p1ai -d xn--80acc2atiigge7h.xn--p1ai -d www.xn--80acc2atiigge7h.xn--p1ai -d xn--80ajbrkbljkdjhf7k4a.xn--p1ai -d www.xn--80ajbrkbljkdjhf7k4a.xn--p1ai -d doc.developernote.com -d git.developernote.com -d gitweb.developernote.com
certbot --nginx certonly -d milomag.ru,www.milomag.ru,xn--80agwdbl3g.xn--p1ai,www.xn--80agwdbl3g.xn--p1ai

We cannot use wildcard domains line *.developernote.com with Let’s Encrypt, so we should list all the subdomains. And I do not see anything wrong in combining multiple domains in a single certificate.

(more…)

Installing Git on Ubuntu 12.04 and enabling HTTP access with Nginx

Git is a good alternative for developers who need a version control supported on both Windows and Linux platforms. Below I provided basic steps for installing Git on Ubuntu 12.04 and enabling HTTP access to the repositories with Nginx web server.

Installing required packages

First, we need to install Nginx and Git packages:

apt-get install nginx git

by default Nginx processes will run as www-data, (check “user” keyword in /etc/nginx/nginx.conf configuration file). Git installation has not created any user yet.

(more…)

Nginx 502 Bad Gateway error after updating Ubuntu 12.04

Today I updated my Ubuntu Server to 12.04.5 LTS (release 12.04, codename: precise), and got “502 Bad Gateway” on all my websites.

I checked Nginx log files and found that Nginx cannot open the socket created by PHP-FPM:

2014/09/11 19:01:03 [crit] 2741#0: *107 connect() to unix:/var/run/www-devnote.sock failed (13: Permission denied) while connecting to upstream, client: XXX.XX.X.XX, server: ~^(www\.)?(?<domain>.+)$, request: “GET /2014/04/using-a-wpf-control-in-a-mfc-application/ HTTP/1.1”, upstream: “fastcgi://unix:/var/run/www-devnote.sock:”, host: “developernote.com”

(more…)

Setting up Shared Hosting with Nginx on Ubuntu – step by step guide

This is a draft version of the post. It’ll be revised.

Installing Ubuntu Server

  1. Download the latest version of Ubuntu Server. Note that it is not possible to convert Ubuntu 32 bit to 64 bit. The only way is to do a clean install.
  2. Create a bootable USB stick using Pen Drive Linux’s USB Installer.
  3. Boot up from USB and install Ubuntu Server. During the installation you can switch to terminal mode by pressing Alt+F2 and switch back by pressing Alt+F1.

Update the server:

aptitude update
aptitude safe-upgrade

(more…)

How I fixed Nginx 502 Bad Gateway error

Today to my grate surprise I got “502 Bad Gateway” error while trying to open some specific URL on my web site:

Nginx 502 Bad Gateway

I took a look at the Nginx log file located in /var/log/nginx/ directory on my machine and seen the following:

(more…)

Painful bug with apache2-mpm-itk –Apache randomly returns 403 Forbidden

Painful bugToday to my great surprise I notices that my Apache web server randomly returns 403 Forbidden HTTP error code to search engine robots. Yandex Search Engine reported that on my favorite website 263 pages are OK and 210 pages has 403 status and some other site has 394/139 pages respectively.

In Apache error logs I found the following messages:

Permission denied: /home/<site-name>/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

as far as I see they appears whenever this 403 error is reported.

(more…)

Restricting the access to phpmyadmin in Apache 2 on Ubuntu

By default Apache 2 is configured in a way that phpmyadmin is automatically included to all the hosted web sites. For example, if I create a new site ‘site.com’, and then navigate to this address:

http://site.com/phpmyadmin

the phpmyadmin login page appears.

(more…)

Securing Apache web server on Ubuntu Linux

Running Apache virtual hosts as different users

By default, Apache on Ubuntu executes all PHP scripts under www-data user, hence in situations where multiple mutually distrusting users have the possibility to put their PHP scripts on the server they could potentially spy on each other private data.

For example, the user user1 could put a PHP script that access file ‘file1.txt’ belonging to user2:

echo file_get_contents("/home/user2/www/file1.txt");

(more…)