502 Gateway phpmyadmin, roundcube nginx directives

Discussion in 'Installation/Configuration' started by bradgillap, Jun 26, 2014.

  1. bradgillap

    bradgillap New Member

    I'm having a hard time diagnosing this. Everything was working and then something with php or php-fpm updated I think along the way. Anyway I just noticed because it's a personal server but I have a few email addresses tied up on one of these domains that I can't get access to.

    So I am pretty sure it's a socket issue. I tried all 3 in fpm www.conf without success. I think it was on the middle one when it was working.

    Debian wheezy, ispconfig 3

    :confused::confused:

    ;listen = 127.0.0.1:9000
    listen = /tmp/php5-fpm.sock
    ;listen = /var/run/php5-fpm.sock




    Here are the directives that were working in nginx.

    Code:
            location /phpmyadmin {
                   root /usr/share/;
                   index index.php index.html index.htm;
                   location ~ ^/phpmyadmin/(.+\.php)$ {
                           try_files $uri =404;
                           root /usr/share/;
                           fastcgi_pass unix:/var/run/php5-fpm.sock;
                           fastcgi_param HTTPS $https; # <-- add this line
                           fastcgi_index index.php;
                           fastcgi_param SCRIPT_FILENAME $request_filename;
                           include /etc/nginx/fastcgi_params;
                           fastcgi_param PATH_INFO $fastcgi_script_name;
                           fastcgi_buffer_size 128k;
                           fastcgi_buffers 256 4k;
                           fastcgi_busy_buffers_size 256k;
                           fastcgi_temp_file_write_size 256k;
                           fastcgi_intercept_errors on;
                   }
                   location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                           root /usr/share/;
                   }
            }
            location /phpMyAdmin {
                   rewrite ^/* /phpmyadmin last;
            }client_max_body_size 100M;
    
    location /roundcube {
             root /var/lib/;
             index index.php index.html index.htm;
             location ~ (.+\.php)$ {
                        try_files $uri =404;
                        include /etc/nginx/fastcgi_params;
                        # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
                        #fastcgi_pass 127.0.0.1:9000;
                        fastcgi_pass unix:/var/run/php5-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_intercept_errors on;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_buffer_size 128k;
                        fastcgi_buffers 256 4k;
                        fastcgi_busy_buffers_size 256k;
                        fastcgi_temp_file_write_size 256k;
             }
             location ~* /.svn/ {
                         deny all;
             }
             location ~* /README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ {
                         deny all;
             }
    }
    location /webmail {
             rewrite ^ /roundcube last;
    }
    

    Code:
    [email protected]:~# netstat -tapn
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      5483/master     
    tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      3588/memcached  
    tcp        0      0 0.0.0.0:6060            0.0.0.0:*               LISTEN      7505/nginx      
    tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      4044/dovecot    
    tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      4044/dovecot    
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7505/nginx      
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      3516/MCMA2_Linux_x8
    tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      7505/nginx      
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      5483/master     
    tcp        0      0 127.0.0.1:9010          0.0.0.0:*               LISTEN      7496/php-fpm.conf)
    tcp        0      0 127.0.0.1:9011          0.0.0.0:*               LISTEN      7496/php-fpm.conf)
    tcp        0      0 127.0.0.1:9012          0.0.0.0:*               LISTEN      7496/php-fpm.conf)
    tcp        0      0 127.0.0.1:9013          0.0.0.0:*               LISTEN      7496/php-fpm.conf)
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      5496/pure-ftpd (SER
    tcp        0      0 199.167.197.34:53       0.0.0.0:*               LISTEN      3477/named      
    tcp        0      0 199.167.197.29:53       0.0.0.0:*               LISTEN      3477/named      
    tcp        0      0 127.0.0.2:53            0.0.0.0:*               LISTEN      3477/named      
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      3477/named      
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3531/dropbear   
    tcp        0      0 127.0.0.1:9015          0.0.0.0:*               LISTEN      7496/php-fpm.conf)
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      5483/master     
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      3477/named      
    tcp        0      0 0.0.0.0:2812            0.0.0.0:*               LISTEN      5545/monit      
    tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      4044/dovecot    
    tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      4044/dovecot    
    tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      5483/master     
    tcp        0      0 127.0.0.1:60559         127.0.0.1:11211         TIME_WAIT   -               
    tcp        0   2024 199.167.197.34:22       198.48.190.5:42453      ESTABLISHED 8031/dropbear   
    tcp        0      0 127.0.0.1:42855         127.0.0.1:80            TIME_WAIT   -               
    tcp        0      0 127.0.0.1:25            127.0.0.1:44490         TIME_WAIT   -               
    tcp        0      0 127.0.0.1:48702         127.0.0.1:22            TIME_WAIT   -               
    tcp        0      0 127.0.0.1:41372         127.0.0.1:53            TIME_WAIT   -               
    tcp        1      0 199.167.197.29:40475    176.32.102.98:80        CLOSE_WAIT  3516/MCMA2_Linux_x8
    tcp6       0      0 :::3306                 :::*                    LISTEN      3972/mysqld     
    tcp6       0      0 :::587                  :::*                    LISTEN      5483/master     
    tcp6       0      0 :::110                  :::*                    LISTEN      4044/dovecot    
    tcp6       0      0 :::143                  :::*                    LISTEN      4044/dovecot    
    tcp6       0      0 :::80                   :::*                    LISTEN      7505/nginx      
    tcp6       0      0 :::465                  :::*                    LISTEN      5483/master     
    tcp6       0      0 :::21                   :::*                    LISTEN      5496/pure-ftpd (SER
    tcp6       0      0 :::53                   :::*                    LISTEN      3477/named      
    tcp6       0      0 :::22                   :::*                    LISTEN      3531/dropbear   
    tcp6       0      0 :::25                   :::*                    LISTEN      5483/master     
    tcp6       0      0 ::1:953                 :::*                    LISTEN      3477/named      
    tcp6       0      0 :::8123                 :::*                    LISTEN      5590/java       
    tcp6       0      0 :::25565                :::*                    LISTEN      5590/java       
    tcp6       0      0 :::8192                 :::*                    LISTEN      5590/java       
    tcp6       0      0 :::993                  :::*                    LISTEN      4044/dovecot    
    tcp6       0      0 :::995                  :::*                    LISTEN      4044/dovecot    
    tcp6       0      0 199.167.197.29:34875    69.197.5.10:1888        TIME_WAIT   -               
    tcp6       0      0 199.167.197.29:38320    69.197.5.10:1888        TIME_WAIT   -               
    tcp6       1      0 199.167.197.29:34193    107.170.1.65:80         CLOSE_WAIT  5590/java       
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56629         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:56848         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56352         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56355         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56560         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56553         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56468         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56470         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56471         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56465         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56466         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56467         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56472         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56473         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56462         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56463         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56457         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:56629         127.0.0.1:3306          ESTABLISHED 5590/java       
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56352         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56355         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56848         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56560         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56553         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56468         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56470         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56471         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56465         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56466         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56467         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56472         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56473         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56462         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56463         ESTABLISHED 3972/mysqld     
    tcp6       0      0 127.0.0.1:3306          127.0.0.1:56457         ESTABLISHED 3972/mysqld   
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    which ispconfig version?
     
  3. bradgillap

    bradgillap New Member

    Sorry, version 3.0.5.4 Patch1
     
  4. dcurrey

    dcurrey Member

    This maybe related to a security patch. The fpm socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability.

    You need to edit /etc/php5/fpm/pool.d/www.conf to match your listen.user and listen.group of you webserver. With ubuntu this is www-data for both.

    For me I just un-commented the following lines and restart php5-fpm

    listen.owner = www-data
    listen.group = www-data

    Note: I didn't need to mess with any of my websites default socket setting since ispconfig set them up as listen.owner = web1 listen.group = client1 for example
     
    Last edited: Jun 27, 2014
    mihail likes this.
  5. bradgillap

    bradgillap New Member

    Thanks for your reply.

    It's also www-data on debian and I just had to uncomment those lines but there was no change.

    Roundcube on individuals accounts gives me a 502 bad gateway but on the main server address for phpmyadmin I get a white page with 502 bad gateway from nginx. So it's definitely between nginx and phpfpm

    Are there any other logs that I can post that may be helpful?
     
  6. dcurrey

    dcurrey Member

    Double check the www.conf file and make sure you have

    listen = /var/run/php5-fpm.sock

    This is what you have in you nginx config above. Make sure the listen.user and listen.group are set you your webserver. You can also try listen.mode = 0660

    Make sure you restart php5-fpm and nginx.

    ls -l the /var/run dir and see what permissions the php5-fpm.sock file has.

    Also what does your /var/log/nginx/error.log show anything for instance I got

    2014/06/24 20:04:25 [crit] 2223#0: *10547 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: X.X.X.X, server: server.example.com, request: "GET /phpmyadmin/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "server.example.com:8081"
     
    Last edited: Jun 27, 2014
  7. bradgillap

    bradgillap New Member

    ahh yes I had it set to /tmp/run

    With the combination of www-data permissions I think that solved my problem. Thank you so much!
     

Share This Page