Using ProxyPassMatch for FastCGI, results in connection refused on port 9000
Solution 1
Check if PHP-FPM
is running. The error log says that apache
can't make connection to 127.0.0.1:9000. Make it running and (maybe) the error will go.
Also check if PHP-FPM
running via socket. Maybe it's running but not listening in TCP/IP stack.
Solution 2
Per Chris's comment, I just wanted to add if apache/php does support socket connections (looks like if apache > 2.4.10, it can support it), you can also change to use that in your apache config. I checked the php vi /etc/php/7.0/fpm/pool.d/www.conf file to see what socket listening to in the listen line:
listen = /run/php/php7.0-fpm.sock
Then added that to my /etc/apache2/sites-enabled/000-default.conf file (or whatever website you want to enable on)...
<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
# SetHandler "proxy:unix:/var/run/php?-fpm.sock|fcgi://localhost/"
# Else we can just use a tcp socket:
# SetHandler "proxy:fcgi://127.0.0.1:9000"
SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>
Then restart the web server and then index.php shows up for me:
sudo service apache2 restart
Related videos on Youtube
Chris Rockwell
Updated on September 18, 2022Comments
-
Chris Rockwell almost 2 years
I'm not certain if this is a php, apache, or iptables configuration issue but I receive the following error when trying to access a
.php
file. Please let me know if you need more information to help me diagnose, I'm at a loss for what to check next. Thank you.error.log
:[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed [Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1
I followed this guide and an running PHP 5.5.9 and Apache 2.4.7
I do have the
mod_proxy
andmod_proxy_so
modules loaded:# grep LoadModule /etc/apache2/apache2.conf LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
Here is the ProxyPassMatch directive:
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1
I have also tried to use UDS with the following directive, but the apache config test complains about an absolute url:
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/
Here is
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port- unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:finger ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:webmin ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
-
masegaloeh about 10 yearsCheck if
php-fpm
not running via socket. Trynetstat -tulpn | grep 9000
-
Chris Rockwell about 10 yearsThanks @masegaloeh. It was not running so I looked at
pool.d/www.conf
and, sure enough, it was not listening on127.0.0.1:9000
. It's working after editing it. If you care to phrase that as an answer I'll accept.
-
-
Chris Rockwell about 10 yearsThanks -
php-fpm
was set to listen to the.sock
so modifying thepool.d/www.conf
file to havelisten=127.0.0.1:9000
solved it.