在 nginx 上安装 roundcube 会导致 HTTP ERROR 500

Question

我正在尝试使用 NGINX 在 CentOS 7 上运行 RoundCube。 Roundcube 的安装是通过一个名为 iRedMail 的软件包安装过程中的自动向导来完成的。

我在 roundcube 上收到 500 HTTP 错误。该网站不会出现。我已经能够判断这是 NGINX 和 ROUNDCUBE 的问题，但无法弄清楚发生了什么。日志转到 var/log/maillog，但是，即使使用了所有调试行，我也无法得到任何错误来开始诊断。

这是我知道的设置：

调试设置

<?php

// SQL DATABASE
$config['db_dsnw'] = 'mysqli://roundcube:63tidm76NovJHcIpIqsJaE59kAr7b3Mn@127.0.0.1:3306/roundcubemail';

// LOGGING
$config['log_driver'] = 'syslog';
$config['syslog_facility'] = LOG_MAIL;

// IMAP
$config['default_host'] = '127.0.0.1';
$config['default_port'] = 143;
$config['imap_auth_type'] = 'LOGIN';
$config['imap_delimiter'] = '/';
// Required if you're running PHP 5.6 or later
$config['imap_conn_options'] = array(
    'ssl' => array(
        'verify_peer'  => false,
        'verify_peer_name' => false,
    ),
);

// SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// Required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array(
    'ssl' => array(
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ),
);

// Use user's identity as envelope sender for 'return receipt' responses,
// otherwise it will be rejected by iRedAPD plugin `reject_null_sender`.
$config['mdn_use_from'] = true;

// SYSTEM
$config['force_https'] = true;
$config['login_autocomplete'] = 2;
$config['ip_check'] = true;
$config['des_key'] = 'T594SUCMjhbPBU9JojkkzIpl';
$config['cipher_method'] = 'AES-256-CBC';
$config['useragent'] = 'Roundcube Webmail'; // Hide version number
//$config['username_domain'] = '<<domain>>.com';
$config['mime_types'] = '/etc/mime.types';
$config['max_message_size'] = '15M';

// USER INTERFACE
$config['create_default_folders'] = true;
$config['quota_zero_as_unlimited'] = true;
$config['spellcheck_engine'] = 'pspell';

// USER PREFERENCES
$config['default_charset'] = 'UTF-8';
//$config['addressbook_sort_col'] = 'name';
$config['draft_autosave'] = 60;
$config['default_list_mode'] = 'threads';
$config['autoexpand_threads'] = 2;
$config['check_all_folders'] = true;
$config['default_font_size'] = '12pt';
$config['message_show_email'] = true;
$config['layout'] = 'widescreen';   // three columns
//$config['skip_deleted'] = true;

// PLUGINS
$config['plugins'] = array('managesieve', 'password');

$config['session_debug'] = true; 
$config['sql_debug'] = true; 
$config['imap_debug'] = true; 
$config['ldap_debug'] = true; 
$config['smtp_debug'] = true;

Nginx SSL 设置

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name _;

    root /var/www/html;
    index index.php index.html;

    include /etc/nginx/templates/misc.tmpl;
    include /etc/nginx/templates/ssl.tmpl;
    include /etc/nginx/templates/iredadmin.tmpl;
    include /etc/nginx/templates/roundcube.tmpl;
    include /etc/nginx/templates/sogo.tmpl;
    include /etc/nginx/templates/netdata.tmpl;
    include /etc/nginx/templates/php-catchall.tmpl;
    include /etc/nginx/templates/stub_status.tmpl;
}

模板

#
# Running Roundcube as a subfolder on an existing virtual host
#
# Block access to default directories and files under these directories
location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { allow all; }

# Block access to default files under top-directory and files start with same name.
location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { allow all; }

# Block plugin config files and sample config files.
location ~ ^/mail/plugins/.*/config.inc.php.* { allow all; }

# Block access to plugin data
location ~ ^/mail/plugins/enigma/home($|/.*) { allow all; }

# Redirect URI `/mail` to `/mail/`.
location = /mail {
    return 301 /mail/;
}

location ~ ^/mail/(.*\.php)$ {
    include /etc/nginx/templates/hsts.tmpl;
    include /etc/nginx/templates/fastcgi_php.tmpl;
    fastcgi_param SCRIPT_FILENAME /opt/www/roundcubemail/$1;
}

location ~ ^/mail/(.*) {
    alias /opt/www/roundcubemail/$1;
    index index.php;
}

我可以在此处更新什么，以便实际进行故障排除。 谢谢。

#Update 1：最新日志 /var/log/maillog

Oct  2 19:41:31 mail clamd[2642]: SelfCheck: Database status OK.
Oct  2 19:42:07 mail roundcube: <ep6s2sqc> [1] SELECT `vars`, `ip`, `changed`, now() AS ts FROM `session` WHERE `sess_id` = 'ep6s2sqc4r5mthn6as1n006ss0';
Oct  2 19:42:07 mail roundcube: <ep6s2sqc> [2] INSERT INTO `session` (`sess_id`, `vars`, `ip`, `changed`) VALUES ('ep6s2sqc4r5mthn6as1n006ss0', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=', '74.80.18.51', now());

php -m

[root@mail ~]# php -m
[PHP Modules]
bz2
calendar
Core
ctype
date
ereg
exif
filter
ftp
gettext
gmp
hash
iconv
libxml
mbstring
mhash
mysql
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
posix
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
tokenizer
xml
zlib

[Zend Modules]

php-fpm -m

[root@mail ~]# php-fpm -m
[PHP Modules]
bz2
calendar
cgi-fcgi
Core
ctype
date
ereg
exif
filter
ftp
gettext
gmp
hash
iconv
libxml
mbstring
mhash
mysql
mysqli
mysqlnd
openssl
pcre
PDO
pdo_mysql
pdo_sqlite
posix
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
tokenizer
xml
zlib

[Zend Modules]

NGINX ERROR.LOG

2020/10/02 14:01:16 [error] 14327#0: *65854 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 176.113.115.214, server: _, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9999", host: "173.236.23.110", referrer: "http://173.236.23.110:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
2020/10/02 16:26:34 [error] 14327#0: *68878 open() "/var/www/html/en/contact.html" failed (2: No such file or directory), client: 119.3.36.252, server: _, request: "GET /en/contact.html HTTP/1.0", host: "www.allbyzip.com"
2020/10/02 19:02:55 [error] 14327#0: *72082 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 176.113.115.214, server: _, request: "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1", upstream: "fastcgi://127.0.0.1:9999", host: "173.236.23.110:443"
2020/10/02 19:25:14 [error] 14327#0: *72538 open() "/var/www/html/api/jsonws/invoke" failed (2: No such file or directory), client: 176.113.115.214, server: _, request: "POST /api/jsonws/invoke HTTP/1.1", host: "173.236.23.110:443"

fastcgi_php.tpml

[root@mail ~]# more /etc/nginx/templates/fastcgi_php.tmpl
#
# Template used to handle PHP fastcgi applications
#
# You still need to define `SCRIPT_FILENAME` for your PHP application, and
# probably `fastcgi_index` if your application use different index file.
#
include fastcgi_params;

# Directory index file
fastcgi_index index.php;

# Handle PHP files with upstream handler
fastcgi_pass php_workers;

# Fix the HTTPROXY issue.
# Reference: https://httpoxy.org/
fastcgi_param HTTP_PROXY '';

[root@mail ~]# ls -la /opt/www/roundcubemail/

total 404
drwxr-xr-x 13 root  root    4096 Jul  4 05:58 .
drwxr-xr-x  5 root  root    4096 Sep 29 17:40 ..
drwxr-xr-x  2 root  root    4096 Sep 26 15:57 bin
----------  1 root  root  183785 Jul  4 05:58 CHANGELOG
-rw-r--r--  1 root  root     908 Jul  4 05:58 composer.json
-rw-r--r--  1 root  root     940 Jul  4 05:58 composer.json-dist
-rw-r--r--  1 root  root   80538 Jul  4 05:58 composer.lock
drwxr-xr-x  2 root  root    4096 Sep 26 15:57 config
-rw-r--r--  1 root  root    2603 Jul  4 05:58 .htaccess
-rw-r--r--  1 root  root   12843 Jul  4 05:58 index.php
----------  1 root  root   12850 Jul  4 05:58 INSTALL
d---------  3 root  root    4096 Sep 26 15:57 installer
----------  1 root  root   35147 Jul  4 05:58 LICENSE
drwxr-xr-x  2 nginx nginx   4096 Sep 26 15:57 logs
drwxr-xr-x 35 root  root    4096 Jul  4 05:58 plugins
drwxr-xr-x  8 root  root    4096 Jul  4 05:58 program
drwxr-xr-x  3 root  root    4096 Sep 26 20:27 public_html
----------  1 root  root    3810 Jul  4 05:58 README.md
lrwxrwxrwx  1 root  root      28 Sep 26 15:25 roundcubemail-1.4.7 -> /opt/www/roundcubemail-1.4.7
drwxr-xr-x  5 root  root    4096 Jul  4 05:58 skins
d---------  7 root  root    4096 Jul  4 05:58 SQL
drwxr-xr-x  2 nginx nginx   4096 Sep 26 15:57 temp
----------  1 root  root    4148 Jul  4 05:58 UPGRADING
drwxr-xr-x  9 root  root    4096 Sep 26 15:57 vendor

php-fpm.conf

;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;

; All relative paths in this configuration file are relative to PHP's install
; prefix.

; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf

;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;

[global]
; Pid file
; Default Value: none
pid = /run/php-fpm/php-fpm.pid

; Error log file
; Default Value: /var/log/php-fpm.log
error_log = syslog

; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = debug

; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
;emergency_restart_threshold = 0

; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated.  This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;emergency_restart_interval = 0

; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;process_control_timeout = 0

; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
daemonize = no

;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;

; See /etc/php-fpm.d/*.conf

.d 文件夹中的唯一文件：www.conf*

[root@mail php-fpm.d]# more www.conf
[inet]
user = nginx
group = nginx

listen = 127.0.0.1:9999
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; IP addresses must be separated by comma, and no space between comma and ip.
listen.allowed_clients = 127.0.0.1

pm = dynamic
pm.max_children = 100
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 100

pm.status_path = /status
ping.path = /ping

request_terminate_timeout = 60s
request_slowlog_timeout = 10s

;
; Log files
;
access.log = /var/log/php-fpm/php-fpm.log
slowlog = /var/log/php-fpm/slow.log

Answer 1

错误消息“primary script unknown”表示您的 php-fpm 配置可能有问题或权限问题：https://serverfault.com/a/517327/569434

我会不断更新我的答案，直到它起作用为止，这是一个复杂的问题，有很多问题不能那么容易回答。

使用生成/自动安装使其更加复杂。

在开始之前，请确保我们正在处理正确的问题。 为确保 roundcube 导致问题，请从 nginx 中注释掉 roundcube 配置并重新启动它。还有什么用？

请记住，每次更改 nginx/php 配置中的某些内容时，都必须重新启动服务！

---

1) 检查您的 SCRIPT_FILENAME

我假设您正在尝试在 https://example.com/mail 下运行 roundcube 确保 SCRIPT_FILENAME 与 roundcube 的安装路径匹配。在你的情况下：/opt/www/roundcubemail/

请发布您的/etc/nginx/templates/fastcgi_php.tmpl，一个配置可能会覆盖另一个配置：https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/

---

2) NGINX/php-fpm/roundcube 权限

nginx&php-fpm 服务是否在同一个用户下运行？ Roundcobe 安装有哪些前提条件？

ls -la /opt/www/roundcubemail/

php/nginx 可以访问这些文件/文件夹吗？ 试试chmod -R 755 /opt/www/roundcubemail/

---

在您的 php-fpm 配置中启用：access.log = /var/log/$pool.access.log。 重启 nginx & php-fpm 以激活更改：systemctl restart php-fpm & systemctl restart nginx

尝试再次访问roundcube并查看日志文件：tail /var/log/www.access.log

如果你看到 "GET /" 没有正确的 php 文件名，那么这是你的 nginx conf 问题。

https://stackoverflow.com/a/40535412/5781499

编辑 2020.10.04 - 14:00 UTC +1

尝试将roundcube安装目录所有者/组设置为nginx： chown -R nginx:nginx /opt/www/roundcubemail/

让我们在这里开始聊天：https://chat.stackoverflow.com/rooms/222480/room-for-marc-and-arcee123

Answer 2

首先，在 Roundcube 中开启调试模式，config/config.inc.php

$config['debug_level'] = 1;
$config['sql_debug'] = true;
$config['imap_debug'] = true;
$config['ldap_debug'] = true;
$config['smtp_debug'] = true;

在您的 Nginx 配置中启用错误/访问日志

server {
    .....
    root /var/www/html;
    index index.php index.html;
    access_log  /var/log/nginx/accesslogfile;
    error_log  /var/log/nginx/errorlogfile;
    .....

}

现在让我们启用 php-fpm 日志，将其添加到 www.conf

php_admin_value[error_log] = /var/log/php-errors.log
php_admin_flag[log_errors] = on

重启 Nginx 和 PHP-FPM 进程，如果你使用 systemctl

systemctl restart nginx 
systemctl restart php-fpm 

检查两个服务是否都在运行

systemctl status nginx 
systemctl status php-fpm 

此时你应该可以看到错误，如果没有尝试在你的 Nginx 的 server.conf 中更改

error_log  /var/log/nginx/errorlogfile warn; 

如果此时您看不到错误，您使用fastcgi_param HTTP_PROXY ''; 的任何特殊原因？检查你是否使用same fast_cgi path，在/etc/php-fpm.d/www.conf

listen = 127.0.0.1:9000

和你的站点配置 nginx.conf 文件

fastcgi_pass 127.0.0.1:9000;

尝试从你的 Nginx 配置文件中删除包含的内容并从一个简单的 .conf 开始，这是一个应该可以工作的简单配置文件

server
{
    listen 80;
    #listen 443 ssl http2;
    server_name WWW.YOURDOMAIN.COM;
    error_log  /var/www/WWW.YOURDOMAIN.COM.log;
    root /var/www/html/;
    index index.php;

    location / {
      try_files $uri $uri/ /index.php?url=$uri;
    }

    location ~ \.(php)$ {
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index  index.php;
      fastcgi_param   HTTPS               on;
      fastcgi_param   HTTP_SCHEME         https;
      fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
  }
}

Answer 3

您的tail /var/log/nginx/error.log 看起来更像是黑客攻击，而不是与我相关。例如：/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 提示尝试进行代码注入，当 composer 项目没有正确设置 web-root 时，这将起作用。

---

但是现在，让我们谈谈 CentOS ...

请使用安全上下文更新目录列表：ls -laZ /opt/www/roundcubemail，因为这个问题很可能与 SE Linux 相关，安装到/opt 时（并且 RPM 没有设置它们）。从 web-root 外部提供文件需要更多 SE Linux 上下文和标志。

建议检查sealert -a /var/log/audit/audit.log。

这篇文章可能与您相关：

• Using NGINX and NGINX Plus with SELinux

例如，如果 nginx 无法连接或中继（可能是第二个），这将允许它：

setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_relay 1

---

如果您需要有关此方面的进一步支持；我得试着把它放在一个新的容器里。也可以通过暂时禁用 SE Linux 来排除这个原因。当然不建议永久禁用 SE Linux，因为它是一项可靠的安全功能，而不是错误。