1 FastCGI 在标准错误中发送：“主要脚本未知”

Question

我第一次使用 Nginx，但我对 Apache 和 Linux 非常熟悉。我正在使用一个现有项目，当我试图查看 index.php 时，我得到一个 404 文件未找到。

这里是 access.log 条目：

2013/06/19 16:23:23 [error] 2216#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.ordercloud.lh"

这里是站点可用的文件：

server {
# Listening on port 80 without an IP address is only recommended if you are not running multiple v-hosts
    listen       80;
# Bind to the public IP bound to your domain
#listen 127.0.0.11:80;
# Specify this vhost's domain name
    server_name www.ordercloud.lh;
    root /home/willem/git/console/frontend/www;
    index index.php index.html index.htm;

# Specify log locations for current site
    access_log /var/log/access.log;
    error_log /var/log/error.log warn;

# Typically I create a restrictions.conf file that I then include across all of my vhosts
#include conf.d/restrictions.conf;
# I've included the content of my restrictions.conf in-line for this example

# BEGIN restrictions.conf
# Disable logging for favicon
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

# Disable logging for robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
# END restrictions.conf

# Typically I create a yiiframework.conf file that I then include across all of my yii vhosts
#include conf.d/yiiframework.conf;
# I've included the content of my yiiframework.conf in-line for this example

# BEGIN yiiframework.conf
# Block access to protected, framework, and nbproject (artifact from Netbeans)
    location ~ /(protected|framework|nbproject) {
        deny all;
        access_log off;
        log_not_found off;
    }

# Block access to theme-folder views directories
    location ~ /themes/\w+/views {
        deny all;
        access_log off;
        log_not_found off;
    }

# Attempt the uri, uri+/, then fall back to yii's index.php with args included
# Note: old examples use IF statements, which nginx considers evil, this approach is more widely supported
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
# END yiiframework.conf

# Tell browser to cache image files for 24 hours, do not log missing images
# I typically keep this after the yii rules, so that there is no conflict with content served by Yii
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 24h;
        log_not_found off;
    }

# Block for processing PHP files
# Specifically matches URIs ending in .php
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_intercept_errors on;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
        #fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
        include fastcgi_params;
        #fastcgi_param  PATH_INFO        $fastcgi_path_info;
        #fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
        fastcgi_pass 127.0.0.1:9000;

    }
}

我的/home/willem/git/console 归 www-data:www-data（我的网络用户运行 php 等）所有，出于沮丧，我已授予它 777 权限...

有人可以建议吗？

Answer 1

来自 fastcgi 服务器的该消息通常意味着它所提供的 SCRIPT_FILENAME 在其文件系统上作为文件未找到或无法访问。

检查 /home/willem/git/console/frontend/www/index.php 上的文件权限

是 644 吗？

还有 /home/willem/git/console/frontend/www/

是 755 吗？

Answer 2

好的，经过一天的挣扎，我发现了 3 件事

1. 出于某种原因，我已经在端口 9000 上运行了一些东西，所以我 改为 9001
2. 我的默认站点拦截了我的新站点，我再次没有 明白为什么，因为它不应该，但我只是取消了它的链接
3. Nginx 不会自动为站点提供符号链接 启用站点。

希望这可以为某人省去一些麻烦！

这里是服务器故障更详细的链接：https://serverfault.com/questions/517190/nginx-1-fastcgi-sent-in-stderr-primary-script-unknown/517207#517207

Answer 3

如果有人遇到同样的错误：在我的情况下，问题是 nginx.conf 中的位置块内缺少根指令，as explained in the Arch wiki

Answer 4

"Primary script unknown" 是由 SELinux 安全上下文引起的。

客户端得到响应

找不到文件。

nginx error.log 有如下错误信息

*19 FastCGI 在 stderr 中发送：“Primary script unknown”同时从上游读取响应头

所以只需将 web 根文件夹的安全上下文类型更改为 httpd_sys_content_t

chcon -R -t httpd_sys_content_t /var/www/show

nginx/php-fpm config 有 3 个用户

/etc/nginx/nginx.conf

user nobody nobody;  ### `user-1`, this is the user run nginx woker process
...
include servers/*.conf;

/etc/nginx/servers/www.conf

location ~ \.php$ {
#   fastcgi_pass 127.0.0.1:9000;  # tcp socket
    fastcgi_pass unix:/var/run/php-fpm/fpm-www.sock;  # unix socket
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

/etc/php-fpm.d/www.conf

[www]
user = apache  ### `user-2`, this is the user run php-fpm pool process
user = apache

;listen = 127.0.0.1:9000  # tcp socket
listen = /var/run/php-fpm/fpm-www.sock  # unix socket

listen.onwer = nobody  ### `user-3`, this is the user for unix socket, like /var/run/php-fpm/fpm-www.sock
listen.group = nobody  # for tcp socket, these lines can be commented
listen.mode = 0660

user-1 和 user-2 不必相同。

对于unix socket，user-1需要和user-3一样， 因为 nginx fastcgi_pass 必须对 unix 套接字具有读/写权限。

否则nginx会得到502 Bad Gateway，并且nginx error.log有如下错误信息

*36 connect() to unix:/var/run/php-fpm/fpm-www.sock 在连接上游时失败（13：权限被拒绝）

Answer 5

我不知道 $document_root 是如何计算的，但我解决了这个问题，通过 确实确保我的文档根目录位于 /usr/share/nginx/ 只是 html 文件夹存在的地方