Nginx – Chroot doesn’t work with php-fpm

chrootnginxPHPphp-fpm

i should use chroot for my ftp directory at my site:
My php-fpm.conf:

[mysite.com]
listen = /var/run/php7-fpm-chroot-filemanager.sock
chroot = /var/www/mysite.com/fileman
chdir = /
user = filemanuser
group = filemangroup
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

My nginx.conf part:

    location ~* /fileman/(.+\.php)$
    {

            root /var/www/mysite.com/;
            include /etc/nginx/fastcgi_params;
            if (!-f /var/www/mysite.com$fastcgi_script_name) {
                    return 405;
            }
            fastcgi_index index.php;
            fastcgi_pass unix:/var/run/php7-fpm-chroot-filemanager.sock
            fastcgi_param SCRIPT_FILENAME /var/www/mysite.com$fastcgi_script_name;
    }

After restarting of services, i see at the page:

File not found.

In the logs of nginx:

2017/02/24 20:12:22 [error] 18390#18390: *108 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.110.25, server: www.mysite.com, request: "GET /fileman/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7-fpm-chroot-filemanager.sock:", host: "www.mysite.com"

Without chroot options, everything is ok. Where i have an error ? Please help.

Best Answer

With File not found and Primary script unknown, look at the SCRIPT_FILENAME variable.

That variable passes the pathname of the script to php-fpm. With php-fpm running in a chrooted environment, the pathname must be relative to the chroot directory.

You have already captured most of that modified pathname using the regular expression in the location directive.

For example:

location ~* ^/fileman(/.+\.php)$
{
    root /var/www/mysite.com;
    try_files $uri =405;

    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $1;
    fastcgi_pass unix:/var/run/php7-fpm-chroot-filemanager.sock
}
Related Topic