Hi, I just upgraded the ISPConfig3 to the latest version (v3.2.7p1) in Debian buster Code: # lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster and encountered with `nginx` connection to `php7.3-fpm` as it appears: Code: 2022/01/26 10:10:41 [crit] 21467#21467: *4 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1, server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080" I have tried with `ispconfig_update.sh --force' and allowed to `Reconfigure Services' with no go. In the server `nginx` is running and there are not errors: Code: # sytemctl status nginx -bash: sytemctl: command not found root@server3:~# systemctl status nginx ● nginx.service - nginx - high performance web server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-01-26 10:09:39 CET; 11min ago Docs: https://nginx.org/en/docs/ Process: 21465 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, stat Main PID: 21466 (nginx) Tasks: 3 (limit: 4664) Memory: 17.6M CGroup: /system.slice/nginx.service ├─21466 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf ├─21467 nginx: worker process └─21468 nginx: worker process Jan 26 10:09:39 server3 systemd[1]: Starting nginx - high performance web server... Jan 26 10:09:39 server3 systemd[1]: nginx.service: Can't open PID file /run/nginx.pid Jan 26 10:09:39 server3 systemd[1]: Started nginx - high performance web server. `php7.3-fpm` is running without any issues: Code: # systemctl status php7.3-fpm ● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: ena Active: active (running) since Wed 2022-01-26 10:09:52 CET; 13min ago Docs: man:php-fpm7.3(8) Process: 21484 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php Main PID: 21477 (php-fpm7.3) Status: "Processes active: 0, idle: 6, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 7 (limit: 4664) Memory: 20.0M CGroup: /system.slice/php7.3-fpm.service ├─21477 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf) ├─21478 php-fpm: pool apps-{fpm_domain} ├─21479 php-fpm: pool apps-{fpm_domain} ├─21480 php-fpm: pool ispconfig ├─21481 php-fpm: pool ispconfig ├─21482 php-fpm: pool www └─21483 php-fpm: pool www Jan 26 10:09:51 server3 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager... Jan 26 10:09:52 server3 systemd[1]: Started The PHP 7.3 FastCGI Process Manager. lines 1-20/20 (END) No changes were made to `/etc/php/7.3/fpm/pool.d/www.conf` Code: ; Start a new pool named 'www'. ; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [www] ; Per pool prefix ; It only applies on the following directives: ; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' ; - 'chdir' ; - 'php_values' ; - 'php_admin_valuep `/etc/php/7.3/fpm/pool.d/ispconfig.conf` is also untouched: Code: [ispconfig] listen = /var/lib/php7.3-fpm/ispconfig.sock listen.owner = ispconfig listen.group = ispconfig listen.mode = 0660 user = ispconfig group = ispconfig pm = dynamic pm.max_children = 500 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 5 chdir = / ; php_admin_value[open_basedir] = /usr/local/ispconfig/interface:/usr/local/ispconfig/security:/usr/share:/var/lib/roundcube:/etc/roundcube:/usr/share/roundcube php_admin_value[session.save_path] = /usr/local/ispconfig/interface/temp php_admin_flag[magic_quotes_gpc] = off php_admin_value[memory_limit] = -1 php_admin_value[max_execution_time] = 1200 php has been defaulted to v7.3 for Debian10: Code: # update-alternatives --config php-cgi-bin There are 4 choices for the alternative php-cgi-bin (providing /usr/lib/cgi-bin/php). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/lib/cgi-bin/php8.1 81 auto mode 1 /usr/lib/cgi-bin/php5.6 56 manual mode 2 /usr/lib/cgi-bin/php7.3 73 manual mode * 3 /usr/lib/cgi-bin/php7.4 74 manual mode 4 /usr/lib/cgi-bin/php8.1 81 manual mode Press <enter> to keep the current choice[*], or type selection number: 2 update-alternatives: using /usr/lib/cgi-bin/php7.3 to provide /usr/lib/cgi-bin/php (php-cgi-bin) in manual mode You have new mail in /var/mail/root # update-alternatives --config php-cgi There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/bin/php-cgi8.1 81 auto mode 1 /usr/bin/php-cgi5.6 56 manual mode * 2 /usr/bin/php-cgi7.3 73 manual mode 3 /usr/bin/php-cgi7.4 74 manual mode 4 /usr/bin/php-cgi8.1 81 manual mode Press <enter> to keep the current choice[*], or type selection number: # update-alternatives --config php There are 5 choices for the alternative php (providing /usr/bin/php). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/bin/php.default 100 auto mode 1 /usr/bin/php.default 100 manual mode 2 /usr/bin/php5.6 56 manual mode * 3 /usr/bin/php7.3 73 manual mode 4 /usr/bin/php7.4 74 manual mode 5 /usr/bin/php8.1 81 manual mode Press <enter> to keep the current choice[*], or type selection number: `/etc/php/7.3/fpm/php.ini` has relevant modified lines as of below: Code: cgi.fix_pathinfo=0 ... [Date] date.timezone = "Europe/Rome" `/etc/nginx/sites-available/apps.vhost` and ispconfig.vhost in the same directory have proper pointer to php7.3-fpm path. Tried with chmod to 0660 manually to the error-spewing .sock files without a change: Code: # rg '7.3' /etc/nginx/sites-available/* /etc/nginx/sites-available/apps.vhost 55: fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock; 102: fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock; 152: fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock; /etc/nginx/sites-available/ispconfig.vhost 32: fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock; 55:# fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock; 75:# fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock; # chmod 0660 /var/lib/php7.3-fpm/ispconfig.sock # chmod 0660 /var/lib/php7.3-fpm/apps.sock With all the configs in right place, why the control panel is reporting '502 Bad Gateway' with critical error: Code: *507 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1, server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080" Any clue? Where to look further to sort this out? Thanks.
What version was ISPConfig previously? How come default PHP version got changed? Just updating ISPConfig should not cause that. What do now show commands : Code: update-alternatives --config php update-alternatives --config php-cgi If still problems, do https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
The previous version of ISPConfig was 3.1.15. I have already posted the outputs of the `update-alternatives` above: Code: # update-alternatives --config php There are 5 choices for the alternative php (providing /usr/bin/php). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/bin/php.default 100 auto mode 1 /usr/bin/php.default 100 manual mode 2 /usr/bin/php5.6 56 manual mode * 3 /usr/bin/php7.3 73 manual mode 4 /usr/bin/php7.4 74 manual mode 5 /usr/bin/php8.1 81 manual mode Press <enter> to keep the current choice[*], or type selection number: # update-alternatives --config php-cgi There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/bin/php-cgi8.1 81 auto mode 1 /usr/bin/php-cgi5.6 56 manual mode * 2 /usr/bin/php-cgi7.3 73 manual mode 3 /usr/bin/php-cgi7.4 74 manual mode 4 /usr/bin/php-cgi8.1 81 manual mode I didn't see anything that is not included in the thread, however correct me in case I did. Thanks!
You did chmod that but I don't see the owner/group, verify those are both ispconfig, and check permissions on the full path up to that (ie. check /, /var, and /var/lib). My next thought is to look at apparmor, but that shouldn't change if all you upgraded was ISPConfig, and nothing in the system/php.
Thanks. The owner/group of the sockets are: Code: # ls -la /var/lib/php7.3-fpm/* srw-rw---- 1 ispapps ispapps 0 Jan 26 15:15 /var/lib/php7.3-fpm/apps.sock srw-rw---- 1 ispconfig ispconfig 0 Jan 26 15:15 /var/lib/php7.3-fpm/ispconfig.sock # ls -la /var total 56 drwxr-xr-x 14 root root 4096 Nov 26 2016 . drwxr-xr-x 22 root root 4096 Jan 26 16:56 .. drwxr-x--- 36 root root 4096 Jan 26 15:14 backup drwxr-xr-x 2 root root 4096 Jan 26 14:50 backups drwxr-xr-x 12 root root 4096 Jan 25 20:37 cache drwxr-xr-x 54 root root 4096 Jan 25 22:17 lib drwxrwsr-x 2 root staff 4096 Jul 25 2016 local lrwxrwxrwx 1 root root 9 Jul 25 2016 lock -> /run/lock drwxr-xr-x 12 root root 4096 Jan 26 09:39 log drwxrwsr-x 2 root mail 4096 Jan 26 16:56 mail drwxr-xr-x 2 root root 4096 Jul 25 2016 opt lrwxrwxrwx 1 root root 4 Jul 25 2016 run -> /run drwxr-xr-x 5 root root 4096 Nov 25 2016 spool drwxrwxrwt 6 root root 4096 Jan 26 16:39 tmp drwxr-xr-x 4 vmail vmail 4096 Mar 31 2016 vmail drwxr-xr-x 8 root root 4096 Mar 26 2021 www # ls -la /var/lib [20/49447] total 276 drwxr-xr-x 54 root root 4096 Jan 25 22:17 . drwxr-xr-x 14 root root 4096 Nov 26 2016 .. drwxr-xr-x 9 root root 4096 Jul 11 2017 acme drwxr-x--- 7 amavis amavis 4096 Jan 26 09:39 amavis drwxr-xr-x 6 root root 4096 Jan 26 14:54 apt drwxr-xr-x 2 root root 4096 Jan 25 19:16 aspell drwxr-x--- 2 www-data www-data 65536 Jan 24 00:10 awstats drwxrwxr-x 2 root bind 4096 Nov 25 2016 bind drwxr-xr-x 17 clamav clamav 4096 Jan 26 16:39 clamav drwx------ 2 root root 4096 Jul 25 2016 container drwxr-xr-x 3 root root 4096 Jul 12 2017 dehydrated drwxr-xr-x 3 root root 4096 Nov 25 2016 dictionaries-common drwxr-xr-x 2 root root 4096 Jan 26 09:39 dovecot drwxr-xr-x 8 root root 4096 Jan 26 14:54 dpkg drwxr-xr-x 3 root root 4096 Nov 25 2016 emacsen-common drwxr-xr-x 2 root root 4096 Jan 25 22:18 fail2ban drwxr-xr-x 3 root root 4096 Jan 25 20:37 gems drwxr-xr-x 4 root root 4096 Nov 25 2016 ghostscript drwxr-xr-x 2 root root 4096 Mar 19 2016 git drwxr-xr-x 2 root root 4096 Apr 26 2017 initramfs-tools drwxr-xr-x 2 root root 4096 Jul 25 2016 initscripts drwxr-xr-x 2 root root 4096 Jul 25 2016 insserv drwxr-xr-x 2 root root 4096 Jan 25 19:16 ispell drwxr-xr-x 2 root root 4096 Jan 24 2021 letsencrypt drwxr-xr-x 2 root root 4096 Jan 26 09:39 logrotate drwxr-xr-x 3 root root 4096 Nov 25 2016 mailman drwxr-xr-x 2 root root 4096 Nov 25 2016 man-db drwxr-xr-x 2 root root 4096 Jul 25 2016 misc drwx------ 18 mysql mysql 4096 Jan 26 15:14 mysql drwx------ 2 mysql mysql 4096 Nov 25 2016 mysql-files drwxr-xr-x 7 root root 4096 Nov 25 2016 nginx drwxr-xr-x 2 ntp ntp 4096 Jan 25 19:20 ntp drwxr-xr-x 2 root root 4096 Jan 25 19:16 pam drwxr-xr-x 4 root root 4096 Jun 17 2019 php drwxr-xr-x 3 root root 4096 Jan 25 20:44 php5 drwxr-xr-x 2 root root 4096 Jan 25 20:44 php5-fpm drwx------ 2 root root 4096 Jan 26 15:15 php7.3-fpm drwxr-xr-x 2 root root 4096 Jan 25 18:50 phpmyadmin drwxr-xr-x 3 root root 4096 Jan 25 18:59 polkit-1 drwxr-xr-x 2 postfix postfix 4096 Nov 25 2016 postfix drwx------ 2 root root 4096 Jan 25 19:02 private drwxr-xr-x 2 root root 4096 Jan 25 20:37 python drwxr-xr-x 2 root root 4096 Nov 25 2016 quota drwxr-xr-x 4 root root 4096 Nov 25 2016 rkhunter drwxr-xr-x 3 root root 4096 Jun 17 2019 roundcube drwxr-xr-x 3 root root 4096 Nov 25 2016 snmp drwxr-xr-x 2 root root 4096 Jan 25 19:56 sntp drwxr-xr-x 5 debian-spamd debian-spamd 4096 Nov 25 2016 spamassassin drwxr-xr-x 3 root root 4096 Jan 24 15:47 sudo drwxr-xr-x 7 root root 4096 Dec 4 2016 systemd drwxr-xr-x 3 root root 4096 Jan 26 14:54 ucf drwxr-xr-x 2 root root 4096 Jul 25 2016 update-rc.d drwxr-xr-x 2 root root 4096 Jul 25 2016 urandom drwxr-xr-x 3 root root 4096 Jul 25 2016 vim I guess the above is what thje ownership and permisison were supposed to be. I have no apparmor activated nor installed: Code: # dpkg -l | grep ii | grep apparmor ii libapparmor1:amd64 2.13.2-10 amd64 changehat AppArmor library The list of service enabled does not include apparmor, either: Code: # service --status-all [ + ] amavis [ + ] amavisd-snmp-subagent [ + ] amavis-mc [ + ] bastille-firewall [ - ] bind9 [ - ] bootlogs [ - ] bootmisc.sh [ - ] brightness [ - ] checkfs.sh [ - ] checkroot-bootclean.sh [ - ] checkroot.sh [ + ] clamav-daemon [ + ] clamav-freshclam [ + ] cron [ + ] dovecot [ + ] fail2ban [ - ] fcgiwrap [ - ] gdomap [ - ] haveged [ - ] hostname.sh [ - ] hwclock.sh [ ? ] jailkit [ - ] killprocs [ - ] kmod [ + ] memcached [ ? ] modules_dep.sh [ - ] mountall-bootclean.sh [ - ] mountall.sh [ - ] mountdevsubfs.sh [ - ] mountkernfs.sh [ - ] mountnfs-bootclean.sh [ - ] mountnfs.sh [ + ] mysql [ + ] networking [ + ] nginx [ - ] nginx-debug [ + ] ntp [ + ] openbsd-inetd [ + ] opendkim [ + ] php5.6-fpm [ - ] php5-fpm [ - ] php7.1-fpm [ + ] php7.3-fpm [ + ] php8.1-fpm [ + ] postfix [ + ] procps [ + ] pure-ftpd-mysql [ + ] quota [ - ] quotarpc [ - ] rc.local [ - ] rmnologin [ - ] rsync [ + ] rsyslog [ - ] sendsigs [ - ] spamassassin [ + ] ssh [ - ] sudo [ - ] udev [ - ] umountfs [ - ] umountnfs.sh [ - ] umountroot [ - ] urandom [ - ] wide-dhcpv6-client Or where do I have to look else? Thanks
well, i'd suggest that you change the permissions for php7.3-fpm Code: drwxr-xr-x 4 root root 4096 Jun 17 2019 php drwxr-xr-x 3 root root 4096 Jan 25 20:44 php5 drwxr-xr-x 2 root root 4096 Jan 25 20:44 php5-fpm drwx------ 2 root root 4096 Jan 26 15:15 php7.3-fpm i'd say that folder should be 755, like the others, not 700
