I copied most of the config files for PHP-FPM from the old 2016 era Fedora server to Rocky but now I can’t get it to start. The problem seems to be socket permissions.
The pool config files use sockets 127.0.0.1:9002 through :9010 but all of them get error:
May 17 12:05:15 prod02 php-fpm[87897]: [17-May-2023 12:05:15] ERROR: unable to bind listening socket for address ‘127.0.0.1:90xx’: Permission denied
According to the docs the socket permission must be the same as the running process and the socket is created in the path so I changed the permissions of the start path (/usr/sbin/php-fpm) to user phpfpm and also the pool config path (/etc/pools/) to phpfpm but no luck.
First, am I chasing the right problem, and second where should I look next?
Can you look if you can start with just one listener and this one on 9000. Does it start?
Weird, yes started properly so far as I could see. Stopped it and changed back to socket 9002 and won’t start again. What am I missing?
Probably a SElinux context issue, try
semanage port -a -t http_port_t -p tcp 90xx
BTW using a network socket is the old way, still works and useful when the frontend (webserver) and the backend (fpm) are running on different servers.
The modern way is to use a local socket (UDS), ex (from default config):
listen = /run/php-fpm/www.sock
listen.acl_users = apache,nginx
Both httpd and nginx can use such socket
With httpd:
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
With nginx:
server unix:/run/php-fpm/www.sock;
Thanks Remi; that worked and php-fpm is now running. For one of the sockets [9010] I couldn’t do the Selinux thing responded (socket already defined) so I just changed the socket but I had thought that Selinux was inactive at the moment so I’m surprised that I got bitten!
I don’t know much about Unix Domain Sockets so that’s likely to be a learning curve too. and at the moment httpd is giving me grief over the paths so have to fix that first.
John