# nginx tuning : php-pfm alone a in jail.



## oxyaxion (Nov 8, 2014)

Hi guys,

Actually I have www/nginx / www/php-fpm in a jail and MariaDB in another. All is working fine. But I would like to split Nginx/PHP and put PHP alone in this jail for the future (if I want to add other Nginx instances with only one PHP instance).

All my firewall/PHP configurations are fine: telnet conne_ct_ion to the PHP port from the Nginx jail is OK. But in my Nginx log I have this message:

```
2014/11/08 21:11:59 [error] 4208#0: *18 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 95.141.32.46, server: www.pentakonix.fr, request: "GET /? HTTP/1.1", upstream: "fastcgi://10.8.8.6:9000", host: "www.pentakonix.fr"
```

I have tried to follow this tuning of fastcgi_param with no success: http://blog.martinfjordvald.com/2011/01/no-input-file-specified-with-php-and-nginx/.

Is someone using this kind of configuration? Some help would be really appreciated.


----------



## junovitch@ (Nov 9, 2014)

I have a similar setup using a jail with Nginx that handles a bunch of things, then another jail with Serviio media center and a third-party WebUI running on PHP-FPM.  It would help if you post up your Nginx configuration for the site.  In the meantime, mine is below.  Maybe you'll see something here that you missed.

Nginx jail /usr/local/etc/nginx/sites-available/serviio-console:

```
server {
        listen       80;
        server_name  serviio-console;

        access_log   /var/log/nginx/serviio_console_access.log;
        root         /usr/local/www/Web-UI-for-Serviio-Serviio-1.3;

        location / {
            index index.php;
        }
        location ~ \.php$ {
            fastcgi_pass 10.100.102.14:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /usr/local/www/Web-UI-for-Serviio-Serviio-1.3$fastcgi_script_name;
            include fastcgi_params;
        }
        location ~ /\.ht {
            deny all;
        }
    }
```

PHP-FPM Jail /usr/local/etc/php-fpm.conf:

```
listen.allowed_clients = 10.100.102.11,10.100.102.12
```


----------



## oxyaxion (Nov 11, 2014)

Thanks for your help junovitch,

Unfortunately I can't use the full path for my nginx configuration, I have some subdirectories which need to be executed by PHP.

My actual configuration on my test-jail (a clone from my jail-prod).

 /usr/local/etc/nginx/sites/default.site 


```
server {
  server_name www.pentakonix.fr pentakonix.fr;
  add_header  Cache-Control "public";
  add_header  X-Frame-Options "DENY";
  limit_req  zone=gulag burst=200 nodelay;
  expires  max;
  listen 8080;
  charset utf-8;
  include conf.d/ssl;
  root /usr/local/www/mysite;
  index index.html index.htm index.php;

  location = /favicon.ico { return 204; }
#Interdire tous ces repertoire
  location ~* \.(engine|inc|info|_data|install|make|module|profile|test|po|sh|.*sql|theme|sql-dump|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { d
eny all; }

  location = /robots.txt {
  allow all;
  log_not_found off;
  access_log off;
  }

  location ~ /\. {
  deny all;
  access_log off;
  log_not_found off;
  }

  location / {
  #index  index.html index.htm index.php;
  try_files  $uri $uri/ index.php;
  }

  location ~ \.php$ { include conf.d/php-fpm; }

  error_page  500 502 503 504  /50x.html;
  location = /50x.html { root  /usr/local/www/nginx-dist; }

}
```

/usr/local/etc/nginx/conf.d/php-fpm:


```
fastcgi_pass 10.8.8.6:9000;
#fastcgi_param SCRIPT_FILENAME /usr/local/www/mysite$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files  $uri = 404;
fastcgi_split_path_info  ^(.+\.php)(.*)$;
fastcgi_index  index.php;
```


My  php-fpm.conf


```
#Local IP
listen = 10.8.8.6:9000

#JAIL HTTP TEST
listen.allowed_clients = 10.8.8.10
```

 nginx-error.log 

Again and again:

```
2014/11/11 15:29:09 [error] 3161#0: *6 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.0.10, server: www.pentakonix.fr, request: "GET /jrnl/ HTTP/1.1", upstream: "fastcgi://10.8.8.6:9000", host: "192.168.0.15:8080"
```


----------

