# php-fpm + nginx + sockets restriction in jail ?



## bryn1u (Oct 27, 2017)

Hello guys,

Im using nginx + php-fpm or apache + proxy_fcgi. In both cases when i want to use socket instead listen 127.0.0.1 i always get permission denied and can't connect through socket. When i use listen on localhost port for example `127.0.0.1:9000` works like a charm. And my question is: does jail have any restriction to block socket connections ?


----------



## SnowCowboy (Oct 29, 2017)

Yes, there is a restriction. You can't get a raw socket within a Jail. This behavior is mentioned in the manual.

You can allow them by adding the following line into /etc/sysctl.conf on the host side:

security.jail.allow_raw_sockets=1​
Mind you are deliberately breaking one of the security stand points and reasons of jails. 

That is only under some circumstances though. If you are the only one managing the whole system, that shouldn't be a big deal. However if you are sharing the host and there is some untrusted users on other jails you'd better investigate further if this is something you can live with or not.


----------



## rigoletto@ (Oct 29, 2017)

There is no need to set `security.jail.allow_raw_sockets=1` for that, unless php and the webserver are running in different jails.

You would just need to set this:

/usr/local/etc/php-fpm.d/www.conf

```
listen = /var/run/php-fpm.sock
```


----------

