A complicated nginx/php-fpm chroot setup

Rsaesha asked:

I’m running nginx and php-fpm, and I want to set up jails for each host. My setup is a little complicated, so following tutorials on the web gets me nowhere.

Each site has a directory /var/www/domain.name/

Inside that directory, there will be a public/ directory which will be the website root, a logs/ directory which will store nginx logs for that site specifically, and the chroot filesystem (etc/, usr/, etc.)

The first problem I’ve run into is that nomatter how I configure it, PHP-FPM cannot find the files that are passed to it via nginx. They result in a “Primary script unknown” error, and to make matters worse, the error messages from PHP-FPM are no more verbose than that, so I can’t figure out what path is being passed by nginx.

A php-fpm pool configuration for a host looks like this:

user = host
group = www-data
chroot = /var/www/domain.name
chdir = /public
listen =

‘x’ is incremented for each pool.

The nginx config for this host looks like this:

    listen  80;

    server_name     domain.name *.domain.name;

    root            /var/www/domain.name/public;
    index           index.php index.html index.html;

    location ~ \.php$
            expires epoch;

            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_index index.php;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;


I’m guessing that the problem is the SCRIPT_FILENAME parameter, but I’ve changed it to just $fastcgi_script_name, and various other combinations, but to no avail.

Can anyone help?

My answer:

The problem is here:

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Your PHP runs in a chroot in /var/www/domain.name, but your document root is /var/www/domain.name/public. So when you load up /index.php the SCRIPT_FILENAME becomes /var/www/domain.name/public/index.php. But, in the chroot this doesn’t exist! It is at /public/index.php instead.

What you can do is to change the directory here so that it matches the view from the chroot:

            fastcgi_param SCRIPT_FILENAME /public$fastcgi_script_name;

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.