如何解决在nginx上安装roundcube会导致HTTP错误500
我正在尝试使用Nginx在CentOS 7上运行RoundCube。在安装名为iRedMail的软件包时,会通过自动向导来安装Roundcube。
我在roundcube上收到500 HTTP错误。该网站将不会出现。我已经知道这是Nginx和ROUNDCUBE的问题,但无法弄清楚是怎么回事。日志进入var / log / maillog,但是,即使启用了所有调试行,我也无法获得任何错误来开始诊断。
这是我知道的设置:
调试设置
<?PHP
// sql DATABASE
$config['db_dsnw'] = 'MysqLi://roundcube:63tidm76NovJHcIpIqsJaE59kAr7b3Mn@127.0.0.1:3306/roundcubemail';
// LOGGING
$config['log_driver'] = 'syslog';
$config['syslog_facility'] = LOG_MAIL;
// IMAP
$config['default_host'] = '127.0.0.1';
$config['default_port'] = 143;
$config['imap_auth_type'] = 'LOGIN';
$config['imap_delimiter'] = '/';
// required if you're running PHP 5.6 or later
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,'verify_peer_name' => false,),);
// SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,);
// Use user's identity as envelope sender for 'return receipt' responses,// otherwise it will be rejected by iRedAPD plugin `reject_null_sender`.
$config['mdn_use_from'] = true;
// SYstem
$config['force_https'] = true;
$config['login_autocomplete'] = 2;
$config['ip_check'] = true;
$config['des_key'] = 'T594SUCMjhbPBU9JojkkzIpl';
$config['cipher_method'] = 'AES-256-CBC';
$config['useragent'] = 'Roundcube Webmail'; // Hide version number
//$config['username_domain'] = '<<domain>>.com';
$config['mime_types'] = '/etc/mime.types';
$config['max_message_size'] = '15M';
// USER INTERFACE
$config['create_default_folders'] = true;
$config['quota_zero_as_unlimited'] = true;
$config['spellcheck_engine'] = 'pspell';
// USER PREFERENCES
$config['default_charset'] = 'UTF-8';
//$config['addressbook_sort_col'] = 'name';
$config['draft_autosave'] = 60;
$config['default_list_mode'] = 'threads';
$config['autoexpand_threads'] = 2;
$config['check_all_folders'] = true;
$config['default_font_size'] = '12pt';
$config['message_show_email'] = true;
$config['layout'] = 'widescreen'; // three columns
//$config['skip_deleted'] = true;
// PLUGINS
$config['plugins'] = array('managesieve','password');
$config['session_debug'] = true;
$config['sql_debug'] = true;
$config['imap_debug'] = true;
$config['ldap_debug'] = true;
$config['smtp_debug'] = true;
Nginx SSL设置
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
root /var/www/html;
index index.PHP index.html;
include /etc/Nginx/templates/misc.tmpl;
include /etc/Nginx/templates/ssl.tmpl;
include /etc/Nginx/templates/iredadmin.tmpl;
include /etc/Nginx/templates/roundcube.tmpl;
include /etc/Nginx/templates/sogo.tmpl;
include /etc/Nginx/templates/netdata.tmpl;
include /etc/Nginx/templates/PHP-catchall.tmpl;
include /etc/Nginx/templates/stub_status.tmpl;
}
模板
#
# Running Roundcube as a subfolder on an existing virtual host
#
# Block access to default directories and files under these directories
location ~ ^/mail/(bin|config|installer|logs|sql|temp|vendor)($|/.*) { allow all; }
# Block access to default files under top-directory and files start with same name.
location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { allow all; }
# Block plugin config files and sample config files.
location ~ ^/mail/plugins/.*/config.inc.PHP.* { allow all; }
# Block access to plugin data
location ~ ^/mail/plugins/enigma/home($|/.*) { allow all; }
# Redirect URI `/mail` to `/mail/`.
location = /mail {
return 301 /mail/;
}
location ~ ^/mail/(.*\.PHP)$ {
include /etc/Nginx/templates/hsts.tmpl;
include /etc/Nginx/templates/fastcgi_PHP.tmpl;
fastcgi_param SCRIPT_FILENAME /opt/www/roundcubemail/$1;
}
location ~ ^/mail/(.*) {
alias /opt/www/roundcubemail/$1;
index index.PHP;
}
我可以在这里更新什么,以便进行实际的故障排除。 谢谢。
#Update 1:最新日志 / var / log / maillog
Oct 2 19:41:31 mail clamd[2642]: SelfCheck: Database status OK.
Oct 2 19:42:07 mail roundcube: <ep6s2sqc> [1] SELECT `vars`,`ip`,`changed`,Now() AS ts FROM `session` WHERE `sess_id` = 'ep6s2sqc4r5mthn6as1n006ss0';
Oct 2 19:42:07 mail roundcube: <ep6s2sqc> [2] INSERT INTO `session` (`sess_id`,`vars`,`changed`) VALUES ('ep6s2sqc4r5mthn6as1n006ss0','dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=','74.80.18.51',Now());
PHP -m
[root@mail ~]# PHP -m
[PHP Modules]
bz2
calendar
Core
ctype
date
ereg
exif
filter
ftp
gettext
gmp
hash
iconv
libxml
mbstring
mhash
MysqL
MysqLi
MysqLnd
openssl
pcntl
pcre
PDO
pdo_MysqL
pdo_sqlite
posix
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
tokenizer
xml
zlib
[Zend Modules]
PHP-fpm -m
[root@mail ~]# PHP-fpm -m
[PHP Modules]
bz2
calendar
cgi-fcgi
Core
ctype
date
ereg
exif
filter
ftp
gettext
gmp
hash
iconv
libxml
mbstring
mhash
MysqL
MysqLi
MysqLnd
openssl
pcre
PDO
pdo_MysqL
pdo_sqlite
posix
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
tokenizer
xml
zlib
[Zend Modules]
Nginx ERROR.LOG
2020/10/02 14:01:16 [error] 14327#0: *65854 FastCGI sent in stderr: "Primary script unkNown" while reading response header from upstream,client: 176.113.115.214,server: _,request: "GET /vendor/PHPunit/PHPunit/src/Util/PHP/eval-stdin.PHP HTTP/1.1",upstream: "fastcgi://127.0.0.1:9999",host: "173.236.23.110",referrer: "http://173.236.23.110:80/vendor/PHPunit/PHPunit/src/Util/PHP/eval-stdin.PHP"
2020/10/02 16:26:34 [error] 14327#0: *68878 open() "/var/www/html/en/contact.html" Failed (2: No such file or directory),client: 119.3.36.252,request: "GET /en/contact.html HTTP/1.0",host: "www.allbyzip.com"
2020/10/02 19:02:55 [error] 14327#0: *72082 FastCGI sent in stderr: "Primary script unkNown" while reading response header from upstream,request: "GET /index.PHP?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1",host: "173.236.23.110:443"
2020/10/02 19:25:14 [error] 14327#0: *72538 open() "/var/www/html/api/jsonws/invoke" Failed (2: No such file or directory),request: "POST /api/jsonws/invoke HTTP/1.1",host: "173.236.23.110:443"
fastcgi_PHP.tpml
[root@mail ~]# more /etc/Nginx/templates/fastcgi_PHP.tmpl
#
# Template used to handle PHP fastcgi applications
#
# You still need to define `SCRIPT_FILENAME` for your PHP application,and
# probably `fastcgi_index` if your application use different index file.
#
include fastcgi_params;
# Directory index file
fastcgi_index index.PHP;
# Handle PHP files with upstream handler
fastcgi_pass PHP_workers;
# Fix the HTTPROXY issue.
# Reference: https://httpoxy.org/
fastcgi_param HTTP_PROXY '';
[root @ mail〜]#ls -la / opt / www / roundcubemail /
total 404
drwxr-xr-x 13 root root 4096 Jul 4 05:58 .
drwxr-xr-x 5 root root 4096 Sep 29 17:40 ..
drwxr-xr-x 2 root root 4096 Sep 26 15:57 bin
---------- 1 root root 183785 Jul 4 05:58 CHANGELOG
-rw-r--r-- 1 root root 908 Jul 4 05:58 composer.json
-rw-r--r-- 1 root root 940 Jul 4 05:58 composer.json-dist
-rw-r--r-- 1 root root 80538 Jul 4 05:58 composer.lock
drwxr-xr-x 2 root root 4096 Sep 26 15:57 config
-rw-r--r-- 1 root root 2603 Jul 4 05:58 .htaccess
-rw-r--r-- 1 root root 12843 Jul 4 05:58 index.PHP
---------- 1 root root 12850 Jul 4 05:58 INSTALL
d--------- 3 root root 4096 Sep 26 15:57 installer
---------- 1 root root 35147 Jul 4 05:58 LICENSE
drwxr-xr-x 2 Nginx Nginx 4096 Sep 26 15:57 logs
drwxr-xr-x 35 root root 4096 Jul 4 05:58 plugins
drwxr-xr-x 8 root root 4096 Jul 4 05:58 program
drwxr-xr-x 3 root root 4096 Sep 26 20:27 public_html
---------- 1 root root 3810 Jul 4 05:58 README.md
lrwxrwxrwx 1 root root 28 Sep 26 15:25 roundcubemail-1.4.7 -> /opt/www/roundcubemail-1.4.7
drwxr-xr-x 5 root root 4096 Jul 4 05:58 skins
d--------- 7 root root 4096 Jul 4 05:58 sql
drwxr-xr-x 2 Nginx Nginx 4096 Sep 26 15:57 temp
---------- 1 root root 4148 Jul 4 05:58 UPGRADING
drwxr-xr-x 9 root root 4096 Sep 26 15:57 vendor
PHP-fpm.conf
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;
; All relative paths in this configuration file are relative to PHP's install
; prefix.
; Include one or more files. If glob(3) exists,it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/PHP-fpm.d/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
[global]
; Pid file
; Default Value: none
pid = /run/PHP-fpm/PHP-fpm.pid
; Error log file
; Default Value: /var/log/PHP-fpm.log
error_log = syslog
; Log level
; Possible Values: alert,error,warning,notice,debug
; Default Value: notice
;log_level = debug
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
;emergency_restart_threshold = 0
; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated. This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds),m(inutes),h(ours),or d(ays)
; Default Unit: seconds
; Default Value: 0
;emergency_restart_interval = 0
; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds),or d(ays)
; Default Unit: seconds
; Default Value: 0
;process_control_timeout = 0
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
daemonize = no
;;;;;;;;;;;;;;;;;;;;
; Pool DeFinitions ;
;;;;;;;;;;;;;;;;;;;;
; See /etc/PHP-fpm.d/*.conf
[root@mail PHP-fpm.d]# more www.conf
[inet]
user = Nginx
group = Nginx
listen = 127.0.0.1:9999
listen.owner = Nginx
listen.group = Nginx
listen.mode = 0660
; IP addresses must be separated by comma,and no space between comma and ip.
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 100
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 100
pm.status_path = /status
ping.path = /ping
request_terminate_timeout = 60s
request_slowlog_timeout = 10s
;
; Log files
;
access.log = /var/log/PHP-fpm/PHP-fpm.log
slowlog = /var/log/PHP-fpm/slow.log
解决方法
错误消息“主要脚本未知”表明您的php-fpm配置 或 权限问题可能有问题:https://serverfault.com/a/517327/569434 >
我将不断更新我的答案,直到它起作用为止,这是一个复杂的问题,涉及许多无法轻易回答的查询。
生成/自动安装的使用使它更加复杂。
在开始之前,请确保我们正在解决corret问题。 为确保roundcube引起问题,请从nginx中注释掉roundcube配置,然后重新启动它。还有其他功能吗?
请记住,每次在nginx / php配置中进行更改时,都必须重新启动服务!
1)检查您的SCRIPT_FILENAME
我认为您正在尝试在https://example.com/mail
下运行roundcube
确保SCRIPT_FILENAME与roundcube的安装路径匹配。您的情况:/opt/www/roundcubemail/
请发布您的/etc/nginx/templates/fastcgi_php.tmpl
,一个配置可能会覆盖另一个配置:https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
2)NGINX / php-fpm / roundcube权限
nginx&php-fpm服务是否在同一用户下运行? roundcoube安装设置了哪些权限?
ls -la /opt/www/roundcubemail/
php / nginx可以访问这些文件/文件夹吗?
尝试chmod -R 755 /opt/www/roundcubemail/
在您的php-fpm配置中启用:access.log = /var/log/$pool.access.log
。
重新启动nginx和php-fpm以激活更改:systemctl restart php-fpm
和systemctl restart nginx
尝试再次访问roundcube并查看日志文件:tail /var/log/www.access.log
如果看到的“ GET /”没有正确的php文件名,则是您的nginx conf问题。
https://stackoverflow.com/a/40535412/5781499
编辑2020.10.04-14:00 UTC +1
尝试将roundcube安装目录所有者/组设置为nginx:
chown -R nginx:nginx /opt/www/roundcubemail/
让我们在这里开始聊天:https://chat.stackoverflow.com/rooms/222480/room-for-marc-and-arcee123
,首先,在Roundcube config/config.inc.php
$config['debug_level'] = 1;
$config['sql_debug'] = true;
$config['imap_debug'] = true;
$config['ldap_debug'] = true;
$config['smtp_debug'] = true;
在您的Nginx配置中启用错误/访问日志
server {
.....
root /var/www/html;
index index.php index.html;
access_log /var/log/nginx/accesslogfile;
error_log /var/log/nginx/errorlogfile;
.....
}
现在让我们启用php-fpm日志,将其添加到www.conf
php_admin_value[error_log] = /var/log/php-errors.log
php_admin_flag[log_errors] = on
如果使用systemctl,请重新启动Nginx和PHP-FPM进程
systemctl restart nginx
systemctl restart php-fpm
检查两个服务是否都在运行
systemctl status nginx
systemctl status php-fpm
这时,您应该能够看到错误,如果不尝试更改Nginx的server.conf的话
error_log /var/log/nginx/errorlogfile warn;
如果这时您看不到该错误,是否是使用fastcgi_param HTTP_PROXY '';
的任何特定原因?检查您是否在/etc/php-fpm.d/www.conf
中使用same fast_cgi path
listen = 127.0.0.1:9000
和您的站点配置nginx.conf文件
fastcgi_pass 127.0.0.1:9000;
尝试从Nginx配置文件中删除包含文件,并以一个简单的.conf开头,这是一个应该起作用的简单配置文件
server
{
listen 80;
#listen 443 ssl http2;
server_name WWW.YOURDOMAIN.COM;
error_log /var/www/WWW.YOURDOMAIN.COM.log;
root /var/www/html/;
index index.php;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.(php)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
,
您的tail /var/log/nginx/error.log
看起来像是在尝试与我无关的黑客尝试。例如:/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
提示尝试进行代码注入,当composer
项目没有正确设置Web根目录设置时,该注入将起作用。
但是现在,让我们谈谈CentOS ...
请使用安全性上下文更新目录列表:ls -laZ /opt/www/roundcubemail
,因为在安装到/opt
中(并且RPM尚未设置)时,此问题可能与SE Linux有关。从Web根目录外部提供文件还需要SE Linux上下文和标记。
建议检查sealert -a /var/log/audit/audit.log
。
本文可能与您相关:
例如,如果nginx无法连接或中继(可能是第二个),则将允许它:
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_relay 1
以防您需要与此有关的进一步支持;我必须尝试将其设置在新的容器中。通过暂时禁用SE Linux,也可以排除此原因。绝对不建议永久禁用SE Linux,因为它是可靠的安全功能,而不是错误。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。