php - slim 3 php 应用程序无法在 CentOS 上运行 nginx 访问被拒绝可能是由于 session_start() 函数

问题描述

我最近一直在努力在 macOS 上的 virtualbox 上的 CentOS 7 上安装最新的 nginx 1.14、php 7.2.5 和 mariaDB 10.3.7。

终于 php 工作了，我已经成功地测试了php_info(), index.php，testDBconnection.php甚至重定向到了一个/public文件夹。

但是，将我的 Slim 3 应用程序复制到文件夹时，我收到此错误：

拒绝访问

我通过访问日志# tail /var/log/nginx/error.log，输出如下：

PHP message: PHP Warning:  session_start(): Failed to read session data: files (path: /var/opt/remi/php72/lib/php/session) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5" while reading response header from upstream, client: 192.168.1.71, server: slim3.local, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "slim3.local"
2018/06/23 01:27:40 [error] 2514#2514: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  session_start(): open(/var/opt/remi/php72/lib/php/session/sess_1ncvjg5us9384bs0m6vo0m46k7, O_RDWR) failed: Permission denied (13) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5
PHP message: PHP Warning:  session_start(): Failed to read session data: files (path: /var/opt/remi/php72/lib/php/session) in /usr/share/nginx/html/slim3.local/bootstrap/app.php on line 5" while reading response header from upstream, client: 192.168.1.71, server: slim3.local, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "slim3.local"

app.php 的第 5 行是： session_start();

http://192.168.1.71/而且，实际看到的ip地址看起来很奇怪http://192.168.1.76/

我已使用以下命令更改了/var/opt/remi/php72/lib/php对文件夹session、、opcache&的权限：wsdlcache

# chown nginx:nginx /var/opt/remi/php72/lib/php/session

我已经重新启动了所有：

# systemctl restart php72-php-fpm # systemctl restart nginx

我也试过：

# grep session.save_path  /etc/opt/remi/php72/php.ini
;     session.save_path = "N;/path"
;     session.save_path = "N;MODE;/path"
;session.save_path = "/tmp"
;       (see session.save_path above), then garbage collection does *not*

我重新加载页面“ http://slim3.local ”，我仍然得到同样的access denied错误！

:(

# ls -la 

返回

# ls -lah /var/opt/remi/php72/lib/php/
total 0
drwx------. 5 nginx nginx 53 jun 19 19:51 .
drwxr-xr-x. 7 root  root  71 jun 19 19:51 ..
drwx------. 3 nginx nginx 46 jun 25 19:02 opcache
drwxrwx---+ 2 nginx nginx 84 jun 25 19:02 session
drwx------. 2 nginx nginx  6 may 23 01:59 wsdlcache

www.conf 文件

; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
...
; RPM: apache user chosen to provide access to the same directories as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = nginx
...
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000

; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
...
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/opt/remi/php72/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/opt/remi/php72/lib/php/wsdlcache
php_value[opcache.file_cache]  = /var/opt/remi/php72/lib/php/opcache

在 php.ini 文件中我得到：

...
cgi.fix_pathinfo=1
...
session.save_path = "/var/opt/remi/php72/lib/php/session"
...

nginx default.conf 文件：

server {
    listen   80;
    server_name  localhost;
    root /usr/share/nginx/html;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        #root   /usr/share/nginx/html;
        index  index.html index.htm index.php;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
 # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        try_files      $uri = 404;
        include        /etc/nginx/fastcgi_params;
        root           /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

我的 nginx virtual.conf

server {
        server_name slim3.local;
        root /usr/share/nginx/html/slim3nc.local/public;#without this line, it throws NOT FOUND

        location / {
             index index.html index.htm index.php;
        }

    location ~ \.php$ {
             try_files      $uri = 404;
             include        /etc/nginx/fastcgi_params;
             root           /usr/share/nginx/html/slim3nc.local/public;#Esta carpeta influye más
             fastcgi_pass   127.0.0.1:9000;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             #include /etc/nginx/fastcgi_params;
             #fastcgi_pass 127.0.0.1:9000;
             #fastcgi_index index.php;
             #fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/slim3nc.dev$fastcgi_script_name;
        }
}

和命令

# lsattr /var/opt/remi/php72/lib/php/session

返回

---------------- /var/opt/remi/php72/lib/php/session/sess_1ncvjg5us9384bs0m6vo0m46k7
---------------- /var/opt/remi/php72/lib/php/session/sess_923979fqgr7r807majmn114vuk

测试状态

# sestatus

它返回

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

如果我申请

# setenforce 0

它返回

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

此外，我尝试在 Slim3 容器设置上更改缓存路径中的设置，但没有任何效果:(

$container['view'] = function ($container) {
    $view = new \Slim\Views\Twig(__DIR__ . '/../resources/views', [
        'cache' => false,/*__DIR__ .'/../cache/views', *//* todo 'path/to/cache' on production, we need to set up a directory to cache the views*/
        'debug' => false, /*todo Turn this off in production*/
    ]);

    ...

    return $view;
};

我仍然在空白页中收到消息

拒绝访问

我得到的这个苗条的 3 网络应用程序在任何服务器上都不起作用：centOS 7 生产、laravel homestead、ubuntu 16，......它根本不起作用！！！我错过了什么？

我该如何解决？？

-> 同时我正在使用 Laravel ...

标签： phpnginxcentos7slim