WordPress 502 & 504 Errors NGINX & PHP-FPM
So, my server was doing fine, but recently my WordPress has been getting a lot of 502 and 504 errors – mostly when making updates to the site. I think it’s a PHP-FPM issue and perhaps how my server is configured since I’ve upgraded a couple times and it should be blazing fast – I have the 4GB / 60 GB / 4TB option.
@jtittle I saw you were an expert in this kind of thing.
worker_processes 4; worker_rlimit_nofile 20480;
use epoll; multi_accept on; server_names_hash_bucket_size 64; server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; access_log off; error_log /var/log/nginx/error.log; keepalive_timeout 65; keepalive_requests 100000; sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; client_body_buffer_size 128k; client_max_body_size 24m; client_header_buffer_size 1k; large_client_header_buffers 4 4k; output_buffers 1 32k; postpone_output 1460; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 5; open_file_cache_errors off; gzip on; gzip_vary on; gzip_min_length 1000; gzip_types application/x-javascript application/javascript text/css text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon; gzip_disable "MSIE 3\."; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; log_format download '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$http_range" "$sent_http_content_range"'; map $status $loggable < ~^[23] 0; default 1; >server_tokens off; #include /etc/nginx/naxsi_core.rules; server < listen 80; listen 443 ssl http2; server_name www.nerdlouisville.org *.nerdlouisville.com; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_certificate /etc/letsencrypt/live/nerdlouisville.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nerdlouisville.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/nerdlouisville.org/chain.pem; ssl_session_cache shared:SSL:128m; ssl_session_timeout 1d; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Xss-Protection "1"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; return 301 https://nerdlouisville.org$request_uri; >server < server_name nerdlouisville.org nerdlouisville.com; listen 80; return 301 https://nerdlouisville.org$request_uri; >server < listen 443 ssl http2; server_name nerdlouisville.org; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_certificate /etc/letsencrypt/live/nerdlouisville.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nerdlouisville.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/nerdlouisville.org/chain.pem; ssl_session_cache shared:SSL:128m; ssl_session_timeout 1d; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Xss-Protection "1"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; if ($http_user_agent ~ "MSIE" ) < return 303 https://browser-update.org/update.html; >charset utf-8; root /var/www/html; index index.php index.html index.htm; location / < try_files $uri $uri/ /index.php?q=$uri&$args; >location /forum < try_files $uri @vanilla; >location @vanilla < rewrite ^/forum(/.*) /forum/index.php?p=$uri&$args last; >location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ < expires 5d; >location = /favicon.ico < access_log off; log_not_found off; >location = /robots.txt < access_log off; log_not_found off; >location ~ /\. < log_not_found off; deny all; >location ~ \.php$ < include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; >> upstream backend
nginx / php-fpm error logging
I’m trying to figure out where the PHP errors are going in my setup. I’m running nginx as the reverse proxy to PHP-FPM, but I’m not seeing the various E_NOTICE or E_WARNING messages my app is producing. The only reason I know they’re happening is failed responses and NewRelic catching stack traces. Here’s the logging config: nginx.conf
proxy_intercept_errors on; fastcgi_intercept_errors on; error_reporting = E_ALL display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = On error_log = syslog [global] error_log = /var/log/php-fpm/fpm-error.log [www] access.log = /var/log/php-fpm/access.log access.format = "%t \"%m %r%Q%q\" %s %dms %Mkb %C%%" catch_workers_output = yes php_flag[display_errors] = on php_admin_flag[log_errors] = true :syslogtag, contains, "php" /var/log/php-fpm/error.log I’ve configured PHP to log to syslog, however FPM has no syslog function so it’s logging to a file. I don’t really care where the errors end up, just that they end up somewhere. Any clues on how I might get this to work?
I would try make errors display first (in a test.php file you could manually trigger an error), then put them in a file and so on. . Could be errors triggered are from cli, thus using a different php.ini
Did you try this? php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on
4 Answers 4
Your php-fpm.conf file is not set up to send errors to syslog. See below for an example of how to do this.
; Error log file ; If it's set to "syslog", log is sent to syslogd instead of being written ; in a local file. ; Note: the default prefix is /var ; Default Value: log/php-fpm.log error_log = syslog ; syslog_facility is used to specify what type of program is logging the ; message. This lets syslogd specify that messages from different facilities ; will be handled differently. ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) ; Default Value: daemon ;syslog.facility = daemon ; syslog_ident is prepended to every message. If you have multiple FPM ; instances running on the same server, you can change the default value ; which must suit common needs. ; Default Value: php-fpm ;syslog.ident = php-fpm ; Log level ; Possible Values: alert, error, warning, notice, debug ; Default Value: notice ;log_level = notice Are you sure about your assumption for the rsyslog.conf? That is, are you sure all such syslog messages are tagged with lower-case «php»?
Try setting syslog.facility to something like local2 (or local1, or local7) and replacing your rsyslog.conf config-line accordingly:
local2.* /var/log/php-fpm/error.log When you’re using php-fpm, it appears to override the php.ini settings.
The logging most likely needs to be configured in . /www.conf .
I uncommented these lines in order to grab the PHP logs.
php_admin_value[error_log] = /var/log/php-errors.log php_admin_flag[log_errors] = on The webserver user and group can also be found in this file under lines similar to this (may differ between unix socket & proxy configuration).
listen.owner = www-data listen.group = www-data Then it’s just a matter of creating the file and configuring it properly.
touch /var/log/php-errors.log chmod 644 /var/log/php-errors.log chgrp www-data /var/log/php-errors.log chown www-data /var/log/php-errors.log I believe the log level is still used from php-fpm.conf so you may also need to check this.
Thanks. It works. But adding this line log_level = error would cause an error and stop php-fpm from launching. My php-fpm version is 7.2 .
to get php-fpm errors in nginx error log you need:
as for nginx: it s enough just basic config
# cat default | grep -v "#" server < listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; index index.html; location / < try_files $uri $uri/ =404; >location ~ \.php$ < include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; >> as for php-fpm the main setting is
basically it s enough. but to be on the safe side i would suggest to put the following block in php-fpm config(/etc/php/7.0/fpm/php.ini) :
[PHP] . error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = On log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On . after that all php stack traces will be in
# tail /var/log/nginx/error.log 2023/06/20 23:37:06 [error] 20307#20307: *1 FastCGI sent in stderr: "PHP message: PHP Parse error: syntax error, unexpected '"asd"' (T_CONSTANT_ENCAPSED_STRING) in /var/www/html/php1.php on line 2" while reading response header from upstream, client: 127.0.0.1, server: _, request: "GET /php1.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "localhost" 2023/06/20 23:48:40 [error] 20307#20307: *5 FastCGI sent in stderr: "PHP message: PHP Parse error: syntax error, unexpected '"asd"' (T_CONSTANT_ENCAPSED_STRING) in /var/www/html/php1.php on line 2" while reading response header from upstream, client: 127.0.0.1, server: _, request: "GET /php1.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "localhost" 2023/06/21 00:18:17 [error] 20307#20307: *7 FastCGI sent in stderr: "PHP message: PHP Parse error: syntax error, unexpected '"asd"' (T_CONSTANT_ENCAPSED_STRING) in /var/www/html/php1.php on line 2" while reading response header from upstream, client: 127.0.0.1, server: _, request: "GET /php1.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "localhost:4545" if you want to see php stack traces not in nginx erorr file but instead in a separate file you need to add error_log setting that is
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = On log_errors = On error_log = /var/log/php-errors.log log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On also very important to create /var/log/php-errors.log manually and set proper permisssions because php-fpm wont do that and will continue to transfer error to nginx. so
# touch /var/log/php-errors.log # chown www-data.www-data /var/log/php-errors.log # systemctl restart php7.0-fpm after that nginx error log /var/log/nginx/error.log will be empty but all php-errors will be in /var/log/php-errors.log
How does PHP5-FPM send errors to nginx?
I’ve been experimenting a bit with error logging in php-fpm and nginx since I couldn’t find any good explanation on the web. Most guides said I should change catch_workers_output to yes if I want to send errors from php5-fpm back to nginx. However, during my experiments I’ve found that even when catch_workers_output is set to no , errors are still being logged properly by nginx. Here’s my virtualhost config:
server < server_name domain.com; return 301 http://www.domain.com$request_uri; access_log off; >server < listen 80; listen [::]:80; root /home/websites/domain.com; index index.php index.html index.htm; error_log /home/websites/logs/domain.com/error.log warn; access_log /home/websites/logs/domain.com/access.log; #switch on gzip gzip on; gzip_min_length 1100; gzip_buffers 10 32k; gzip_types text/plain application/x-javascript text/xml text/css; gzip_vary on; location / < try_files $uri $uri/ /index.php?q=$uri&$args; >location ~* .(gif|jpg|jpeg|png|css|js|ico)$ < expires 30d; access_log off; >error_page 404 /404.html; location ~ \.php$ < fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # With php5-cgi alone: # With php5-fpm: fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ># deny access to .htaccess files, if Apache's document root # concurs with nginx's one location ~ /\.ht < deny all; >> Exp 1 poolconf: ; catch_workers_output = no (commented out) php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on ; php_flag[display_errors] = 0 result: errors not shown in browser error written in /var/log/fpm-php.www.log error not written in virtualhost error-log in nginx errors not displayed in stderr when running php5-fpm non-daemonized Exp 2 poolconf: catch_workers_output = yes php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on php_flag[display_errors] = 0 results: no error in browser error written in /var/log/fpm-php.www.log error not written to virtualhost error-log by nginx errors not displayed in stderr when running php5-fpm non-daemonized Exp 3 poolconf: catch_workers_output = yes ; php_admin_value[error_log] = /var/log/fpm-php.www.log ; php_admin_flag[log_errors] = on php_flag[display_errors] = 0 results: no errors in browser error NOT written in /var/log/fpm-php.www.log error WRITTEN to virtualhost error-log by nginx errors DISPLAYED in stderr when running php5-fpm non-daemonized Exp 4 poolconf: ; catch_workers_output = no (commented out) ; php_admin_value[error_log] = /var/log/fpm-php.www.log ; php_admin_flag[log_errors] = on php_flag[display_errors] = 0 results: no errors in browser error NOT written in /var/log/fpm-php.www.log error WRITTEN to virtualhost error-log by nginx errors NOT displayed in stderr when running php5-fpm non-daemonized My question is how does PHP5-FPM send error logs to nginx even if there’s no stderr output (when catch_workers_output=no ) from php-fpm? I cannot find it documented anywhere.