I'm currently working on the renewal of my Web plateform and switching from Apache to Nginx.
So I've to test all our administrative and internal applications before doing it.
Well, so far, I didn't face any problems, BUT it would be a little bit too easy without it :D
So, today, I install my supervision plateform using the following component:
- OS: Debian Squeeze 6.0.6
- WebServer: Nginx 1.2.5
- FastCGI: fcgiwrap 1.0.3-3
- PhpCGI: php 5.4.11
- Supervision: Nagios 3.4.3
Here is my directories structure:
/usr/local/$APPNAME$/$SUBTREE$ --> Aim for all binaries and libraries outside the OS.
/etc/$APPNAME$/$SUBTREE$ --> Directory for all binaries configuration files.
/srv/apps/$WEBAPPNAME$/$SUBTREE$/ --> Directory for all HTML/PHP/CGI related files.
Following these I've got:
/usr/local/nagios/ all owned by nagios user/group.
/usr/local/nginx/ all owned by nginx user/group.
/usr/local/fcgiwrap/ all owned by nginx user/group.
/usr/local/phpcgi/ all owned by nginx user/group.
&
/etc/nagios/ all owned by nagios user/group.
/etc/nginx/ all owned by nginx user/group.
&
/srv/app/nagios/{cgi-bin;stylesheets;etc} all owned by nginx.
My PhpCGI Wrapper is running well and serving PHP pages as requested because I've got the Nagios main page correctly displayed.
The problem seems to come from my FastCGI Wrapper which doesn't stop to send a stupid error claiming that it don't have be called with any DOCUMENT_ROOT or SCRIPT_FILENAME parameters.
But, regarding my Nginx Configuration, everything seems to be OK.
I found something related on an other ServerFault question, but the upgrade of the FastCGI wrapper doesn't help me.
Here is my NGinx config:
1 user nginx nginx;
2 worker_processes 4;
3 pid /var/run/nginx/nginx.pid;
4 error_log /var/log/nginx/error.log;
5
6 events {
7 worker_connections 1024;
8 }
9
10
11 http {
12 include mime.types;
13 default_type application/octet-stream;
14 sendfile on;
15 keepalive_timeout 65;
16 gzip on;
17
18 upstream fcgiwrap {
19 server unix:/var/run/fcgiwrap.socket;
20 }
21
22
23 server {
24 listen 443;
25 server_name nagios.domain.tld;
26 root /srv/apps/nagios;
27 ssl on;
28 ssl_certificate /etc/nginx/security/cert.crt;
29 ssl_certificate_key /etc/nginx/security/cert.key;
30 ssl_session_timeout 5m;
31 ssl_protocols SSLv2 SSLv3 TLSv1;
32 ssl_ciphers HIGH:!aNULL:!MD5;
33 ssl_prefer_server_ciphers on;
34
35 charset utf8;
36 access_log /var/log/nginx/access.log;
37
38 location / {
39 index index.php;
40 auth_basic "Nagios Restricted Access";
41 auth_basic_user_file /etc/nagios/passwd.users;
42 }
43
44 location ~\.php$ {
45 auth_basic "Nagios Restricted Access";
46 auth_basic_user_file /etc/nagios/passwd.users;
47 include fastcgi_params;
48 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
49 fastcgi_pass 127.0.0.1:9000;
50 }
51
52 location ~\.cgi$ {
53 auth_basic "Nagios Restricted Access";
54 auth_basic_user_file /etc/nagios/passwd.users;
55 include fastcgi_params;
56 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
57 fastcgi_param AUTH_USER $remote_user;
58 fastcgi_param REMOTE_USER $remote_user;
59 fastcgi_pass fcgiwrap;
60 }
61 }
62 }
the Fcgiwrap socket is handle by nginx, and all my permissions seems good.
So if you have any clue or help, it would be greatly appreciate :D
Thanks in advance.
Look toward your fcgiwrap running as nginx user/group. Not sure about Debian, but in RHEL/CentOS the Nagios RPM install script adds the nagios group to the apache user via:
which can be verified with
This allows Apache to get at Nagios object information/status. You'll want to give nginx the same nagios group privileges.