将 ProxyPassMatch 用于 FastCGI，导致端口 9000 上的连接被拒绝

Question

我不确定这是 php、apache 还是 iptables 配置问题，但在尝试访问.php文件时收到以下错误。如果您需要更多信息来帮助我诊断，请告诉我，我不知道接下来要检查什么。谢谢你。

error.log：

[Thu May 08 16:43:15.392784 2014] [proxy:error] [pid 23112] (111)Connection refused: AH00957: FCGI: attempt to connect to 127.0.0.1:9000 (*) failed
[Thu May 08 16:43:15.392891 2014] [proxy_fcgi:error] [pid 23112] [client 74.164.254.206:52788] AH01079: failed to make connection to backend: 127.0.0.1

我按照本指南和运行的 PHP 5.5.9 和 Apache 2.4.7

我确实加载了mod_proxy和mod_proxy_so模块：

# grep LoadModule /etc/apache2/apache2.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so 

这是 ProxyPassMatch 指令：

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/$1

我还尝试将 UDS 与以下指令一起使用，但 apache 配置测试抱怨绝对 url：

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php5-fpm.sock|fcgi://127.0.0.1:80/path/to/root/

这是 iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-   unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:finger
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5   LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Answer 1

检查是否PHP-FPM正在运行。错误日志说apache无法连接到 127.0.0.1:9000。让它运行，（也许）错误就会消失。

还要检查是否PHP-FPM通过套接字运行。也许它正在运行但没有在 TCP/IP 堆栈中侦听。