When running PHP-FPM (PHP FastCGI Process Manager), it can be configured to listen on a UNIX socket, or a TCP port. When using the latter on an SELinux enabled system, you will receive HTTP 500 Internal Server Errors if SELinux is not configured correctly.
For example, on my system, I’m using the following directive (in my example.com VirtualHost):
|
1 |
FastCGIExternalServer /var/www/www.example.com/htdocs/cgi-bin/php5.fcgi -host 127.0.0.1:9000 |
However, the default value of the httpd_can_network_connect SELinux boolean is false, or off. Therefore, httpd is unable to connect to the PHP-FPM pool listening on 127.0.0.1:9000.
You will see AVC denial messages in /var/log/audit/audit.log such as:
|
1 2 |
type=AVC msg=audit(1373344647.677:17670): avc: denied { name_connect } for pid=24124 comm="httpd" dest=9000 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket |
To fix this issue, set the httpd_can_network_connect SELinux boolean to true, or on, remembering the -P option so that this change persists across system reboots.
|
1 |
# setsebool -P httpd_can_network_connect on |