My Symfony site runs fine when Not Chroot with PHP-FPM. However, when I enable chroot my site breaks with a 500 error and no nginx logs.
The site does initially run but breaks on line 25:
$response = $kernel->handle($request);
I have changed my nginx conf file accordingly to properly execute the site in the chroot environment. Mainly, just replacing $realpath_root
with /public
. The same chroot setup works fine for other sites like WordPress, but it seems Symfony does not.
Here is my php-fpm pool file:
[website.com]
prefix = /srv/web/$pool
user = web
group = web
listen = /run/php/php7.2-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = $prefix
chdir = /
php_admin_value[memory_limit] = 256M
php_admin_value[upload_max_filesize] = 256M
php_admin_value[post_max_size] = 256M
php_admin_value[cgi.fix_pathinfo]=0
php_admin_value[max_execution_time] = 300
php_admin_value[max_input_vars] = 5000
Here is my Nginx server block website.conf:
server {
listen 80;
listen [::]:80;
server_name website.com www.website.com;
root /srv/web/website.com/public;
access_log /var/log/nginx/website.com.access.log;
error_log /var/log/nginx/website.com.error.log;
index index.php index.html;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /public$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /public;
internal;
}
location ~ \.php$ {
return 404;
}
}
Everything works if remove chroot by changing:
chroot = $prefix
chdir = /
to
;chroot = $prefix
;chdir = /
and
fastcgi_param SCRIPT_FILENAME /public$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /public;
to
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
I am assuming that Symfony may not work in this environment or needs some sort of configuration to work. Again, there are no error logs reported in /var/log/nginx/website.com.error.log so it makes it very difficult to understand what the issue is.