nginx - php-fpm Forbidden if the index.php is not present in nginx folder
Question
we are trying to deploy an application on GCP with kubernetes. We create a container/pod only with PHP-FPM and another with NGINX.
We make the deploy and all works but when we try to get the 'helloword' php file called index.php we receive an error 403 Forbidden from the NGINX serve.
So I try to enter into the NGINX pod and add manually the index.php at the root of php project ( /var/www/html/symfony/public ). And when I do this, magically NGINX return the PHP-FPM script, NOT the file created inside the pod. In order to let you understand I attach the NGINX configuration
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
The NGINX server redirect the requests to the PHP-FPM server using kubernetes DNS symfony:9000
[EDIT]
Yes I also have a service to allow NGINX to comunicate with PHP-FPM :
apiVersion: apps/v1
kind: Deployment
metadata:
name: symfony
namespace: default
labels:
app: symfony
spec:
selector:
matchLabels:
app: symfony
replicas: 1
template:
metadata:
labels:
app: symfony
tier: back
spec:
containers:
- name: symfony
image: gcr.io/myphone-mmpk/symfony:v.80
#TODO: REMOVE THIS
imagePullPolicy: Always
ports:
- containerPort: 9000
resources:
requests:
memory: 16Mi
cpu: 1m
limits:
memory: 128Mi
cpu: 20m
---
kind: Service
apiVersion: v1
metadata:
name: symfony
namespace: default
spec:
selector:
app: symfony
type: NodePort
ports:
- protocol: TCP
port: 9000
targetPort: 9000
and this is the manifest of nginx of ku8 :
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: html
emptyDir: {}
- name: nginx
configMap:
name: nginx-configmap
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx
- mountPath: /var/www/html/symfony/public
name: html
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: default
data:
default.conf: |
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
namespace: default
labels:
app: nginx
spec:
scaleTargetRef:
kind: Deployment
name: nginx
apiVersion: apps/v1
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
labels:
app: nginx
spec:
ports:
- protocol: TCP
port: 80
selector:
app: nginx
type: LoadBalancer
loadBalancerIP: ~
2 answers
solution1
0 2018-08-22 14:20:31
You need to create a kubernetes service for each describing the exposed ports for the applications. Or have the containers in the same pod and use localhost:9000
Internal kube DNS will look something like my-svc.my-namespace.svc.cluster.local
You should not need the port information as that will be described in the service.
see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
solution2
0 ACCPTED 2018-08-27 13:51:31
I resolve with this NGINX configuration. Is not a kubernetes problem...
server {
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
proxy_buffering off;
location = /nginx-health {
access_log off;
return 200 "healthy\n";
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
internal;
}
location ~ \.php$ {
return 404;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.