"Primary script unknown" after updating NGINX/php-fpm configuration

ℹ️ Support
1

Nextcloud version: 15.0.13
Operating system and version : Fedora 28
nginx version: nginx/1.12.1
PHP version: php:7.3-fpm-alpine3.10

The issue you are facing:
After updating my configuration to match the recommendations published after Urgent security issue in NGINX/php-fpm, my instance is not working.

  • Browsing to it in browser returns the text “File not found”
  • nginx error.log contains: *32965 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream

Is this the first time you’ve seen this error? Yes

Steps to replicate it:

  1. Have nextcloud’s 15.0 fpm-alpine docker image running with the FPM port exposed as 127.0.0.1:19000
  2. Install an nginx configuration derived from documentation
  3. Reload nginx and refresh the nextcloud page

the relevant sections (i guess) of the nginx configuration, included below:

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

The output of your Nextcloud log in Admin > Logging: does not load.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'ocs70lq4nqf1',
  'trusted_domains' => 
  array (
    0 => 'files.fontkeming.fail',
  ),
  'datadirectory' => '/var/www/html/data',
  'overwrite.cli.url' => 'https://files.fontkeming.fail',
  'dbtype' => 'pgsql',
  'version' => '14.0.4.2',
  'dbname' => 'nextcloud',
  'dbtableprefix' => 'oc_',
  'installed' => true,
  'theme' => 'nextcloud-breeze-dark',
  'loglevel' => 2,
  'maintenance' => false,
);

The output of your nginx log in /var/log/nginx:

2019/11/26 12:48:33 [error] 516#0: *32919 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php/204 HTTP/1.1", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:49:01 [error] 516#0: *32962 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:49:02 [error] 516#0: *32965 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:49:02 [error] 516#0: *32965 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /favicon.ico HTTP/2.0", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:53:33 [error] 516#0: *33533 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php/204 HTTP/1.1", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:53:34 [error] 516#0: *33539 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php/204 HTTP/1.1", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 12:58:17 [error] 516#0: *34122 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 71.212.20.39, server: files.fontkeming.fail, request: "GET /index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:19000", host: "files.fontkeming.fail"
2019/11/26 13:00:03 [warn] 8203#0: could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
2

I did have to do what feels like a slightly weird thing: I run the FPM services inside of docker, but my nginx server’s document root is set to an nextcloud 14.0 install on my disk ($OC_VersionString = '14.0.4';) which i’m not sure the provanence of, since it’s not in any of my configuration tracking. I’ll try to update that and see if it helps, though I’m not sure if it’s being used by anything, since it should be going through FPM for the actual PHP execution.

This is the version which I initially installed Nextcloud with on this host, I believe.

Updating this to 15.0.13 did not address this issue with php-fpm

3

Within the nextcloud container’s logs I see, starting from when I turned on the new nginx configuration, to now:

docker[1288]: 172.17.0.1 -  26/Nov/2019:04:45:02 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:45:02 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:49:01 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:49:01 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:49:09 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:49:14 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:49:31 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:51:49 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:51:51 +0000 "- " 200
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:57:50 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:57:52 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:04:58:54 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:01:31 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:03:31 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:08:10 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:13:54 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:14:07 +0000 "POST /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:18:32 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:24:01 +0000 "GET /index.php" 404
docker[1288]: 172.17.0.1 -  26/Nov/2019:05:27:25 +0000 "GET /index.php" 404
systemd[1]: Stopping Nextcloud...
docker[1288]: [26-Nov-2019 05:29:21] NOTICE: Terminating ...
docker[1288]: [26-Nov-2019 05:29:21] NOTICE: exiting, bye-bye!
docker[26337]: nextcloud
systemd[1]: Stopped Nextcloud.
systemd[1]: Started Nextcloud.
...
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:18:31 +0000 "GET /index.php" 404
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:18:34 +0000 "GET /index.php" 404
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:19:06 +0000 "GET /index.php" 404
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:19:40 +0000 "GET /index.php" 404
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:23:32 +0000 "GET /index.php" 404
docker[18534]: 172.17.0.1 -  26/Nov/2019:13:23:34 +0000 "GET /index.php" 404
4

the SCRIPT_FILENAME fastcgi_param needs to be set to the script name inside the container, not to the one outside of it. Changing SCRIPT_FILENAME to /var/www/html/$fastcgi_script_name to match its location within the docker container (which did not match my document_root!) resolves this.

1 Like
5

very nice with this solution!

i changed fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; tofastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name; and it works!

thanks a lot!