After doing an upgrade on my Debian virtual server, which upgraded PHP and Nginx, I got a “502 Bad Gateway” error when browsing websites on that server. This post shows how to fix this problem, and the configuration option to prevent it occurring again on reboot.
tl;dr
Edit /etc/php5/fpm/pool.d/www.conf and uncomment the following:
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Then run:
sudo service php5-fpm restart
Longer answer
As well as the error in the browser, I was getting this error in the Nginx error log:
[crit] 2686#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.50.1, server: [...], request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "[...]"
The problem is caused by the permissions and ownership of the /var/run/php5-fpm.sock file, which after I’d done the upgrade change to something like root:root and 0660, so it couldn’t be accessed by the www-data user which Nginx was running as.
The immediate solution is to change the permissions and/or ownership of the file like so:
chmod 0666 /var/run/php5-fpm.sock
OR
chmod 0660 /var/run/php5-fpm.sock chown www-data:www-data /var/run/php5-fpm.sock
The only catch is this won’t persist after the server is restarted. To prevent the issue from occurring again, edit the /etc/php5/fpm/pool.d/www.conf file:
sudo nano /etc/php5/fpm/pool.d/www.conf
Locate the following lines and uncomment them:
listen.owner = www-data listen.group = www-data listen.mode = 0660
If you already changed the ownership/permissions of the socket file as shown above, then you don’t need to do anything else now. If you didn’t, then run this:
sudo service php5-fpm restart
This re-creates the socket file with the ownership and permissions as configured in the file.