Nginx

1.6.1/1.7.4 and newer breaks FastCGI

Bug #1366651 reported by Stephen Rees-Carter on 2014-09-08
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Nginx
Won't Fix
Undecided
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

The nginx 1.6.1 update (from 1.6.0) breaks fastcgi / php5-fpm by changing the configuration file. The rest is a blank white page and no error messages thrown for any PHP scripts which are requested via nginx.

Using the PPA at: https://launchpad.net/~nginx/+archive/ubuntu/stable

In 1.6.0 you'd do something like this to use fastcgi / php5-fpm:

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

However after upgrading to 1.6.1, you need to update the include line to this:

        include fastcgi.conf;

This is a massive problem for a patch release. Websites will go offline if anyone does an apt-get update...

Debugging information from my etckeeper log of the update:

Package changes:
-nginx 1.6.0-1+trusty0
-nginx-common 1.6.0-1+trusty0
-nginx-full 1.6.0-1+trusty0
+nginx 1.6.1-2+trusty0
+nginx-common 1.6.1-2+trusty0
+nginx-full 1.6.1-2+trusty0

diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf
new file mode 100644
index 0000000..ac9ff92
--- /dev/null
+++ b/nginx/fastcgi.conf
@@ -0,0 +1,25 @@
+
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;

diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params
index 4ee14e9..71e2c2e 100644
--- a/nginx/fastcgi_params
+++ b/nginx/fastcgi_params
@@ -1,25 +1,24 @@
-fastcgi_param QUERY_STRING $query_string;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;

-fastcgi_param SCRIPT_FILENAME $request_filename;
-fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;

-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param HTTPS $https if_not_empty;

-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

-fastcgi_param HTTPS $https if_not_empty;
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
+fastcgi_param REDIRECT_STATUS 200;

Let me know what else you need from me.

I'm running Ubuntu Server 14.04 x64.

See original description
Stephen Rees-Carter (valorin) on 2014-09-08
description: updated
Stephen Rees-Carter (valorin) wrote :

It looks like this has been introduced as part of this fix:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718639

" * debian/conf/fastcgi_params:
     + Sync with upstream and remove `SCRIPT_FILENAME` parameter.
       This change might break fastcgi sites. (Closes: #718639)"

Definitely not something that should be put in a patch release...

Thomas Ward (teward) wrote :

Here's really what happens with the PPAs, as an FYI.

First, nginx announces a new version release/bump. Second, the PPA gets updated when Debian publishes the new package/packaging. Thirdly, that package is downloaded and rebuilt for Ubuntu Precise/Trusty/Utopic/$SUPPORTED_RELEASES.

----------

This is the NEWS entry in Debian for this:

nginx-common (1.6.1-2) unstable; urgency=medium

  As of nginx-1.6.1-2 we have synced all configuration files with upstream and
  we plan to keep them in sync from now on.

  Unfortunately that might break existing configuration for some users. Please
  check the matrix below for more information:

  File Changes
  -----------------------
  koi-win whitespace
  koi-utf whitespace
  mime-types whitespace, changed js/rss mime type,
                  minor other changes & additions
  scgi_params whitespace, added HTTPS
  uwsgi_params whitespace, added HTTPS, removed UWSGI_SCHEME
  fastcgi_params whitespace, removed SCRIPT_FILENAME
  fastcgi.conf new upstream configuration file

  Fastcgi configuration issues
  ============================

  nginx shipped a modified `fastcgi_params`, which declared `SCRIPT_FILENAME`
  fastcgi_param. This line has now been removed. From now on we are also
  shipping fastcgi.conf from the upstream repository, which includes a sane
  `SCRIPT_FILENAME` parameter value.

  So, if you are using fastcgi_params, you can try switching to fastcgi.conf
  or manually set the relevant params.

  You might also want to read the documentation section before proceeding.

  http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
  section: $fastcgi_script_name variable.

------

According to this, this is a sync with upstream changes. Therefore, this needs to be handled at the Debian level, rather than the PPA level. The idea is the PPA(s) are near-identical to Debian with only necessary deltas. This NEWS entry actually seems to suggest that Upstream, that is to say, nginx itself, has provided this change, and therefore this isn't a bug we can "fix". Users will need to update their configurations to match the upstream-provided changes.

Changed in nginx:
status: New → Won't Fix
Thomas Ward (teward) wrote :

Marked "Won't Fix" as this decision was made upstream, and is done in accordance with the NEWS entry detailing that the nginx package in Debian is matching the nginx code/configs from upstream.

Stephen Rees-Carter (valorin) wrote :

Frustraiting that this change was made in a patch release, but thank you for spending the time to investigate and explain it

Luckily the fix is easy - and hopefully anyone who is affected can quickly fix things to avoid downtime.

Thomas Ward (teward) on 2014-09-11
summary: - 1.6.1 upgrade breaks fastcgi / php5-fpm with changed config file
+ 1.6.1/1.7.4 and newer breaks FastCGI
tags: added: stable
tags: added: mainline ppa
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.