K
Q

nginx - php-fpm Forbidden if the index.php is not present in nginx folder

8/22/2018

we are trying to deploy an application on GCP with kubernetes. We create a container/pod only with PHP-FPM and another with NGINX.

We make the deploy and all works but when we try to get the 'helloword' php file called index.php we receive an error 403 Forbidden from the NGINX serve.

So I try to enter into the NGINX pod and add manually the index.php at the root of php project ( /var/www/html/symfony/public ). And when I do this, magically NGINX return the PHP-FPM script, NOT the file created inside the pod. In order to let you understand I attach the NGINX configuration

      server {
      index index.php index.html;
      server_name php-docker.local;
      error_log  /var/log/nginx/error.log;
      access_log /var/log/nginx/access.log;
      root /var/www/html/symfony/public;

      location ~ \.php$ {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass symfony:9000;
          fastcgi_index index.php;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
      }
  }

The NGINX server redirect the requests to the PHP-FPM server using kubernetes DNS symfony:9000

[EDIT]

Yes I also have a service to allow NGINX to comunicate with PHP-FPM :

apiVersion: apps/v1
kind: Deployment
metadata:
  name: symfony
  namespace: default
  labels:
    app: symfony
spec:
  selector:
    matchLabels:
      app: symfony
  replicas: 1
  template:
    metadata:
      labels:
        app: symfony
        tier: back
    spec:
      containers:
      - name: symfony
        image: gcr.io/myphone-mmpk/symfony:v.80
        #TODO: REMOVE THIS
        imagePullPolicy: Always
        ports:
          - containerPort: 9000
        resources:
          requests:
            memory: 16Mi
            cpu: 1m
          limits:
            memory: 128Mi
            cpu: 20m
---
kind: Service
apiVersion: v1
metadata:
  name: symfony
  namespace: default
spec:
  selector:
    app: symfony
  type: NodePort
  ports:
  - protocol: TCP
    port: 9000
    targetPort: 9000

and this is the manifest of nginx of ku8 :

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      volumes:
        - name: html
          emptyDir: {}
        - name: nginx
          configMap:
            name: nginx-configmap
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
        - mountPath: /etc/nginx/conf.d
          name: nginx
        - mountPath: /var/www/html/symfony/public
          name: html
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configmap
  namespace: default
data:
  default.conf: |
      server {
          index index.php index.html;
          server_name php-docker.local;
          error_log  /var/log/nginx/error.log;
          access_log /var/log/nginx/access.log;
          root /var/www/html/symfony/public;

          location ~ \.php$ {
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_pass symfony:9000;
              fastcgi_index index.php;
              include fastcgi_params;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              fastcgi_param PATH_INFO $fastcgi_path_info;
          }
      }
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
  name: nginx-hpa
  namespace: default
  labels:
    app: nginx
spec:
  scaleTargetRef:
    kind: Deployment
    name: nginx
    apiVersion: apps/v1
  minReplicas: 1
  maxReplicas: 5
  targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: default
  labels:
    app: nginx
spec:
  ports:
  - protocol: TCP
    port: 80
  selector:
    app: nginx
  type: LoadBalancer
  loadBalancerIP: ~
-- Alessandro Candon
fpm
google-cloud-platform
kubernetes
nginx
php

Similar Questions

can't join kubernetes cluster; connection refused
Label for Quota on Kubernetes
Can't to add namespace field to roleRef in RoleBinding
Kubernetes pod cpu usage percentage
Istio labels mismatch
Install Minikube using private registry
Solution to mount a persistent "dynamic" file in Kubernetes

2 Answers

8/22/2018

You need to create a kubernetes service for each describing the exposed ports for the applications. Or have the containers in the same pod and use localhost:9000

Internal kube DNS will look something like my-svc.my-namespace.svc.cluster.local

You should not need the port information as that will be described in the service.

see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

-- Dan
Source: StackOverflow
8/27/2018

I resolve with this NGINX configuration. Is not a kubernetes problem...

      server {
      server_name php-docker.local;
      error_log  /var/log/nginx/error.log;
      access_log /var/log/nginx/access.log;
      root /var/www/html/symfony/public;

      proxy_buffering off;

      location = /nginx-health {
          access_log off;
          return 200 "healthy\n";
      }

      location / {
          try_files $uri /index.php$is_args$args;
      }

      location ~ \.php {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass symfony:9000;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param DOCUMENT_ROOT $document_root;
          internal;
      }
      location ~ \.php$ {
              return 404;
      }
  }
-- Alessandro Candon
Source: StackOverflow