Nginx - FastCgi (php-fpm)


Using nginx with php is done trough a FastCgi service known as php-fpm that creates a bridge between nginx and php where Nginx forward the request to the php-fpm service.

The below users should have access to the files otherwise you can get a permission denied error.

  • nginx: the user that runs nginx
  • www-data: or the user running the FastCgi service (php-fpm for instance)
*62 "/www/my.php" is forbidden (13: Permission denied)


server {
    listen      80;
    root        /data/www;

    location / {
        index   index.html index.php;
    location ~ \.php$ {
        fastcgi_pass  localhost:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include   /etc/nginx/fastcgi_params;

A request “/index.php” is handled by the php location block:

  • that passes the request to the FastCGI server listening on localhost:9000.
  • with the parameters:
    • set by the fastcgi_param directive
      • SCRIPT_FILENAME is equal to /data/www/index.php because:
        • the variable document_root is equal to the value of the root directive (/data/www)
        • and the variable fastcgi_script_name is equal to the request URI, i.e. /index.php.
    • set in the fastcgi_params file

fastcgi_params / fastcgi.conf

You might have an:

  • /etc/nginx/fastcgi.conf
  • /etc/nginx/fastcgi_params

that’s installed by default and that you can use with an include directive (to include it in your location block)

cat /etc/nginx/fastcgi_params;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Documentation / Reference

Share this page:
Follow us:
Task Runner