Job for php-fpm.service failed

Installation Issues
1

Hi guys,
I have got an clean SLES 15 SP6 Server and I try to install/configurate Passbolt.
The problem is that the configure script fails when trying to start the php-fpm service.
systemctl status php-fpm output the following:

Blockquote
php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Fri 2024-08-09 16:04:11 CEST; 5min ago
Process: 5890 ExecStart=/usr/sbin/php-fpm --nodaemonize --fpm-config /etc/php8/fpm/php-fpm.conf (code=exited, status=78)
Main PID: 5890 (code=exited, status=78)
CPU: 149ms
Aug 09 16:04:11 systemd[1]: Starting The PHP FastCGI Process Manager…
Aug 09 16:04:11 php-fpm[5890]: [09-Aug-2024 16:04:11] ERROR: unable to bind listening socket for address ‘/run/php-fpm/www.sock’: Permission denied (13)
Aug 09 16:04:11 php-fpm[5890]: [09-Aug-2024 16:04:11] ERROR: FPM initialization failed
Aug 09 16:04:11 systemd[1]: php-fpm.service: Main process exited, code=exited, status=78/CONFIG
Aug 09 16:04:11 systemd[1]: php-fpm.service: Failed with result ‘exit-code’.
Aug 09 16:04:11 systemd[1]: Failed to start The PHP FastCGI Process Manager.

Have anyone an idea what I can do?

The folder /run/php-fpm/ is empty.

1 Like
2

Hello @svi , welcome to the community :slight_smile:

It’s nice to see some SLES installations there :ninja:

I have tried to reproduce the issues but I am not able to, php-fpm should be installed when running sudo bash ./passbolt-repo-setup.ce.sh but not active before running sudo zypper install passbolt-ce-server

ada@localhost:~> sudo systemctl status php-fpm
○ php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; d>
     Active: inactive (dead)

Could you be a bit more precize on when the error appears and what have you done?

3

Hi @antony

After I run sudo bash ./passbolt-repo-setup.ce.sh, I have got the same php-fpm status as you.

I have tried to set the following permissions for the folder. Unfortunately still without success:
sudo chown -R wwwrun:www /run/php-fpm/

If I comment out line 646 in the script /usr/local/bin/passbolt-configure, the installation runs through to the end without any problems. However, I can’t then open passbolt.my.domain.xyz/install to carry out the initial setup.

4

It seems that AppArmor is blocking access to the /run/php-fpm/www.sock socket. Here are some steps you can try to fix the problem:

Create a new file at /etc/apparmor.d/usr.sbin.php-fpm with the following content:

#include <tunables/global>
/usr/sbin/php-fpm {
#include <abstractions/base>
#include <abstractions/apache2-common>
capability dac_override,
capability setgid,
capability setuid,
capability sys_resource,
capability sys_ptrace,
/etc/php8/fpm/** r,
/run/php-fpm/** rw,
/var/log/php-fpm.log rw,
/var/log/php-fpm/*.log rw,
/var/run/php-fpm.pid rw,
/var/lib/php/sessions/** rw,
/tmp/** rw,
}

Load the new profile and set it to permissive mode:

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.php-fpm
sudo aa-complain /etc/apparmor.d/usr.sbin.php-fpm

Check the permissions of the /run/php-fpm directory: Make sure the directory has the correct permissions:

sudo chown -R wwwrun:wwwrun /run/php-fpm
sudo chmod -R 755 /run/php-fpm

Create the temporary file for the socket: If you haven’t already done so, create the file /etc/tmpfiles.d/php-fpm.conf with the following content:

d /run/php-fpm 0755 wwwrun wwwrun -

Restart the PHP-FPM service: Restart the PHP-FPM service to ensure that all changes are applied:

sudo systemctl daemon-reload
sudo systemctl restart nginx
sudo systemctl restart php-fpm

Check the log files for further clues about the problem:

sudo journalctl -u php-fpm

5

@quarkpanzer Thank you very much :slight_smile:
It works.

1 Like