Support

Admin Tools

#20025 nginx.conf error - Unknown "fastcgi_pass" variable

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 13 May 2014 11:01 CDT

Thursday, 08 May 2014 10:01 CDT

kinwolf
 After I have fixed the errors in thread Your text to link here...

I get a final(at least I hope :P) error. Problem is, it's not descriptive at all. In the the error log there are the following warnings and the error message:

2014/05/08 10:52:16 [warn] 29352#0: duplicate MIME type "text/html" in /var/www/glutenetnous.com/html/nginx.conf:186
2014/05/08 10:52:16 [warn] 29352#0: duplicate MIME type "text/xml" in /var/www/glutenetnous.com/html/nginx.conf:186
2014/05/08 10:52:16 [warn] 29352#0: duplicate MIME type "application/xml" in /var/www/glutenetnous.com/html/nginx.conf:186
2014/05/08 10:52:16 [warn] 29352#0: could not build optimal test_types_hash, you should increase either test_types_hash_max_size: 2048 or test_types_hash_bucket_size: 64; ignoring test_types_hash_bucket_size
2014/05/08 10:52:16 [emerg] 29352#0: unknown "fastcgi_pass" variable

Thursday, 08 May 2014 10:59 CDT

nicholas
As I wrote in the other ticket: normally you should remove any existing SEF rules (e.g. the ones Joomla! tells you to use) when you are using Admin Tools' nginx.conf file. I think that both tickets are the same thing.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 08 May 2014 11:01 CDT

kinwolf
I had to comment all those lines from the .conf file created by admin tools to make it pass without error

######################################################################
## Advanced server protection rules exceptions
######################################################################
location = /administrator\/components\/com_akeeba\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location = /administrator\/components\/com_admintools\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location = /administrator\/components\/com_joomlaupdate\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location ~* ^/templates\/rt_fresco_responsive/.*$
{
	break;
}
Edited by kinwolf on 2014-05-08 11:10 CDT

Thursday, 08 May 2014 11:54 CDT

nicholas
Is it possible that your NginX' PHP FastCGI configuration uses a different token instead of fastcgi_pass? I'm using fastcgi_pass in Admin Tools as this is what I saw being used in Ubuntu, MNPP and the official NginX documentation.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 08 May 2014 12:39 CDT

kinwolf
I am also on ubuntu 12.04 and as far as I know it use fastcgi_pass since this line is in the server block for PHP config and cause no problem.

	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	
	}
Edited by kinwolf on 2014-05-08 12:40 CDT

Thursday, 08 May 2014 13:12 CDT

kinwolf
I don't see fastcgi_pass being defined in nginx.conf that admin tools creates. But maybe it doesn't need to, dunno.

Thursday, 08 May 2014 14:32 CDT

nicholas
The nginx.conf Admin Tools creates is not a full site / server definition. It can never be as this depends heavily on your operating system, how you've set up PHP for use with NginX, location of files etc. What is most important is how you've set up PHP. If you have followed the official documentation then you have set up fastcgi_pass. If you are using a different configuration you should know what to use instead of fastcgi_pass.

Sorry, that's all I can do to help. NginX is very fast and super performant but has the downside that everything in the site configuration is HEAVILY dependent on how you've set up the server. Nothing like .htaccess where you can have pretty much standard code with minor variations across hosts :(

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 08 May 2014 19:33 CDT

kinwolf
Ok, let's forget the Unknown "fastcgi_pass" variable error. I'll re-read the nginx doc and try to figure it out. But I'd like to mention that my vhost file works fine by itself and the website is fully fonctional and fastcgi_pass is declared in the vhost file. It's always when I try to include admin tools nginx.conf file that I get that error(that is, once I fix all the other errors the file creates itself, more on that below)

So, let's forget that error. The thing is, admin tools STILL creates an invalid nginx.conf file that nginx complains about in it's error log file. I listed them all in previous message, but got no answer yet on those problems. I'll relist them here so it's easier than re-reading everything:

Here is the file it creates, unmodified:
### ===========================================================================
### Security Enhanced & Highly Optimized NginX Configuration File for Joomla!
### automatically generated by Admin Tools 3.0.0 on 2014-05-09 00:21:08 GMT
### ===========================================================================
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !!                                                                       !!
### !!  If you get an Internal Server Error 500 or a blank page when trying  !!
### !!  to access your site, remove this file and try tweaking its settings  !!
### !!  in the back-end of the Admin Tools component.                        !!
### !!                                                                       !!
### !!  Remember to include this file in your site's configuration file.     !!
### !!  Also remember to reload or restart NginX after making any change to  !!
### !!  this file.                                                           !!
### !!                                                                       !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###

### Prevent access to this file
location = /nginx.conf {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /nginx.conf.admintools {
	log_not_found off;
	access_log off;
	return 404;
	break;
}
######################################################################
## Disable directory listings
######################################################################
location / {
	autoindex off;
}
######################################################################
## Protect against common file injection attacks
######################################################################
set $file_injection 0;
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
	set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
	set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
	set $file_injection 1;
}
if ($file_injection = 1) {
	return 403;
	break;
}
######################################################################
## Disable PHP Easter Eggs
######################################################################
if ($query_string ~ "\=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}") {
	return 403;
	break;
}
######################################################################
## Block access to configuration.php-dist and htaccess.txt
######################################################################
location = /configuration.php-dist {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /htaccess.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /web.config {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /configuration.php {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /CONTRIBUTING.md {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /joomla.xml {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /LICENSE.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /phpunit.xml {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /README.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /web.config.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}
######################################################################
## Directory indices
## Forces index.php to be read before the index.htm(l) files
######################################################################
index index.php index.html index.htm;
######################################################################
## Set default expiration time
######################################################################
 # CSS and JavaScript : 1 week
location ~* \.(css|js)$ {
		access_log off; log_not_found off;
		expires 1w;
}

# Image files : 1 month
location ~* \.(bmp|gif|jpg|jpeg|jp2|png|svg|tif|tiff|ico|wbmp|wbxml|smil)$ {
		access_log off; log_not_found off;
		expires 1m;
}

# Document files : 1 month
location ~* \.(pdf|txt|xml)$ {
		access_log off; log_not_found off;
		expires 1m;
}

# Audio files : 1 month
location ~* \.(mid|midi|mp3|m4a|m4r|aif|aiff|ra|wav|voc|ogg)$ {
		access_log off; log_not_found off;
		expires 1m;
}

# Video files : 1 month
location ~* \.(swf|vrml|avi|mkv|mpg|mpeg|mp4|m4v|mov|asf)$ {
		access_log off; log_not_found off;
		expires 1m;
}######################################################################
## Redirect non-www to www
######################################################################
if ($host = 'glutenetnous.com' ) {
	rewrite ^/(.*)$ $scheme://www.glutenetnous.com/$1 permanent;
}
# -- Timeout handling, see http://wiki.nginx.org/HttpCoreModule
client_header_timeout 10;
client_body_timeout   10;
send_timeout          30;
keepalive_timeout     30s;
# -- Socket settings, see http://wiki.nginx.org/HttpCoreModule
connection_pool_size        8192;
client_header_buffer_size   4k;
large_client_header_buffers 8 8k;
request_pool_size           8k;
# -- Performance, see http://wiki.nginx.org/HttpCoreModule
sendfile on;
sendfile_max_chunk 1m;
postpone_output 0;
tcp_nopush on;
tcp_nodelay on;
# -- Security options, see http://wiki.nginx.org/HttpCoreModule
server_name_in_redirect off;
server_tokens off;
ignore_invalid_headers on;
# -- Maximum client body size set to 1 Gigabyte
client_max_body_size 1G;set $common_exploit 0;
if ($query_string ~ "proc/self/environ") {
	set $common_exploit 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
	set $common_exploit 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
	set $common_exploit 1;
}
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
	set $common_exploit 1;
}
if ($query_string ~ "GLOBALS(=|\[|\[0-9A-Z]{0,2})") {
	set $common_exploit 1;
}
if ($query_string ~ "_REQUEST(=|\[|\[0-9A-Z]{0,2})") {
	set $common_exploit 1;
}
if ($common_exploit = 1) {
	return 403;
}
## Enable SEF URLs
location = / {
	try_files $uri $uri/ /index.php?$args;
}
location = /index.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
######################################################################
## Advanced server protection rules exceptions
######################################################################location = /administrator\/components\/com_akeeba\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location = /administrator\/components\/com_admintools\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location = /administrator\/components\/com_joomlaupdate\/restore\.php {
	fastcgi_pass $fastcgi_pass;
	break;
}
location ~* ^/templates\/rt_fresco_responsive/.*$
{
	break;
}
######################################################################
## Advanced server protection
####################################################################### Allow media files in select back-end directories
location ~* ^/administrator/(components|modules|templates|images|plugins)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|EOT)$ {
	break;
}

# Allow access to the back-end index.php file
location = /administrator {
	rewrite ^ /administrator/index.php last;
}
location = /administrator/ {
	rewrite ^ /administrator/index.php last;
}
location = /administrator/index.php {
	fastcgi_pass $fastcgi_pass;
	break;
}

# Disable access to everything else.
location ~* /administrator.*$ {
	# If it is a file, directory or symlink and I haven't deliberately
	# enabled access to it, forbid any access to it!
	if (-e $request_filename) {
		return 403;
	}
	# In any other case, just treat as a SEF URL
	try_files $uri $uri/ /administrator/index.php?$args;
}
# Allow media files in select front-end directories
location ~* ^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|EOT)$ {
	break;
}

## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
location ~* ^/includes/js/ {
	return 403;
}
location ~* ^/(cache|includes|language|logs|tmp)/ {
	return 403;
}

# Allow access to the front-end index.php file
location = / {
	rewrite ^ /index.php last;
}
location = / {
	rewrite ^ /index.php last;
}
location = /index.php {
	fastcgi_pass $fastcgi_pass;
	break;
}

# Disable access to everything else.
location ~* /.*$ {
	# If it is a file, directory or symlink and I haven't deliberately
	# enabled access to it, forbid any access to it!
	if (-e $request_filename) {
		return 403;
	}
	# In any other case, just treat as a SEF URL
	try_files $uri $uri/ /index.php?$args;
}
##### Advanced server protection -- END


1- Look at line 234. The line is
######################################################################location = /administrator\/components\/com_akeeba\/restore\.php {

First bug.
The line of code is on the #### line, thus it is ignored


2- Then take a look at lines 224 to 231
location = / {
	try_files $uri $uri/ /index.php?$args;
}
location = /index.php {
	fastcgi_pass $fastcgi_pass;
	break;
}


then take a look at lines 293-302

location = / {
	rewrite ^ /index.php last;
}
location = / {
	rewrite ^ /index.php last;
}
location = /index.php {
	fastcgi_pass $fastcgi_pass;
	break;
}

Bug 2 and 3
Notice the following things:
location = / is defined THREE times total in those 2 blocks.
location = /index.php is defined twice.


That's why I'm pretty sure the fastcgi_pass error is also a bug in the file created, because as it stnds, it doesn't create a valid config file

I hope everything is clear. English is not my first language.
Edited by kinwolf on 2014-05-08 19:37 CDT

Thursday, 08 May 2014 19:53 CDT

kinwolf
m
Edited by kinwolf on 2014-05-08 19:54 CDT

Thursday, 08 May 2014 20:14 CDT

kinwolf
Unknown "fastcgi_pass" variable problem solved. I added 
set $fastcgi_pass "unix:/var/run/php5-fpm.sock";


Only the 3 problems described in the previous post left.

Friday, 09 May 2014 01:58 CDT

nicholas
I believe I have found and fixed the bugs. Can you please download and install the latest developer's release (it's the one at the top of the list)? If you regenerate the conf file it should not have these problems any more.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 09 May 2014 07:28 CDT

kinwolf
Download the dev version, created the nginx.conf file using it.

Bug 1: Fixed. The line is written correctly
Bug 2 & 3 : no more error message in the error log but, the frontend and backend display a blank page. I don't have the time to debug further right now but I'll report back if I find the reason why.
Edited by kinwolf on 2014-05-09 07:29 CDT

Friday, 09 May 2014 08:44 CDT

nicholas
OK, please do. I'll try to debug it over the weekend but I'm not sure how much time I'll have :(

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 10 May 2014 03:59 CDT

nicholas
I did a thorough debugging of the NginX Configuration Maker using MNPP this time. I believe that now it's properly fixed. Can you please take a look at the latest dev release, rev2CF199D?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 11 May 2014 16:22 CDT

kinwolf
I installed the new dev version and the first error I got with the new nginx.conf is a 502 bad gateway. I took a look at the file and found that insteat of seeing the usual:
fastcgi_pass $fastcgi_pass;

there now was
fastcgi_pass 127.0.0.1:9000;

so I did a "search and replace" to set it at "fastcgi_pass $fastcgi_pass;" since I am using unix sockets instead of TCP and $fastcgi_pass is now correctly defined in my vhost file.

Yesterday(couldn't post my finding either last night, ticket system already close, your weekend start before mine :P) I also noticed SEF didn't work so I modified the .conf file to make it work, and I now see that you are doing the same thing in the new version and combining it with the directory listing.

## Enable SEF URLs
location / {
try_files $uri $uri/ /index.php?$args;
## Disable directory listings
autoindex off;
}

BUT, I also found out that next block of code is the one that is causing the blank page.

location ~* /index.php$ {
fastcgi_pass $fastcgi_pass;
break;
}


This particular block gets written if you select SEF->Yes and/or if you select Frontend Protection->Yes.

In the case of SEF, I am not sure what it is supposed to do since SEF works fine without it.
For the frontend protection, it became obvious what it does when I removed it. I got a 403, so it's there to allow access to index.php.
Problem is, it also cause a blank page somehow.

Turning on error reporting to maximum in Joomla showed nothing, still a blank page. All the system logs and nginx error log report nothing either.

For the rest of the file that admin tools creates, there is a small typo in the browser expiration time section. the expires value for many items is set to 1m(1 minute) instead of 1M(one month)

# Audio files : 1 month
location ~* \.(mid|midi|mp3|m4a|m4r|aif|aiff|ra|wav|voc|ogg)$ {
access_log off; log_not_found off;
expires 1m;

That about sum it up.

Monday, 12 May 2014 01:58 CDT

nicholas
I installed the new dev version(rev2CF199D) and the first error I got with the new nginx.conf is a 502 bad gateway. I took a look at the file and found that insteat of seeing the usual:

fastcgi_pass $fastcgi_pass;



there now was

fastcgi_pass 127.0.0.1:9000;



so I did a "search and replace" to set it at "fastcgi_pass $fastcgi_pass;" since I am using unix sockets instead of TCP and $fastcgi_pass is now correctly defined in my vhost file.



That's the wrong way to do it. Go to the NginX Configuration Maker, scroll all the way to the bottom and set the "fastcgi_pass parameter" to $fastcgi_pass

Yesterday(couldn't post my finding either last night, ticket system already close, your weekend start before mine :P) I also noticed SEF didn't work so I modified the .conf file to make it work, and I now see that you are doing the same thing in the new version and combining it with the directory listing.



## Enable SEF URLs

location / {

try_files $uri $uri/ /index.php?$args;

## Disable directory listings

autoindex off;

}



BUT, I also found out that next block of code is the one that is causing the blank page.



location ~* /index.php$ {

fastcgi_pass $fastcgi_pass;

break;

}





This particular block gets written if you select SEF->Yes and/or if you select Frontend Protection->Yes.


I can't reproduce that. Actually, when I remove the second block I can't get the /index.php URL to work :(

In the case of SEF, I am not sure what it is supposed to do since SEF works fine without it.


Just makes sure that http://www.example.com/index.php (as opposed to http://www.example.com) displays your site

For the frontend protection, it became obvious what it does when I removed it. I got a 403, so it's there to allow access to index.php.

Problem is, it also cause a blank page somehow.


I already fixed that on Saturday morning. The front-end protection was previously duplicating code from SEF URLs. Now it doesn't.

Turning on error reporting to maximum in Joomla showed nothing, still a blank page. All the system logs and nginx error log report nothing either.


Yeah, NginX is an annoying brat when you have routing issues :( It logs nothing about the problems, you have to read the crystal ball or something!

For the rest of the file that admin tools creates, there is a small typo in the browser expiration time section. the expires value for many items is set to 1m(1 minute) instead of 1M(one month)



# Audio files : 1 month

location ~* \.(mid|midi|mp3|m4a|m4r|aif|aiff|ra|wav|voc|ogg)$ {

access_log off; log_not_found off;

expires 1m;


Good catch! I'll fix that.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 13 May 2014 07:38 CDT

kinwolf
That's the wrong way to do it. Go to the NginX Configuration Maker, scroll all the way to the bottom and set the "fastcgi_pass parameter" to $fastcgi_pass


Ah, never noticed that field(it's new?) I put $fastcgi_pass there and it worked fine for the creation of the .conf file :)

The only problem left for me is the block: 
location ~* /index.php$ {
fastcgi_pass $fastcgi_pass;
break;
}

that, when present, shows blank page both on the frontend and backend. But since you can't reproduce it, it might be some config on my server. I already reviewed nginx config and saw nothing that could cause that, so the next step is to comb through the php.ini file. Before doing that, I'll test using it on wnmp since it works for you on mnnp(why do all php programmer have a mac? :P) I won't have time this week though, it's time to prepare the garden! But I'll tackle that next week.

You can close this ticket if you want. If I ever find the answer I'll gladly send back the information.

Thanks!

Tuesday, 13 May 2014 11:01 CDT

nicholas
Ah, never noticed that field(it's new?)


Yes, it is new. I added that based on your previous feedback on $fastcgi_pass :)

Before doing that, I'll test using it on wnmp since it works for you on mnnp


Yes, please do. I am wondering why it throws a blank page for you. If it fails on WNMP I might have to remove it or add a switch to enable it.

why do all php programmer have a mac? :P


That's easy. It has a better graphical interface than Windows and the full UNIX power of BSD (which is pretty much what we'd get on Linux). It's the best of both worlds, combined :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!