502 Bad Gateway caused by Permission Denied

While setting up indieforger.com ubuntu server i run into 502 Bad Gateway caused by Permission Denied and logged as:

connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: XX.XX.XX.XX, server: indieforger.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "indieforger.com"

Qucik fix

Fast fix is as suggested by Chris is to edit: /etc/php5/fpm/pool.d/www.conf php-fpm config file setting, uncommenting listen.mode and setting it to:

listen.mode = 0666

Good fix

While first solution will work ok I am not entirely sure about how secure it is. I think it is better to leave listen.mode set to it's default values 0660and make sure nginx worker user is the same as php-fpm user.

running ps -aux |grep nginx shows that worker is run by nobody user.

root    22965  0.0  0.0  86008  1420 ?        Ss   15:30   0:00 nginx: master process /usr/sbin/nginx
nobody  22966  0.0  0.0  86584  2600 ?        S    15:30   0:00 nginx: worker process

Executing -aux |grep php-fpm indicates that www-data is owner of php-fpm workers.

root     22958  0.0  0.4 375996 18848 ?        Ss   15:30   0:00 php-fpm: master process (/etc/php5/fpm/php-fpm.conf)
www-data 22961  0.0  0.1 375996  6380 ?        S    15:30   0:00 php-fpm: pool www

Fix to the problem then should be setting www-user in /etc/nginx/nginx.conf

sudo vim /etc/nginx/nginx.conf

And add below at the very top of the file

user www-data www-data;
worker_processes  1;

Restart services

sudo service php5-fpm restart && sudo service nginx restart

Confirm ports with sudo lsof -nP -i | grep LISTEN:

sshd      1020     root    3u  IPv4   8959      0t0  TCP *:22 (LISTEN)
sshd      1020     root    4u  IPv6   8961      0t0  TCP *:22 (LISTEN)
mongod    1162  mongodb    6u  IPv4   9415      0t0  TCP (LISTEN)
node      2738   ubuntu   16u  IPv4  12084      0t0  TCP (LISTEN)
mysqld   17659    mysql   10u  IPv4 147666      0t0  TCP (LISTEN)
nginx    22965     root    6u  IPv4 165063      0t0  TCP *:80 (LISTEN)
nginx    22966 www-data    6u  IPv4 165063      0t0  TCP *:80 (LISTEN)

And check your site. Voila!


  • http://nginx.org/en/docs/ngxcoremodule.html#user
  • http://php.net/manual/en/install.unix.nginx.php
  • http://chriskief.com/2014/05/07/nginx-php5-fpm-and-permission-denied-errors/

Published by IndieForger