Proxy_fcgi:error - AH01071: Got error 'Primary script unknown'

Hello all,

I installed Virtualmin 7.9.0 under Debian 12.

I configured the default virtual server domaintest.com , all OK.
Installed a second virtual server with wordpress, called wordpress.domaintest.com , all OK.

Installed a third virtual server subdomain called crm.domaintest.com… but in this case it only servers HTML pages.

I enabled and configured PHP 8.3 thru the virtualmin interface, using FPM.

No PHP rendering at all.

If I go to the UNIX prompt, the php commands do work and render in the terminal OK.

Errors on /home/crm/logs/error_log:

[Sun Jan 28 02:30:37.566512 2024] [proxy_fcgi:error] [pid 15480:tid 139901327177408] [remote 88.12.164.189:53143] AH01071: Got error ‘Primary script unknown’

[Sun Jan 28 02:30:37.746655 2024] [proxy_fcgi:error] [pid 15480:tid 139901318768320] [remote 88.12.164.189:53143] AH01071: Got error ‘Primary script unknown’

… when opening crm.domaintest.com from Chrome and shows “File not found”.

If I open an .html file, the file is output by Apache 2 OK:
https://crm.domaintest.com/test.html outputs: “Hello World”

Thanks!

so all three Virtual Servers in their public_html directories have one or more of index.htm index.html index.php ?

if so then its really strange what’s going on

when you get the error_log entry, is there a matching access_log entry too?

your 3rd server you called a subdomain (which it obviously is) – does that one differ any from the other two? That is, is each its own Virtual Server and each have its own /home/ directory where all their respective files are stored?

Full disclosure – all my experience is on RedHat systems, so not sure if anything I say can be helpful

Hello,

so all three Virtual Servers in their public_html directories have one or more of index.htm index.html index.php ?

The third virtualserver is the only one with problems.

This third virtualserver is nearly empty. It only has two files in it (there is no .htaccess or other hidden file):
location:
/home/crm/public_html

index.php
index.html

index.html has Hello worls, it works.

index.php has <?php phpinfo(); ?>, but does not run.

when you get the error_log entry, is there a matching access_log entry too?

/var/log/virtualmin/crm.linkedinlocal.es_access_log
shows:
88.12.164.189 - - [28/Jan/2024:14:23:38 +0100] “GET /index.php HTTP/2.0” 404 112 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36”

/var/log/virtualmin/crm.linkedinlocal.es_error_log
shows:
[Sun Jan 28 14:23:38.279419 2024] [proxy_fcgi:error] [pid 15905:tid 140591904245440] [remote 88.12.164.189:51305] AH01071: Got error ‘Primary script unknown’
[Sun Jan 28 14:23:38.652144 2024] [proxy_fcgi:error] [pid 15905:tid 140591895836352] [remote 88.12.164.189:51305] AH01071: Got error ‘Primary script unknown’

Both
https://crm.linkedinlocal.es/
&
https://crm.linkedinlocal.es/index.php
do not work, and output “File not found” in the browsers

https://crm.linkedinlocal.es/index.html works and shows “hello world” in the browsers

I tried:

• changing PHP 8.1.x, 8.2.x, 8.3.x
• systemctl restart php8.X-fpm
• systemctl restart apache2
• rebooting server

This is my
/etc/apache2/sites-available/crm.linkedinlocal.es.conf
file…

<VirtualHost 200.234.230.201:80>
    SuexecUserGroup "#1003" "#1003"
    ServerName crm.linkedinlocal.es
    ServerAlias www.crm.linkedinlocal.es
    ServerAlias mail.crm.linkedinlocal.es
    ServerAlias webmail.crm.linkedinlocal.es
    ServerAlias admin.crm.linkedinlocal.es
    DocumentRoot /home/crm/public_html
    ErrorLog /var/log/virtualmin/crm.linkedinlocal.es_error_log
    CustomLog /var/log/virtualmin/crm.linkedinlocal.es_access_log combined
    ScriptAlias /cgi-bin/ /home/crm/cgi-bin/
    ScriptAlias /awstats/ /home/crm/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/crm/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/crm/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    ProxyPass /.well-known !
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.crm.linkedinlocal.es
    RewriteRule ^(?!/.well-known)(.*) https://crm.linkedinlocal.es:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.crm.linkedinlocal.es
    RewriteRule ^(?!/.well-known)(.*) https://crm.linkedinlocal.es:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php8.1
    RemoveHandler .php8.2
    RemoveHandler .php8.3
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php/170441212673157.sock|fcgi://127.0.0.1
    </FilesMatch>
    <Files awstats.pl>
        AuthName "crm.linkedinlocal.es statistics"
        AuthType Basic
        AuthUserFile /home/crm/.awstats-htpasswd
        require valid-user
    </Files>
</VirtualHost>

<VirtualHost 200.234.230.201:443>
    SuexecUserGroup "#1003" "#1003"
    ServerName crm.linkedinlocal.es
    ServerAlias www.crm.linkedinlocal.es
    ServerAlias mail.crm.linkedinlocal.es
    ServerAlias webmail.crm.linkedinlocal.es
    ServerAlias admin.crm.linkedinlocal.es
    DocumentRoot /home/crm/public_html
    ErrorLog /var/log/virtualmin/crm.linkedinlocal.es_error_log
    CustomLog /var/log/virtualmin/crm.linkedinlocal.es_access_log combined
    ScriptAlias /cgi-bin/ /home/crm/cgi-bin/
    ScriptAlias /awstats/ /home/crm/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/crm/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/crm/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    ProxyPass /.well-known !
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.crm.linkedinlocal.es
    RewriteRule ^(?!/.well-known)(.*) https://crm.linkedinlocal.es:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.crm.linkedinlocal.es
    RewriteRule ^(?!/.well-known)(.*) https://crm.linkedinlocal.es:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php8.1
    RemoveHandler .php8.2
    RemoveHandler .php8.3
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php/170441212673157.sock|fcgi://127.0.0.1
    </FilesMatch>
    SSLEngine on
    SSLCertificateFile /etc/ssl/virtualmin/170441212673157/ssl.combined
    SSLCertificateKeyFile /etc/ssl/virtualmin/170441212673157/ssl.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    <Files awstats.pl>
        AuthName "crm.linkedinlocal.es statistics"
        AuthType Basic
        AuthUserFile /home/crm/.awstats-htpasswd
        require valid-user
    </Files>
</VirtualHost>

I saw the suspicious lines:

    RemoveHandler .php
    RemoveHandler .php8.1
    RemoveHandler .php8.2
    RemoveHandler .php8.3

• I removed them, nothing
• I also read posts about removing a default installed package libapache2-mod-fcgid, which also removed virtualmin-lamp-stack. No success. I put hem back. I checked php config and I saw no modphp enabled.

Thanks,

So for the erroring VS Apache2 is working as yo can see the index.html file as “Hello World”
but you cannot see the index.php file “phpinfo”
check in the Web Configuration ->PHP Options for that domain to confirm the execution mode is “FPM” and not disabled.

FPM is enabled…

php fpm956×370 70.8 KB

Hello,

Finally found the issue.

I saw in the other virtualmins that the owners of the public html files is the virtualmin virtualserver user

Looks like for some reason, the directory and files inside
/home/crm/public_html
had owner “www-data” instead of “crm” (the user of the virtualmin virtual server).

I changed rights to crm as owner and permissions to 0644 and worked!

permissions656×614 76.4 KB

Thanks!

It is always nice to see a problem solved but it would be even better to know how or why this got the wrong owner and permissions.

also, a general comment – somewhere there is a setting, per apache virtual server config, of which order to search for the default file (name) — index.htm, index.html, index.php – etc — the first one it finds is what will be served out when a specific file is not listed/chosen on your URL.

so http://example.com/index.htm will always display that file if it exists, but just http://example.com will follow whatever apache says to look for – so having more than one index.XXXX file can be confusing

and its so sad that apache cannot clearly say — Hey I see the file but cannot open it because of permissions – such an entry in the logs would help all of us !!

I uploaded the files from my Windows computer. Maybe there’s something during the file transfer and copy from Windows to Debian Virtualmin using WinSCP that puts the user and permission of the files wrong or are inherited from somewhere configuration.

I think the log can report that, but you need to change the verbose level, as with the FirewallD.

How did you upload them? If you used the nice File Manger it would have taken care of the correct user and permissions.
But if these were uploaded by some other FTP (yes even Filezilla) it would be up to you to take care of it. That is especially true of files that are develped on your local Windows machine. Also you need to be aware that such files could have the wrong line and file ending.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.