Fix “File Not Found” with PHP on OpenBSD httpd

When setting up my WordPress site on OpenBSD 6.7 using this nice tutorial I ran into an error during installation of PHP. Every time I tried to load a .php page all I got was a message saying:

File not found.

Not very informative at all! But I guess this goes along with the security consciousness of OpenBSD– an information leak could be used in nefarious ways. It turns out I had chosen a different chroot directory for my httpd web server, rather than the default /var/www. When configuring php-fpm I did not edit enough of the config file.

You see php-fpm communicates with httpd via a unix domain socket. That socket need to be accessible by the webservers AFTER is has chroot-ed into the web directory. So in my httpd.conf I have something like this:

 location "*.php*" {
            fastcgi socket "/run/php-fpm.sock"

This means that httpd should send php requests to php-fpm through the socket at /run/php-fpm.sock. This path is relative to the chroot directory of the web server. So I needed to edit my /etc/php-fpm.conf file to change the chroot directive to point to MY custom chroot directory for my httpd server, rather than to the default one:

<snip other config stuff>
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
chroot = /<my>/<chroot>/<path>

Now I could get php to work and a simple:

 <?php phpinfo(); ?>

page would work just fine! For the record this was PHP-7.4.x with php-frm on OpenBSD 6.7 using the build in httpd.

This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *