By peter

2014-05-03 10:47:54 8 Comments

I update nginx to 1.4.7 and php to 5.5.12, After that I got the 502 error. Before I update everything works fine.


2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client:, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"


user  www www;
worker_processes  1;

        location / {
            root   /usr/home/user/public_html;
            index  index.php index.html index.htm;
        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME    /usr/home/user/public_html$fastcgi_script_name;
            include fastcgi_params;


@Bogdik 2019-06-20 09:53:51

Just see /etc/php5/php-fpm.conf pid = /var/run/ IS PID file

In file /etc/php5/fpm/pool.d/www.conf

listen = /var/run/php5-fpm.sock IS SOCKET file

if you pid equal listen (pid = /var/run/php5-fpm.sock and listen = /var/run/php5-fpm.sock) -> wrong settings and finish sett /etc/php5/fpm/pool.d/www.conf

user = nginx
group = nginx
listen.owner = nginx = nginx
listen.mode = 0660

@Tech Nomad 2019-03-06 15:50:48

In my case php-fpm wasn't running at all, so I just had to start the service ­čśé

service php7.3-fpm start
#on ubuntu 18.04

@Erenss 2019-01-30 09:19:31

The most important thing here is wich user is using nginx then do you need specify it as well

in your nginx.conf

user www-data;
worker_processes  1;

        location / {
            root   /usr/home/user/public_html;
            index  index.php index.html index.htm;
        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME    /usr/home/user/public_html$fastcgi_script_name;
            include fastcgi_params;

in your www.conf

listen.owner = www-data = www-data
;listen.mode = 0660

in your case the user and group is "www" so just replace it.

  • restart nginx and php fpm

@EarthMind 2017-01-22 01:07:58

The problem in my case was that the Nginx web server was running as user nginx and the pool was running as user www-data.

I solved the issue by changing the user Nginx is running at in the /etc/nginx/nginx.conf file (could be different on your system, mine is Ubuntu 16.04.1)

Change: user nginx;

to: user www-data;

then restart Nginx: service nginx restart

@alchemist 2018-03-07 21:46:31

Also check SELINUX (/etc/selinux):

# getenforce

turn it off:

# setenforce 0

@SlyDave 2018-05-31 15:06:56

You should never opt to reduce the security of a system to get something working, rather use one of the many options in the other answers to solve your issue. Do not disable selinux without extremely good reason to do so!

@IvanTheFirst 2017-10-31 09:04:48

If you have declarations

pid = /run/


listen = /run/

in different configuration files, then root will owner of this file.

@Davis 2017-05-18 09:42:43

To those who tried everything in this thread and still stuck: This solved my problem. I updated /usr/local/nginx/conf/nginx.conf

  1. Uncomment the line saying user

  2. make it www-data so it becomes: user www-data;

  3. Save it (root access required)

  4. Restart nginx

@Nanhe Kumar 2017-03-08 16:53:05

I have fixed same issue on Amazon Linux AMI 2016.09 (Centos 7) by taking following steps.

Open your www.conf files (Example : sudo nano /etc/php-fpm.d/www.conf) Lastly, find the lines that set the listen.owner and and change their values from "nobody" to "nginx":

listen.owner = nginx = nginx
listen.mode = 0666

Lastly, find the lines that set the user and group and change their values from "apache" to "nginx":

user = nginx
group = nginx

Restart php-fpm (sudo service php-fpm restart)

@Xander 2017-06-01 12:52:17

Use 660 instead 666. 666 is insecure and was fixed by this patch…

@Terry Lin 2017-01-26 13:18:27

Simple but works..

listen.owner = nginx = nginx

chown nginx:nginx /var/run/php-fpm/php-fpm.sock

@Chris 2019-07-14 02:17:27

As I understand, this won't survive a reboot, so is more of a temporary fix.

@Jaman 2017-01-16 15:09:10

If you have different pool per user make sure user and group are set correctly in configuration file. You can find nginx user in /etc/nginx/nginx.conf file. nginx group is same as nginx user.

user = [pool-user]
group = [pool-group]
listen.owner = [nginx-user] = [nginx-group]

@supershnee 2016-07-07 18:59:14

The following simple fix worked for me, bypassing possible permissions issues with the socket.

In your nginx config, set fastcgi_pass to:


Instead of

fastcgi_pass   /var/run/php5-fpm.sock;

This must match the listen = parameter in /etc/php5/fpm/pool.d/www.conf, so also set this to:

listen =;

Then restart php5-fpm and nginx

service php5-fpm restart


service nginx restart

For more info, see:

@Chris 2019-07-14 02:16:17

While this may get one up and going, it is not a solution for fixing a sock issue.

@Xander 2014-05-06 06:30:09

I had a similar error after php update. PHP fixed a security bug where o had rw permission to the socket file.

  1. Open /etc/php5/fpm/pool.d/www.conf or /etc/php/7.0/fpm/pool.d/www.conf, depending on your version.
  2. Uncomment all permission lines, like:

    listen.owner = www-data = www-data
    listen.mode = 0660
  3. Restart fpm - sudo service php5-fpm restart or sudo service php7.0-fpm restart

Note: if your webserver runs as user other than www-data, you will need to update the www.conf file accordingly

@kukipei 2014-05-06 12:11:14

Bravo! This solved my problem. Thanks

@Shadur 2014-05-07 12:09:58

Given that this makes the socket writable to absolutely everyone, I can't help but think that this is a horrible solution.

@roborourke 2014-05-09 16:34:04

Can't upvote this enough - ah just read, 660 it is

@Digital site 2014-05-12 14:08:54

Thanks, That saved me a lot of time figuring out what heck that was...

@Chris Burgess 2014-05-14 23:15:59

This approach restores the insecure default configuration resolved in - consider instead the listen.owner fix suggested by artooro.

@Guicara 2014-05-17 03:24:17

Perfect! It solves my 502 error.

@SamGoody 2014-06-24 11:39:47

Very confusing. Why not edit your answer to be correct, (Go to /etc...) and then afterwards comment about how there is a less secure way that only works till reboot (Go to /var/..).

@Tushar Khatiwada 2014-06-26 02:53:10

Thanks, Saved my day.

@dob 2014-08-02 18:38:19

You just saved me HOURS of painful debugging. I could kiss you... but I won't :)

@Tecnocat 2014-08-05 12:03:42

Reopen a fixed bug is not a valid solution for me. artooro solution it's more appropriate and secure.

@Xander 2014-08-06 11:40:06

@Tecnocat Why it less secure? I think they are the same. www-data and 660. So, I don't understand what's wrong?

@JBCP 2014-08-11 04:41:50

I believe this solution is as secure as artooro's, however setting the listen.mode is not necessary. I suspect 0660 is the default setting for listen.mode anyway.

@steve 2014-08-18 09:30:34

Wonderful answer. Thank you!

@Erwin Julius 2014-09-12 15:51:33

Great! Thanks for the answer!

@AnthumChris 2015-02-20 04:24:22

sudo usermod -aG www-data nginx allows nginx to access the file

@mariowise 2015-06-25 12:25:21

If the server is running, how can we know which user is running nginx ??

@Ankit 2016-02-05 18:45:30

I only uncommented listen.mode = 0660 as both listen.owner = www-data and = www-data were already uncommnented.

@Ankit 2016-02-05 21:33:27

It's not working in my case. I uncommented listen.mode = 0660 as other two were already uncommented.

@berbt 2016-02-29 09:23:40

How can an answer that says, almost in clear text "break the security fix to get things working" have so many upvotes?

@Xander 2016-04-20 08:31:32

@berbt What do you mean? 0660 - is a default permission anyway.

@Oliver Tappin 2016-11-12 14:02:06

For those using remi, the www.conf file is in /opt/remi/php56/root/etc/php-fpm.d/www.conf

@LCB 2016-12-30 12:28:40

php-fpm.sock can not find after uncommented and listen.owner

@lrkwz 2017-05-11 22:23:56

should also check if you have multiple pools with different listen.owners and listen.groups make sure the Nginx user (for example www-data) is a member of the secondary group. So if a FPM pool is owned by bob: listen.owner = bob = bob Add the user www-data as a member of secondary group bob usermod -G bob www-data

@Udayantha Udy Warnasuriya 2019-01-15 16:30:51

Also run sudo service nginx restart in case if this doesn't work.

@sankari 2016-09-14 21:22:06

After upgrading from Ubuntu 14.04 lts to Ubuntu 16.04 lts I found a yet another reason for this error that I haven't seen before.

During the upgrading process I had somehow lost my php5-fpm executable altogether. All the config files were intact and it took me a while to realize that service php5-fpm start didn't really start a process, as it did not show any errors.

My moment of awakening was when I noticed that there were no socket file in /var/run/php5-fpm.sock, as there should be, nor did netstat -an show processes listening on the port that I tried as an alternative while trying to solve this problem. Since the file /usr/sbin/php5-fpm was also non-existing, I was finally on the right track.

In order to solve this problem I upgraded php from version 5.5 to 7.0. apt-get install php-fpm did the trick as a side effect. After that and installing other necessary packages everything was back to normal.

This upgrading solution may have problems of its own, however. Since php has evolved quite a bit, it's possible that the software will break in unimaginable ways. So, even though I did go down that path, you may want to keep the version you're fond of just for a while longer.

Luckily, there seems to be a neat way for that, as described on The Customize Windows site:

add-apt-repository ppa:ondrej/php
apt-get purge php5-common
apt-get update
apt-get install php5.6

Neater solution as it might be, I didn't try that. I expect the next couple of days will tell me whether I should have.

@Marc Quattrini 2015-12-07 05:44:55

I did change OS on my server quite a few times trying to get the most comfortable system.

It used to work very well most of the time but lastly I got this 502 Gateway error.

I use a php fpm socket for each account instead of keeping the same one for all. So if one crashes, at least the other applications keep running.

I used to have user and group www-data. But this changed on my Debian 8 with latest Nginx 1.8 and php5-fpm.

The default user is nginx and so is the group. To be sure of this, the best way is to check the /etc/group and /etc/passwd files. These can't lie.

It is there I found that now I have nginx in both and no longer www-data.

Maybe this can help some people still trying to find out why the error message keeps coming up.

It worked for me.

@LiveWireBT 2014-09-10 15:23:05

I just got this error again today as I updated my machine (with updates for PHP) running Ubuntu 14.04. The distribution config file /etc/php5/fpm/pool.d/www.conf is fine and doesn't require any changes currently.

I found the following errors:

dmesg | grep php
[ 4996.801789] traps: php5-fpm[23231] general protection ip:6c60d1 sp:7fff3f8c68f0 error:0 in php5-fpm[400000+800000]
[ 6788.335355] traps: php5-fpm[9069] general protection ip:6c5d81 sp:7fff98dd9a00 error:0 in php5-fpm[400000+7ff000]

The strange thing was that I have 2 sites running that utilize PHP-FPM on this machine one was running fine and the other (a Tiny Tiny RSS installation) gave me a 502, where both have been running fine before.

I compared both configuration files and found that fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; was missing for the affected site.

Both configuration files now contain the following block and are running fine again:

location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        include /etc/nginx/snippets/fastcgi-php.conf;


It should be noted that Ubuntu ships two fastcgi related parameter files and also a configuration snippet which is available since Vivid and also in the PPA version. The solution was updated accordingly.

Diff of the fastcgi parameter files:

$ diff -up fastcgi_params fastcgi.conf
--- fastcgi_params      2015-07-22 01:42:39.000000000 +0200
+++ fastcgi.conf        2015-07-22 01:42:39.000000000 +0200
@@ -1,4 +1,5 @@

+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;

Configuration snippet in /etc/nginx/snippets/fastcgi-php.conf

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see:
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

@Bukashk0zzz 2014-09-11 09:42:49

Thanks a lot. I have the same problem. It`s weird that in package not included this line. I just add it to /etc/nginx/fastcgi_params and all works again now.

@Adrian Stride 2015-02-05 20:57:18

Just to add, on CentOS (and probably Red Hat and Fedora) the file to change the permissions to is at:


@Ça─čatay Gürtürk 2015-01-10 18:49:21

Check which user runs nginx. As of Ubuntu 12.04 nginx runs by nginx user which is not a member of www-data group.

usermod -a -G www-data nginx

and restarting nginx and php5-fpm daemons solves the problem.

@AnthumChris 2015-02-20 03:56:24

This fix seems to be the cleanest, security wise. Worked on Ubuntu 14.04, Nginx 1.7.10, PHP 5.5.9-1ubuntu4.6 (fpm-fcgi)

@aMMT 2014-09-30 20:26:33

If you have tried everything in this post but are not having success getting PHP to work, this is what fixed it for my case:

Make sure you have these lines uncommented in /etc/php5/fpm/pool.d/www.conf:

listen.owner = www-data = www-data
listen.mode = 0660

Make sure /etc/nginx/fastcgi_params looks like this:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  PATH_INFO          $fastcgi_script_name;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there!

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  PATH_INFO          $fastcgi_script_name;

Then, restart php5-fpm and nginx. Should do the trick.

@Diego Castro 2014-10-14 19:58:10

Thank you so much! I was losing all my hopes, this saved my ass.

@aMMT 2014-11-18 19:22:34

Glad it helped!

@jeppeb 2015-02-01 16:13:04

You're my hero, you saved the day!

@Nikola Prokopi─ç 2016-03-14 04:32:14

There are no words that can describe how grateful I am! After updating packages everything went kaput and this saved the day.

@g9m29 2017-03-06 12:48:36

I want to give you more than one +

@Ted Phillips 2014-08-06 15:33:56

Consideration must also be given to your individual FPM pools, if any.

I couldn't figure out why none of these answers was working for me today. This had been a set-and-forget scenario for me, where I had forgotten that listen.user and were duplicated on a per-pool basis.

If you used pools for different user accounts like I did, where each user account owns their FPM processes and sockets, setting only the default listen.owner and configuration options to 'nginx' will simply not work. And obviously, letting 'nginx' own them all is not acceptable either.

For each pool, make sure that = nginx

Otherwise, you can leave the pool's ownership and such alone.

@MURATSPLAT 2014-12-31 19:27:11

Thank you. If Ngnix works for different user accounts, should be changed like this " = nginx"

@JellicleCat 2014-06-26 18:56:25

Alternative to broadening permissions in your php config, you could change the user specified in your nginx config.

On the first line of your nginx.conf excerpt above, the user and group are specified as www and www, respectively.

user  www www;

Meanwhile, your php config probably specifies a user and group of www-data:

listen.owner = www-data = www-data

You might change the line in your nginx.conf, to any of the following, then:

user www-data www;
user www-data www-data; # or any group, really, since you have the user matching
user www www-data; # requires that your php listen.mode gives rw access to the group

@Aline Matos 2014-10-15 17:13:53

Thank you very much!

@LCB 2016-12-30 12:42:33

Thank you very much! Change nginx.conf is necessary.

@ferodss 2017-04-06 15:11:49

Thanks for point changes needed on nginx.conf

@CRHenkie 2014-06-13 07:41:38

In fact, "listen.mode" should be: "0660" and not "0666" as Other Writable or Other Readable is never a good choice here.

So try to find out as which user/group your webserver runs. I use CentOs and it runs as user "nginx" So add to your php-fpm.conf:

listen.owner = nginx = nginx
listen.mode = 0660

finally restart php-fpm

@Brad 2014-07-27 21:44:25

For what it's worth, on my Ubuntu 12.04 system, the user and group are www-data.

@Kzqai 2016-10-21 01:28:02

For me in CentOS, it worked to set the user as "nobody" and the group as "nginx". Probably not a major improvement, but I'd prefer to give as limited of permissions as possible.

@Eric C 2014-05-06 14:51:58

@Xander's solution works, but does not persist after a reboot.

I found that I had to change listen.mode to 0660 in /etc/php5/fpm/pool.d/www.conf.

Sample from www.conf:

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = www-data
; = www-data
;listen.mode = 0660

Edit: Per @Chris Burgess, I've changed this to the more secure method.

I removed the comment for listen.mode, .group and .owner:

listen.owner = www-data = www-data
listen.mode = 0660

/var/run Only holds information about the running system since last boot, e.g., currently logged-in users and running daemons. (

Side note:

My php5-fpm -v Reports: PHP The issue did happen after a recent update as well.

@Chris Burgess 2014-05-14 23:16:26

This approach restores the insecure default configuration resolved in - consider instead the listen.owner fix suggested by artooro.

@a.out 2018-08-30 14:12:24

If listen.acl_groups is set, listen.owner and are ignored. I set listen.acl_groups =, then the 502/permissions problem went away. Found it after uncommenting the listen. lines as above, the 502 problem persisted and systemctl status php-fpm showed the warning WARNING: [pool www] ACL set, listen.owner = 'nobody' is ignored.

@artooro 2014-05-11 18:25:14

All the fixes currently mentioned here basically enable the security hole all over again.

What I ended up doing is adding the following lines to my PHP-FPM configuration file.

listen.owner = www-data = www-data

Make sure that www-data is actually the user the nginx worker is running as. For debian it's www-data by default.

Doing it this way does not enable the security problem that this change was supposed to fix.

@Chris Burgess 2014-05-14 23:12:52

This is the correct solution. The change in default configuration comes from and appears in Debian

@SamGoody 2014-06-24 11:45:23

To check the nginx username ps aux|grep nginx

@Reality Extractor 2014-07-21 21:47:29

On Ubuntu at /etc/php5/fpm/php.ini

@Martijn Heemels 2014-07-23 13:08:16

@RealityExtractor I don't think so. That file only contains general PHP settings, nothing related to the FPM process manager.

@Giel Berkers 2014-07-25 13:45:45

For me, I also had to manually delete /var/run/php5-fpm.sock, since it was already created by www-data. Just a heads-up...

@jschorr 2014-07-28 15:58:51

This is the proper fix, security-wise.

@JorgeArtware 2014-08-11 06:04:05

you should have all those votes, thank you man

@berbt 2016-02-29 09:51:00

@RealityExtractor that file is not the right one, as @Martijn Heemels says. In Debian, probably Ubuntu too, you have to edit /etc/php5/fpm/pool.d/www.conf. Recent PHP-FPM versions include the configuration lines listen.owner, by default, no need to add them.

@Joseph Lust 2017-06-24 03:53:42

For nginx just make sure you have user www-data in your nginx.conf file to fix this.

@J86 2018-04-30 18:58:36

thank you, this worked for me. On CentOS 7, the user and group, both were nginx

@BurninLeo 2019-07-06 13:14:26

Double check the permissions of the socket file. Note, that to reload the PHP-FPM process may not (!) change the socket's permission according to the settings in the pool.d/....conf file (listen.owner). In this case it may be necessary to chown the socket file manually.

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] Share Nginx server configuration

  • 2014-06-11 04:04:32
  • Anam
  • 1563 View
  • 4 Score
  • 3 Answer
  • Tags:   php nginx

0 Answered Questions

Cannot get index.php page to display in docker container

  • 2019-02-06 04:42:32
  • sp156
  • 176 View
  • 0 Score
  • 0 Answer
  • Tags:   php docker nginx

1 Answered Questions

[SOLVED] Connect to unix:/var/run/php5-fpm.sock failed. What is wrong with my setup?

  • 2014-08-02 18:15:09
  • vsapountzis
  • 41503 View
  • 18 Score
  • 1 Answer
  • Tags:   php wordpress nginx

1 Answered Questions

Nginx PHP5.6 permission eror

  • 2016-06-28 09:48:46
  • JoeTidee
  • 442 View
  • 0 Score
  • 1 Answer
  • Tags:   php nginx

0 Answered Questions

Installing nginx, info.php, connect() failed to open php5-fpm.sock

1 Answered Questions

[SOLVED] CakePHP + nginx 500 Internal Server Error

  • 2015-04-07 07:14:00
  • mattrick
  • 662 View
  • 0 Score
  • 1 Answer
  • Tags:   php cakephp nginx

4 Answered Questions

[SOLVED] Nginx error with php-fpm

  • 2013-09-23 14:27:19
  • Paiboon Panusbordee
  • 23394 View
  • 2 Score
  • 4 Answer
  • Tags:   nginx php

1 Answered Questions

[SOLVED] Nginx stating "502 Bad Gateway"

  • 2014-05-19 02:40:09
  • sparecycle
  • 4668 View
  • 2 Score
  • 1 Answer
  • Tags:   nginx vagrant php

1 Answered Questions

[SOLVED] migrating from lighttpd to nginx

1 Answered Questions

nginx + php-fpm + pidora(fedora) on raspberry

  • 2013-10-17 07:11:07
  • GergA
  • 1644 View
  • 0 Score
  • 1 Answer
  • Tags:   nginx fedora php

Sponsored Content