# Nginx Connect to Socket Failed
Nginx connects to FastCGI or upstream via Unix socket, but the connection fails with permission denied, connection refused, or socket not found. Unix sockets offer better performance than TCP for local connections, but they require correct permissions, paths, and socket existence.
Understanding Unix Socket Connections
- 1.Unix sockets are filesystem objects:
- 2.Process creates socket file
- 3.Process listens on socket
- 4.Clients connect through socket file
- 5.Socket requires proper permissions
Check the error log:
``bash
tail -f /var/log/nginx/error.log
Common error messages:
``
connect() to unix:/run/php/php-fpm.sock failed (13: Permission denied)
connect() to unix:/run/php/php-fpm.sock failed (2: No such file or directory)
connect() to unix:/run/php/php-fpm.sock failed (11: Resource temporarily unavailable)
Common Cause 1: Socket File Not Found
The socket file doesn't exist because the upstream process isn't running.
Diagnosis: ```bash # Check if socket exists ls -la /run/php/php-fpm.sock
# Check if PHP-FPM is running systemctl status php8.2-fpm
# Check PHP-FPM configuration for socket path grep listen /etc/php/8.2/fpm/pool.d/www.conf ```
Solution: Start PHP-FPM:
``bash
sudo systemctl start php8.2-fpm
sudo systemctl enable php8.2-fpm
Verify socket created:
``bash
ls -la /run/php/php-fpm.sock
Common Cause 2: Permission Denied
Socket permissions don't allow Nginx user to connect.
Diagnosis: ```bash # Check socket permissions ls -la /run/php/php-fpm.sock
# Check Nginx user ps aux | grep nginx | head -1 # or grep user /etc/nginx/nginx.conf
# Test if Nginx user can access socket sudo -u www-data test -w /run/php/php-fpm.sock && echo "OK" || echo "FAIL" ```
Typical problem:
``
srw-rw---- 1 root root 0 Apr 04 12:00 /run/php/php-fpm.sock
Socket owned by root, www-data not in root group.
Solution: Fix socket permissions:
Option 1 - PHP-FPM configuration:
``ini
# In /etc/php/8.2/fpm/pool.d/www.conf
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
Restart PHP-FPM:
``bash
sudo systemctl restart php8.2-fpm
Option 2 - Change socket ownership:
``bash
sudo chown www-data:www-data /run/php/php-fpm.sock
sudo chmod 660 /run/php/php-fpm.sock
Option 3 - Add Nginx user to socket group:
``bash
# If socket group is something like 'php-fpm'
sudo usermod -aG php-fpm www-data
Common Cause 3: Socket Path Mismatch
Nginx and upstream configured for different socket paths.
Diagnosis: ```bash # Check Nginx configuration grep "fastcgi_pass" /etc/nginx/sites-enabled/*
# Check PHP-FPM configuration grep listen /etc/php/*/fpm/pool.d/www.conf ```
Problematic config:
``nginx
# Nginx
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
# PHP-FPM
listen = /run/php/php8.2-fpm.sockDifferent socket paths - connection fails.
Solution: Match socket paths:
``nginx
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
Or fix PHP-FPM:
``ini
listen = /run/php/php-fpm.sock
Common Cause 4: Socket Directory Permission
Parent directories must be traversable.
Diagnosis:
``bash
# Check each parent directory
namei -l /run/php/php-fpm.sock
Output shows permissions at each level:
``
drwxr-xr-x root root /
drwxrwxr-x root root run
drwxrwx--- root root php <-- www-data can't traverse
srw-rw---- root root php-fpm.sock
Solution: Fix directory permissions:
``bash
sudo chmod 755 /run/php
Or configure PHP-FPM to use accessible directory:
``ini
listen = /var/run/php/php-fpm.sock
Common Cause 5: Resource Temporarily Unavailable
Socket overwhelmed, queue full.
Error:
``
connect() failed (11: Resource temporarily unavailable) while connecting to upstream
Diagnosis: ```bash # Check socket queue ss -xl | grep php-fpm
# Check PHP-FPM process count ps aux | grep php-fpm | wc -l
# Check PHP-FPM pool settings grep pm /etc/php/*/fpm/pool.d/www.conf ```
Solution: Increase PHP-FPM capacity:
``ini
pm = dynamic
pm.max_children = 50 # Increase from default
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500 # Restart workers after N requests
Or use TCP instead of socket:
``ini
listen = 127.0.0.1:9000
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
}TCP handles more concurrent connections but slightly slower.
Common Cause 6: Socket Deleted But Process Running
Socket file deleted, but process still thinks it's listening.
Diagnosis: ```bash # Socket not visible ls /run/php/php-fpm.sock # ls: cannot access: No such file or directory
# But PHP-FPM running systemctl status php8.2-fpm ```
Cause: Socket deleted by cleanup script or tmpfs remount.
Solution: Restart PHP-FPM to recreate socket:
``bash
sudo systemctl restart php8.2-fpm
Prevent deletion:
Use a persistent location:
``ini
listen = /var/run/php/php-fpm.sock
Or configure systemd to preserve socket:
``bash
# Check tmpfiles configuration
ls /etc/tmpfiles.d/
Common Cause 7: SELinux Blocking Socket Access
SELinux prevents socket connections.
Diagnosis: ```bash # Check SELinux status getenforce
# Check for denials ausearch -m AVC -ts recent | grep php-fpm ```
Solution: Allow socket access: ```bash # Set SELinux context for socket sudo semanage fcontext -a -t httpd_var_run_t "/run/php(/.*)?" sudo restorecon -R /run/php
# Or temporarily disable SELinux sudo setenforce 0 ```
Common Cause 8: Upstream Socket (Not FastCGI)
Generic upstream Unix socket configuration.
Problematic config:
``nginx
upstream backend {
server unix:/var/run/app.sock;
}
Check socket:
``bash
ls -la /var/run/app.sock
Solution: Ensure socket exists and permissions correct: ```bash # Check upstream app is running systemctl status myapp
# Check socket permissions ls -la /var/run/app.sock
# Fix ownership if needed sudo chown www-data:www-data /var/run/app.sock ```
App must create socket with correct permissions:
Node.js example:
``javascript
const server = app.listen('/var/run/app.sock');
server.on('listening', () => {
fs.chmodSync('/var/run/app.sock', 0o660);
// Optionally change owner
});
Python example: ```python import socket import os
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.bind('/var/run/app.sock') os.chmod('/var/run/app.sock', 0o660) ```
Verification Steps
- 1.Check socket exists:
- 2.```bash
- 3.ls -la /run/php/php-fpm.sock
- 4.
` - 5.Check permissions:
- 6.```bash
- 7.stat /run/php/php-fpm.sock
- 8.
` - 9.Test direct connection:
- 10.```bash
- 11.# FastCGI test
- 12.cgi-fcgi -bind -connect /run/php/php-fpm.sock
# Or use nc if available nc -U /run/php/php-fpm.sock ```
- 1.Monitor error log:
- 2.```bash
- 3.tail -f /var/log/nginx/error.log
- 4.
` - 5.Test PHP:
- 6.```bash
- 7.curl http://localhost/test.php
- 8.
` - 9.Check upstream process:
- 10.```bash
- 11.systemctl status php8.2-fpm
- 12.ps aux | grep php-fpm
- 13.
`
Complete Working Configuration
PHP-FPM pool configuration: ```ini # /etc/php/8.2/fpm/pool.d/www.conf [www] user = www-data group = www-data listen = /run/php/php-fpm.sock listen.owner = www-data listen.group = www-data listen.mode = 0660
pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 ```
Nginx FastCGI configuration: ```nginx location ~ \.php$ { fastcgi_pass unix:/run/php/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;
fastcgi_connect_timeout 60s; fastcgi_send_timeout 60s; fastcgi_read_timeout 60s; } ```
Upstream Unix socket: ```nginx upstream app { server unix:/var/run/app.sock; keepalive 32; }
location / { proxy_pass http://app; proxy_http_version 1.1; proxy_set_header Connection ""; } ```
Quick Reference
| Error Code | Meaning | Fix |
|---|---|---|
| 2 | No such file | Start upstream process |
| 13 | Permission denied | Fix socket ownership/mode |
| 11 | Resource unavailable | Increase pool capacity |
| 111 | Connection refused | Socket deleted, restart |
| 104 | Connection reset | Upstream crashed |
Unix socket issues usually involve permissions or existence. Check socket file first, then verify Nginx user can access it, and ensure upstream process is running.