• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question External software gets error reloading php-fpm

Angelluc

Angelluc

New Pleskian
Hello,

I want to use Envoyer(.io) to deploy my Github repository on a domain on my server with Ubuntu 16.04 and Plesk Onyx as it has some features I like to use. In that case I can't use the git app.
So I wat Envoyer directly deploy to my httpdocs/public map of my domain.

After filling in everything I got an error:
PHP FPM appears to be running on your server, but we were unable to reload it. This is typically because your SSH user is not allowed to reload the service without hitting a password prompt.
With this suggestion:
To allow your user to reload the service without a password, you should run the following command on your server:
echo "user ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" | sudo tee -a /etc/sudoers.d/php-fpm > /dev/null (by which user is replaced with the user I use)

I tried that but it didn't work so I searched in the Plesk documentation and questions and found out that plesk names it differently: plesk-php70-fpm
So I used that instead but still I get the error.
I have looked in the sudoers.d dir and the php-fpm file contains those lines now (also for php55, 56 and 71). And I have also placed them (through sudo visudo) in the sudoers file in the hope that helped but that didn't change anything.

Oh yes of course they created an SSH key which I placed in .ssh/authorized_keys and also in /var/www/vhosts/mydomain/.ssh/authorized_keys

For sure I am overlooking something or something else.
Any support welcome!
Luc
 
Did you make sure that the subscription user has SSH root access? Normally these users are in a chrooted environment, thus cannot access system services.
 
How can I see if that is the case? As stated before I have put in a SSH key and used the "user ALL=NOPASSWD" for the reload. But I am not that familiar with the term chrooted (just looked it op in Wiki).
 
Ah you nailed it. It is on "forbidden".... oké what setting do I need from the dropdown? Thanks a lot for the insight Peter!
 
You will probably need to grant the full root access, not the chrooted access. However, in this case the subscription will gain full access to all files and services on your system. You should only do this if you own the subscription yourself and if your website is absolutely secure. If hacker manages to access your server, e.g. by a malicious plugin, the hacker will be able to access all of your server when you allow full SSH access to the subscription user.
 
I tried to do something as root with that user but got "Sorry, user is not allowed to execute '/bin/bash' as root on server"....
 
I have installed user ALL=(ALL) NOPASSWD: /usr/sbin/service plesk-php70-fpm reload so it has the root acces for that but still get the error
PHP FPM appears to be running on your server, but we were unable to reload it. This is typically because your SSH user is not allowed to reload the service without hitting a password prompt.
Is there a way to only give partial access so that it works, has that to do with the '/bin/bash access?
 
The best way to debug this is to create a chrooted environment and actually login to that using putty...
There you can execute all the commands your client has access to..... ....and notice it's not much...

The client will come into a space where the root is actually here: /var/www/vhosts/clientdomain/
It will contain some /bin /sbin /etc /var /usr folders and what is available there can be run...

Things like git / PHP needs to be added to it using special scripts.
There are some tutorials to add php, but they are scattered....
I recently setup a good environment for a client of mine, but as the process contained some trial and error I can't make a tutorial from it.

If I need to set it up on a new server I will do this!!!
For now, you need to find it all out yourself...
 
Thanks @mr-wolf although that is not yet the most comfortable way I hoped to find as a solution. I hope there are others which can support in an easier solution for this.
@Peter Debik, you already brought me a lot of insight perhaps you have an input for the last part?
 
You must log in or register to reply here.

Similar threads

AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
2K
AdrianC
AdrianC
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
566
Raul A.
R
D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
7K
Kaspar@Plesk
Kaspar@Plesk
andreios
Resolved PHP FPM 8.2.17 is not accurately checking cached files for changes
Replies
3
Views
7K
andreios
andreios
G
Issue Changing user name breaks php-fpm how to report a bug?
Replies
2
Views
2K
EugeneKazakov
EugeneKazakov
Back
Top