• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question External software gets error reloading php-fpm

Angelluc

Angelluc

New Pleskian
Hello,

I want to use Envoyer(.io) to deploy my Github repository on a domain on my server with Ubuntu 16.04 and Plesk Onyx as it has some features I like to use. In that case I can't use the git app.
So I wat Envoyer directly deploy to my httpdocs/public map of my domain.

After filling in everything I got an error:
PHP FPM appears to be running on your server, but we were unable to reload it. This is typically because your SSH user is not allowed to reload the service without hitting a password prompt.
With this suggestion:
To allow your user to reload the service without a password, you should run the following command on your server:
echo "user ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" | sudo tee -a /etc/sudoers.d/php-fpm > /dev/null (by which user is replaced with the user I use)

I tried that but it didn't work so I searched in the Plesk documentation and questions and found out that plesk names it differently: plesk-php70-fpm
So I used that instead but still I get the error.
I have looked in the sudoers.d dir and the php-fpm file contains those lines now (also for php55, 56 and 71). And I have also placed them (through sudo visudo) in the sudoers file in the hope that helped but that didn't change anything.

Oh yes of course they created an SSH key which I placed in .ssh/authorized_keys and also in /var/www/vhosts/mydomain/.ssh/authorized_keys

For sure I am overlooking something or something else.
Any support welcome!
Luc
 
Did you make sure that the subscription user has SSH root access? Normally these users are in a chrooted environment, thus cannot access system services.
 
How can I see if that is the case? As stated before I have put in a SSH key and used the "user ALL=NOPASSWD" for the reload. But I am not that familiar with the term chrooted (just looked it op in Wiki).
 
Ah you nailed it. It is on "forbidden".... oké what setting do I need from the dropdown? Thanks a lot for the insight Peter!
 
You will probably need to grant the full root access, not the chrooted access. However, in this case the subscription will gain full access to all files and services on your system. You should only do this if you own the subscription yourself and if your website is absolutely secure. If hacker manages to access your server, e.g. by a malicious plugin, the hacker will be able to access all of your server when you allow full SSH access to the subscription user.
 
I tried to do something as root with that user but got "Sorry, user is not allowed to execute '/bin/bash' as root on server"....
 
I have installed user ALL=(ALL) NOPASSWD: /usr/sbin/service plesk-php70-fpm reload so it has the root acces for that but still get the error
PHP FPM appears to be running on your server, but we were unable to reload it. This is typically because your SSH user is not allowed to reload the service without hitting a password prompt.
Is there a way to only give partial access so that it works, has that to do with the '/bin/bash access?
 
The best way to debug this is to create a chrooted environment and actually login to that using putty...
There you can execute all the commands your client has access to..... ....and notice it's not much...

The client will come into a space where the root is actually here: /var/www/vhosts/clientdomain/
It will contain some /bin /sbin /etc /var /usr folders and what is available there can be run...

Things like git / PHP needs to be added to it using special scripts.
There are some tutorials to add php, but they are scattered....
I recently setup a good environment for a client of mine, but as the process contained some trial and error I can't make a tutorial from it.

If I need to set it up on a new server I will do this!!!
For now, you need to find it all out yourself...
 
Thanks @mr-wolf although that is not yet the most comfortable way I hoped to find as a solution. I hope there are others which can support in an easier solution for this.
@Peter Debik, you already brought me a lot of insight perhaps you have an input for the last part?
 
You must log in or register to reply here.

Similar threads

AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
1K
AdrianC
AdrianC
andreios
Resolved PHP FPM 8.2.17 is not accurately checking cached files for changes
Replies
3
Views
6K
andreios
andreios
D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
426
Kaspar@Plesk
Kaspar@Plesk
G
Issue Changing user name breaks php-fpm how to report a bug?
Replies
2
Views
1K
EugeneKazakov
EugeneKazakov
S
Resolved Error when adding a PHP Handler for PHP 7.0
Replies
3
Views
2K
Peter Debik
P
Back
Top