SSL certs upgraded, Docker images upgraded, ready to go!

I had to renew my SSL certs for this site, so while doing so I upgraded and addressed a few other issues.

First, apparently when I deployed the SSL certs last time I missed out some of the root certs in the chain. The vendor I used gives you each of the root certs individually and you need to manually concatenate them together yourself. More in another post on the steps I too to do this.

Since certs are part of my nginx Docker image, I rebuilt my image upgrading everything to latest versions. Since it was a also a couple of years since I last did this, I also had to go back through my posts here to work out the steps I took to deploy last time. I’ll post another update on the steps I took for this also later.

nginx and php-fpm configuration errors

Moving an nginx install from Ubuntu 14.04 to 18.04 and upgrading to more recent versions of nginx, php, php-fpm, I ran into this error in my nginx config:

2020/02/28 04:45:47 [crit] 11784#11784: *1 connect() to unix:/var/run/php7.2-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.x.x, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php7.2-fpm.sock:", host: "10.x.x.x"

The “No such file or directory” error is talking about the nginx connection to the php7.2-fpm.sock, rather than the file the GET request is for.

On closer look at where the .sock file is located, this was a subtle error to find and fix, but the fix was simple as I was pointing to the wrong path.

In my nginx default config, I had this line (migrating from a config for an older nginx and pphp-fpm version, this is where it was before):

fastcgi_pass unix:/var/run/php7.2-fpm.sock;

… I was missing a /php/ dir in the path, so changing to the correct path was the fix:

fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

nginx ssl cert error:

When you concatenated your SSL .crt intermediate and root certs together, it’s likely you ended up with lines line this:

—–END CERTIFICATE———-BEGIN CERTIFICATE—–

To fix this, manually edit to insert a newline between the end and begin like this, and you should be all set:

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

WordPress error uploading photos on nginx: “client intended to send too large body”

Attempting to upload some new photos between around 3 to 5MB, the majority of the uploads failed, and this error was occurring repeatedly in my nginx error.log:

2018/08/06 07:18:37 [error] 43#0: *5 client intended to send too large body: 3125530 bytes

Based on this tip from here, the solution was to increase the default POST body size config with this setting in my nginx.conf:

client_max_body_size 5M;