Primary script unknown error - can't figure out how to fix

Patrick Lists
January 08, 2013 02:10PM
Hi all,

I'm new to nginx and trying to setup a piwik virtual hosts on an
up-to-date CentOS 6.3 box with nginx 1.2.6, php-5.3.3 with php-fpm src
from the 5.3.20 release. I'm seeing some "Primary script unknown" errors
which I can't figure out with the info in the book, wiki or google.
Below are my configs. Hopefully someone has a clue what I am doing wrong.

# ls -l /usr/share/nginx
drwxr-xr-x. 12 root root 4096 Jan 8 18:47 piwik

# ls -l /usr/share/nginx/piwik
total 96
-rw-r-----. 1 nginx nginx 676 Aug 12 16:05 composer.json
drwxr-x---. 2 nginx nginx 4096 Nov 27 11:11 config
drwxr-x---. 25 nginx nginx 4096 Nov 27 11:11 core
-rw-r-----. 1 nginx nginx 822 Feb 14 2005 favicon.ico
-rw-rw-r--. 1 nginx nginx 273 Nov 27 11:11 How to install Piwik.html
-rw-r-----. 1 nginx nginx 1611 Mar 20 2012 index.php
drwxr-x---. 2 nginx nginx 4096 Nov 27 11:11 js
drwxr-x---. 2 nginx nginx 4096 Nov 27 11:11 lang
-rw-r-----. 1 nginx nginx 6070 Feb 13 2012 LEGALNOTICE
drwxr-x---. 21 nginx nginx 4096 Nov 27 11:11 libs
drwxr-x---. 6 nginx nginx 4096 Nov 27 11:11 misc
-rw-r-----. 1 nginx nginx 21548 Nov 1 10:02 piwik.js
-rw-r-----. 1 nginx nginx 2967 Oct 23 11:22 piwik.php
drwxr-x---. 46 nginx nginx 4096 Nov 27 11:11 plugins
-rw-r-----. 1 nginx nginx 2640 Mar 6 2012 README
drwxr-x---. 2 nginx nginx 4096 Nov 27 11:11 tests
drwxr-x---. 3 nginx nginx 4096 Nov 27 11:11 themes
drwxr-x---. 2 nginx nginx 4096 Nov 27 11:11 tmp

# cat /etc/nginx/nginx.conf

user nginx nginx;

## as recommended in the Nginx book, p98
worker_processes 2;
worker_rlimit_nofile 1024;
worker_priority -5;
worker_cpu_affinity 01 10;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
## as recommended in the Nginx book, p98
worker_connections 128;
## epoll is preferred on 2.6 Linux
use epoll;
## Accept as many connections as possible
multi_accept on;

http {
## http://nginx.org/en/docs/http/server_names.html
server_names_hash_bucket_size 64;

## MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;

## FastCGI
include /etc/nginx/fastcgi.conf;

## define the log format
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

## Default log and error files
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;

## Use sendfile() syscall to speed up I/O operations and speed up
## static file serving
sendfile on;

## Handling of IPs in proxied and load balancing situations
set_real_ip_from; # all addresses get a real IP
real_ip_header X-Forwarded-For; # ip forwarded from the load

## Define a zone for limiting the number of simultaneous
## connections nginx accepts. 1m means 32000 simultaneous
## sessions. We need to define for each server the limit_conn
## value refering to this or other zones
limit_conn_zone $binary_remote_addr zone=arbeit:10m;

## Timeouts
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 10 10;
send_timeout 60;

## reset lingering timed out connections. Deflect DDoS
reset_timedout_connection on;

## Body size
client_max_body_size 10m;

## TCP options
tcp_nodelay on;
## Optimization of socket handling when using sendfile
tcp_nopush on;

## Compression.
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 1;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript
text/xml application/xml application/xml+rss text/javascript
image/x-icon application/vnd.ms-fontobject font/opentype
gzip_vary on;
gzip_proxied any; # Compression for all requests
## No need for regexps. See
## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
gzip_disable "msie6";

## Serve already compressed files directly, bypassing on-the-fly
## compression
gzip_static on;

## Hide the Nginx version number.
server_tokens off;

## Use a SSL/TLS cache for SSL session resume. This needs to be
## here (in this context, for session resumption to work. See this
## thread on the Nginx mailing list:
## http://nginx.org/pipermail/nginx/2010-November/023736.html
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

## Enable clickjacking protection in modern browsers. Available in
## IE8 also. See
## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
add_header X-Frame-Options SAMEORIGIN;

## add Maxmind GeoIP databases
## http://dev.maxmind.com/geoip/geolite
geoip_country /etc/nginx/GeoIP.dat;
##geoip_country /etc/nginx/GeoIPv6.dat;
geoip_city /etc/nginx/GeoLiteCity.dat;
##geoip_city /etc/nginx/GeoLiteCityv6.dat;

## Include the upstream servers for PHP FastCGI handling config.
include upstream_phpcgi.conf;

## FastCGI cache zone definition.
include fastcgi_cache_zone.conf;

## Include the php-fpm status allowed hosts configuration block.
## Uncomment to enable if you're running php-fpm.
include php_fpm_status_allowed_hosts.conf;

## Include all vhosts.
include /etc/nginx/sites-enabled/*;


# cat /etc/nginx/fastcgi.conf

### fastcgi configuration.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 4k;
fastcgi_intercept_errors on;
## allow 4 hrs - pass timeout responsibility to upstream
fastcgi_read_timeout 14400;
fastcgi_index index.php;

# cat /etc/nginx/upstream_phpcgi.conf

### Upstream configuration for PHP FastCGI.

## Add as many servers as needed. Cf.
upstream phpcgi {
##server unix:/var/run/php-fpm.sock;

# cat /etc/nginx/fastcgi_cache_zone.conf

fastcgi_cache_path /var/lib/nginx/tmp/fastcgi levels=1:2
keys_zone=fcgicache:100k max_size=10M inactive=3h
loader_threshold=2592000000 loader_sleep=1 loader_files=100000;

# cat /etc/nginx/sites-available/piwik.conf

### Nginx configuration for Piwik.
### based on https://github.com/perusio/piwik-nginx

server {
listen <my_public_ip>:80; # IPv4
listen <my_public_ipv6>:80; # IPv6

server_name piwik.domain.com;

# always redirect to the ssl version
rewrite ^ https://$server_name$request_uri? permanent;

server {
listen <my_public_ip>:80; # IPv4
listen <my_public_ipv6>:80; # IPv6

## SSL config
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
ssl_prefer_server_ciphers on;

# public server cert
ssl_certificate /etc/pki/tls/certs/piwik.domain.com.crt;
# private server key without pass
ssl_certificate_key /etc/pki/tls/private/piwik.domain.com.key;
# public CA cert to verify client certs
ssl_client_certificate /etc/pki/tls/certs/My_CA.crt;

## verify client certs
ssl_verify_client on;
#ssl_verify_depth 1;

limit_conn arbeit 32;
server_name piwik.domain.com;

## Access and error log files.
access_log /var/log/nginx/piwik.domain.com_access.log;
error_log /var/log/nginx/piwik.domain.com_error.log;

root /usr/share/nginx/piwik.domain.com;
index index.php;

## Disallow any usage of piwik assets if referer is non valid.
location ~* ^.+\.(?:css|gif|jpe?g|js|png|swf)$ {
## Defining the valid referers.
valid_referers none blocked *.domain.com domain.com;
if ($invalid_referer) {
return 444;
expires max;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=500 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;

## Support for favicon. Return a 204 (No Content) if the favicon
## doesn't exist.
location = /favicon.ico {
try_files /favicon.ico =204;

## Try all locations and relay to index.php as a fallback.
location / {
try_files $uri /index.php?$query_string;

## Relay all index.php requests to fastcgi.
location = /index.php {
## FastCGI cache.
## cache ui for 5m (set the same interval of your crontab)
include sites-available/fcgi_piwik_cache.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
include fastcgi_params;

## Relay all piwik.php requests to fastcgi.
location = /piwik.php {
include sites-available/fcgi_piwik_long_cache.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
include fastcgi_params;

## Any other attempt to access PHP files redirects to the root.
location ~* ^.+\.php$ {
return 302 /;

## Redirect to the root if attempting to access a txt file.
location ~*
(?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 302 /;

## Disallow access to several helper files.
location ~* \.(?:bat|html?|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;

## No crawling of this site for bots that obey robots.txt.
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";

## Including the php-fpm status and ping pages config.
## Uncomment to enable if you're running php-fpm.
include php_fpm_status_vhost.conf;

} # server

# cat /etc/nginx/fastcgi_params
### fastcgi parameters.
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# Maxmind GeoIP for Piwik
# http://piwik.org/faq/how-to/#faq_166
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

# cat /etc/php-fpm.conf
pid = run/php-fpm.pid
error_log = log/php-fpm.log
syslog.facility = daemon
log_level = notice
emergency_restart_threshold = 10
emergency_restart_interval = 1
process_control_timeout = 10s
daemonize = yes
rlimit_files = 131072
rlimit_core = unlimited
events.mechanism = epoll


user = nginx
group = nginx

listen =

listen.owner = nginx
listen.group = nginx
listen.mode = 0666
listen.backlog = -1

listen.allowed_clients =

pm = dynamic
pm.max_children = 10
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 4

pm.status_path = /fpm-status
ping.path = /ping

access.log = /var/log/php-fpm-$pool.access.log
slowlog = /var/log/php-fpm-$pool.slow.log

request_slowlog_timeout = 5s
request_terminate_timeout = 120s

catch_workers_output = yes

security.limit_extensions = .php

env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

The various errors I see are:

2013/01/08 19:31:00 [error] 638#0: *3 FastCGI sent in stderr: "Primary
script unknown" while reading response header from upstream, client:
<client_ipv6_address>, server: piwik.domain.com, request: "GET /
HTTP/1.1", upstream: "fastcgi://", host: "piwik.domain.com"

2013/01/08 19:32:00 [error] 638#0: *15 FastCGI sent in stderr: "Primary
script unknown", client: <client_ipv6_address>, server:
piwik.domain.com, request: "GET / HTTP/1.1", host: "piwik.domain.com"

Any advice or pointers to docs where I can find a solution are most


