• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

php-fpm + nginx + sockets restriction in jail ?


Well-Known Member

Thanks: 9
Messages: 328

Hello guys,

Im using nginx + php-fpm or apache + proxy_fcgi. In both cases when i want to use socket instead listen i always get permission denied and can't connect through socket. When i use listen on localhost port for example works like a charm. And my question is: does jail have any restriction to block socket connections ?


New Member

Thanks: 1
Messages: 4

Yes, there is a restriction. You can't get a raw socket within a Jail. This behavior is mentioned in the manual.

You can allow them by adding the following line into /etc/sysctl.conf on the host side:


Mind you are deliberately breaking one of the security stand points and reasons of jails.

That is only under some circumstances though. If you are the only one managing the whole system, that shouldn't be a big deal. However if you are sharing the host and there is some untrusted users on other jails you'd better investigate further if this is something you can live with or not.



Thanks: 590
Messages: 1,351

There is no need to set security.jail.allow_raw_sockets=1 for that, unless php and the webserver are running in different jails.

You would just need to set this:

listen = /var/run/php-fpm.sock