Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

connecteev's avatar

nginx config causes "Primary script unknown"

I am having a really puzzling issue with my nginx config. I keep seeing this error:

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
client: 76.14.172.29, server: apistaging.mydomain.com, request: 
"GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "apistaging.mydomain.com"

I did try the suggestions in this question and also this one but nothing has worked. I am asking as a separate question in the hope that someone can help me out (after 2 days stuck on this).

This is my nginx/sites/available/apistaging.mydomain.com.conf file:

server {
        server_name apistaging.mydomain.com;

        # make sure you point to a laravel or wordpress public directory containing an index.php file
        root /home/domains/apistaging.mydomain.com/public/current/public;

        # From https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#host-multiple-websites
        # This link may be outdated. adding 'main' and 'error' makes nginx crap out
        #access_log   /home/domains/apistaging.mydomain.com/log/apistaging.mydomain.access.log;
        error_log   /home/domains/apistaging.mydomain.com/log/apistaging.mydomain.error.log;

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#limit-or-disable-content-embedding
        add_header X-Frame-Options "SAMEORIGIN";

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#cross-site-scripting-xss-filter
        add_header X-XSS-Protection "1; mode=block";

        # from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#disable-content-sniffing
        add_header X-Content-Type-Options "nosniff";

        index index.html index.htm index.php;

        charset utf-8;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        #error_page 404 /index.php;
        # create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
        error_page 404 /custom_404.html;
        location = /custom_404.html {
            root /etc/nginx/sites-available/custom_nginx_error_pages;
            internal;
        }

        location ~ \.php$ {
                # After installation of php-fpm, check in /var/run/php/ for a fpm sock file like: /var/run/php/php7.3-fpm.sock
                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.(?!well-known).* {
                deny all;
        }

        # From https://www.linode.com/docs/web-servers/nginx/nginx-installation-and-basic-setup/#static-content-compression
        # Note that gzip has security vulnerabilities and it used to be off by default in the base nginx.conf file (oddly it is set to on by default now)
        # Make sure that gzip is set / enabled only in server{} blocks for individual site configs, not globally in nginx.conf.
        # Though gzip directives can go in the http block if you want it to apply to all sites served by NGINX, it’s safer to use it only inside server blocks for individual sites and content types
        gzip on;
        gzip_types text/plain text/css image/* application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        #listen 443 ssl http2 ipv6only=on; # managed by Certbot (not sure if we support ipv6 yet)
        listen 443 ssl http2; # managed by Certbot, modified to add http2

        #Install SSL certificates and configure https:// on a per-domain-basis by running:
        #sudo certbot --nginx
        #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)

        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/apistaging.mydomain.com-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/apistaging.mydomain.com-0002/privkey.pem; # managed by Certbot

}

server {
    server_name apistaging.mydomain.com;

    if ($host = apistaging.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot
}

Any help is appreciated.

0 likes
1 reply
connecteev's avatar
connecteev
OP
6 years ago
Best Answer
Level 11

Turns out the fix for this was simple. I had pm2 running, causing a conflicting port

For future reference, if anyone encounters this same issue, run:

pm2 stop all

sudo fuser -k 443/tcp (finds processes using files or socket (in this case TCP port 443) and KILLS them using the -k attribute)

and try a restart again:
sudo service nginx restart
2 likes

Please or to participate in this conversation.