There seem to be many questions on StackOverflow about this but unfortunately nothing has worked for me.
I'm getting a 502 bad gateway on nginx, and the following on the logs: connect() to ...myproject.sock failed (13: Permission denied) while connecting to upstream
I'm running wsgi
and nginx
on ubuntu
, and I've been following this guide from Digital Ocean. I apparently configured wsgi
correctly since uwsgi -s myproject.sock --http 0.0.0.0:8000 --module app --callable app
worked, but I keep getting the nginx
permission denied error and I have no idea why:
After coming across this question and this other one, I changed the .ini
file and added the chown-socket
, chmod-socket
, uid
and gid
parameters (also tried just setting the first two, either or, and a couple of different permission settings --and even the most permissive didn't work).
This one seemed promising, but I don't believe selinux
is installed on my Ubuntu (running sudo apt-get remove selinux
gives "Package 'selinux' is not installed, so not removed" and find / -name "selinux"
doesn't show anything). Just in case, though, I tried what this post recommended as well. Uninstalling apparmor
(sudo apt-get install apparmor
) didn't work either.
Every time I make a change, I run sudo service nginx restart
, but I only see the 502 Gateway Error (and the permission denied error when I read the logs).
This is is my nginx
configuration file:
server {
listen 80;
server_name 104.131.110.156;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/user/myproject/web_server/myproject.sock;
}
}
.conf
file:
description "uWSGI server instance configured to serve myproject"
start on runlevel [2345]
stop on runlevel [!2345]
setuid user
setgid www-data
env PATH=/root/.virtualenvs/my-env/bin
chdir /home/user/myproject/web_server
exec uwsgi --ini /home/user/myproject/web_server/myproject.ini
.ini
file:
[uwsgi]
module = wsgi
master = true
processes = 5
socket = /home/user/myproject/web_server/myproject.sock
chown-socket=www-data:www-data
chmod-socket = 664
uid = www-data
gid = www-data
vacuum = true
die-on-term = true
(If it helps, these are the specs of my Digital Ocean machine: Linux 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
)
Please let me know if there's anything I can do, and thank you very much.
The permission issue occurs because uwsgi resets the ownership and permissions of /tmp/uwsgi.sock to 755 and the user running uwsgi every time uwsgi starts. The correct way to solve the problem is to make uwsgi change the ownership and/or permission of /tmp/uwsgi.sock such that nginx can write to this socket.
If the permission denied error is still there: then the hack sudo setenforce 0 will do the trick. This indicates that Nginx was unable to connect to the uWSGI socket because of permissions problems. Usually, this happens when the socket is being created in a restricted environment or if the permissions were wrong.
Try placing the socket in /tmp. You could be getting access denied if the nginx user doesn't have permissions to list any of the directories in the socket path. It needs permissions for /home/user, /home/user/myproject, etc Thanks for answering!
As @susanpal answer said "The permission issue occurs because uwsgi resets the ownership and permissions of /tmp/uwsgi.sock to 755 and the user running uwsgi every time uwsgi starts." it is correct. So you have to give permission to sock file whenever uwsgi starts. so now follow the below command A little different command from @susanpal.
After following all the advice in this thread I was still getting permission errors. The finally missing piece was to correct the nginx user
in the /etc/nginx/nginx.conf
file:
# old: user nginx;
user www-data;
I also followed that tutorial and ran into the same issue. After quite a bit of trial and error, the following steps allowed me to run uWSGI and nginx successfully:
My nginx.config
file:
server {
listen 80;
server_name localhost;
location / { try_files @yourapplication; }
location @yourapplication; {
include uwsgi_params;
uwsgi_pass unix:/PATH_TO_PROJECT/PROJECT.sock;
}
}
My .ini
file wasn't working very well, so I decided to take advantage of uWSGI's extensive arguments that are available. Here's what I used:
uwsgi -s /PATH_TO_PROJECT/PROJECT.sock -w wsgi:app -H /PATH_TO_PROJECT/venv --http-processes=4 --chmod-socket=666 --master &
Where:
-s /PATH_TO_PROJECT/PROJECT.sock
= the location of my .sock
file
-w wsgi:app
= the location of my wsgi.py
file and app
being the name of my Flask object
-H /PATH_TO_PROJECT/venv
= the location of my virtual environment
--http-processes=4
= the number of http processes for uWSGI to create
--chmod-socket=666
= the permissions to set on the socket
--master
= allow uWSGI to run with its master process manager
&
= run uWSGI in the background
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With