nginx 错误:(13:权限被拒绝)同时连接到上游)
[英]nginx error: (13: Permission denied) while connecting to upstream)
问题描述
I am running rails app with puma, capistrano, and nginx on a google compute engine VM with ubuntu 14.04 LTS.
我正在使用 ubuntu 14.04 LTS 在谷歌计算引擎 VM 上运行带有 puma、capistrano 和 nginx 的 rails 应用程序。
I have the nginx running on the external IP.我在外部 IP 上运行了 nginx。 And when I visit it I get two nginx errors in the log:当我访问它时,我在日志中收到两个 nginx 错误:
2016/02/03 11:58:07 [info] 19754#0: *73 client closed connection while waiting for request, client: ###.##.##.###, server: 0.0.0.0:443
2016/02/03 11:58:07 [crit] 19754#0: *74 connect() to unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock failed (13: Permission denied) while connecting to upstream, client: ###.##.##.###, server: ,
request: "GET / HTTP/1.1", upstream: "http://unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock:/", host: "###.###.###.###"
Note: the last ###.###.###.### is the external IP of the google compute VM that the code is running on.注意:最后一个 ###.###.###.### 是运行代码的谷歌计算 VM 的外部 IP。 I believe the 1st two IP's are my home IP.我相信第一个两个 IP 是我的家庭 IP。
I have tried: setsebool httpd_can_network_connect on as suggested here: (13: Permission denied) while connecting to upstream:[nginx] And it returned: setsebool: SELinux is disabled.我已经尝试过: setsebool httpd_can_network_connect on如下建议: (13: Permission denied) while setsebool: SELinux is disabled. to upstream:[nginx]它返回: setsebool: SELinux is disabled. But the problem persists.但问题仍然存在。
I have looked at (13: Permission denied) while connecting to upstream:[nginx] as well, but it seems to be particular to uwsgi我在连接到上游时也查看了(13: Permission denied):[nginx] ,但它似乎特别适用于uwsgi
Here is my nginx.conf这是我的 nginx.conf
upstream puma {
server unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock;
}
server {
listen 80 default_server deferred;
listen 443 ssl;
# server_name example.com;
ssl_certificate /etc/ssl/my-web-app/my-web-app.com.chained.crt;
ssl_certificate_key /etc/ssl/my-web-app/my-web-app.key;
root /home/my-web-app/apps/my-web-app/current/public;
access_log /home/my-user-name/apps/my-web-app/current/log/nginx.access.log;
error_log /home/my-user-name/apps/my-web-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
I run nginx with sudo service nginx restart Then I run puma with: RACK_ENV=production bundle exec puma -p 3000 and it returns:我用sudo service nginx restart运行 nginx 然后我用以下sudo service nginx restart运行 puma: RACK_ENV=production bundle exec puma -p 3000它返回:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:3000
Use Ctrl-C to stop
EDIT 1编辑 1
It was suggested that I run puma on unix not tcp 3000 so that it'd match nginx有人建议我在 unix 上运行 puma 而不是 tcp 3000 以便它匹配 nginx
I have tried running puma on unix via the command:我尝试通过以下命令在 unix 上运行 puma:
RACK_ENV=production bundle exec puma -d -b unix:///tmp/my-web-app.sock --pidfile /tmp/puma.pid
which gave:这给了:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Daemonizing...
It reads the above text, but it does not linger, the command prompt occurs again immediately despite the '...' at the end.它读取上面的文本,但没有停留,尽管末尾有“...”,但命令提示符会立即再次出现。
This command seemingly does not work, so if anyone can suggest how to run puma on unix and not tcp 3000, then I could complete the suggestion.这个命令似乎不起作用,所以如果有人可以建议如何在 unix 而不是 tcp 3000 上运行 puma,那么我可以完成建议。 (Though I suspect there is a configuring nginx issue that may be occuring before anything that has to do with puma) (虽然我怀疑在与 puma 相关的任何事情之前可能会发生配置 nginx 问题)
EDIT 2 Attaching puma.rb编辑 2附加 puma.rb
#!/usr/bin/env puma
directory '/home/my-user-name/apps/my-web-app/current'
rackup "/home/my-user-name/apps/my-web-app/current/config.ru"
environment 'production'
pidfile "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.pid"
state_path "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.state"
stdout_redirect '/home/my-user-name/apps/my-web-app/current/log/puma.error.log', '/home/my-user-name/apps/my-web-app/current/log/puma.access.log', true
threads 2,8
bind 'unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock'
workers 1
preload_app!
on_restart do
puts 'Refreshing Gemfile'
ENV["BUNDLE_GEMFILE"] = "/home/my-user-name/apps/my-web-app/current/Gemfile"
end
on_worker_boot do
ActiveSupport.on_load(:active_record) do
ActiveRecord::Base.establish_connection
end
end
EDIT 3编辑 3
I now tried just running the rails server on port 80 directly.我现在尝试直接在端口 80 上运行 rails 服务器。 I typed: rvmsudo rails server -p 80 and it returned:我输入: rvmsudo rails server -p 80并返回:
=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
Exiting
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Address already in use - bind(2) for "localhost" port 80 (Errno::EADDRINUSE)
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
from (eval):2:in `add_tcp_listener'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/rack/handler/puma.rb:33:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/rack-1.6.4/lib/rack/server.rb:286:in `start'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/server.rb:80:in `start'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:80:in `block in server'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `tap'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `server'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands.rb:17:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
EDIT 4编辑 4
If I run sudo service nginx stop then run rvmsudo rails server -p 80 again it returns:如果我运行 sudo service nginx stop 然后再次运行rvmsudo rails server -p 80它返回:
=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
That means that approach was incorrect since without nginx when I visit the external IP nothing its now returns The server refused the connection.这意味着该方法是不正确的,因为当我访问外部 IP 时没有 nginx,它现在没有返回任何内容The server refused the connection. as opposed to the original:与原文相反:
We're sorry, but something went wrong.
If you are the application owner check the logs for more information.
If anyone knows how to prevent the original error, any suggestions would be much appreciated.如果有人知道如何防止原始错误,任何建议将不胜感激。
EDIT 5 The original question remains, but can anyone tell me if this is an https problem or an ssl problem?编辑 5原始问题仍然存在,但谁能告诉我这是 https 问题还是 ssl 问题?
EDIT 6编辑 6
I have tried running puma directly on 80 and am getting a permission error on 80.我曾尝试直接在 80 上运行 puma,但在 80 上出现权限错误。
I try: RACK_ENV=production bundle exec puma -p 80 and get:我尝试: RACK_ENV=production bundle exec puma -p 80并得到:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Permission denied - bind(2) for "0.0.0.0" port 80 (Errno::EACCES)
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:98:in `block in parse'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `each'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `parse'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/runner.rb:119:in `load_and_bind'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/single.rb:79:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/cli.rb:215:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/bin/puma:10:in `<top (required)>'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `load'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `<main>'
I believe that this is caused because port 80 has higher permissions than others.我相信这是因为80端口的权限比其他端口高。 So, I ran sudo RACK_ENV=production bundle exec puma -p 80 but that just returned: Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7所以,我运行sudo RACK_ENV=production bundle exec puma -p 80但刚刚返回: Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7
2 个解决方案
解决方案1
7 2016-11-07 07:56:37
I got the same error with you, I got a solution but don't know should it be right.我和你有同样的错误,我有一个解决方案,但不知道它是否正确。 Change the first line of file /etc/nginx/nginx.conf更改文件/etc/nginx/nginx.conf的第一行
user www-data;
to到user root;
Then restart the nginx using:然后使用以下命令重新启动 nginx:
service nginx restart OR systemctl restart nginx service nginx restart或systemctl restart nginx
WARNING: This runs your web server as the root user.警告:这将以root用户身份运行您的 Web 服务器。 This should never be done in a production environment as it allows the web server processes full access to your system.这绝不应该在生产环境中完成,因为它允许 Web 服务器进程完全访问您的系统。 If the web server process is compromised, the attacker will have unrestricted access to your whole server.如果 Web 服务器进程受到威胁,攻击者将可以不受限制地访问您的整个服务器。
解决方案2
0 2019-02-15 02:11:57
Take a look at your puma.error.log file for your application.查看您的应用程序的 puma.error.log 文件。
Mine was complaining about a small syntax error in a config block on production environment.我抱怨生产环境的配置块中有一个小的语法错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.