[英]Nginx: Permission denied to Gunicorn socket on CentOS 7
I'm working in a Django project deployment. 我正在进行Django项目部署。 I'm working in a CentOS 7 server provided ma EC2 (AWS). 我在提供ma EC2(AWS)的CentOS 7服务器上工作。 I have tried to fix this bug by many ways but I cant understand what am I missing. 我试图通过多种方式解决这个问题,但我不明白我错过了什么。
I'm using ningx and gunicorn to deploy my project. 我正在使用ningx和gunicorn来部署我的项目。 I have created my /etc/systemd/system/myproject.service
file with the following content: 我创建了我的/etc/systemd/system/myproject.service
文件,其中包含以下内容:
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=centos
Group=nginx
WorkingDirectory=/home/centos/myproject_app
ExecStart=/home/centos/myproject_app/django_env/bin/gunicorn --workers 3 --bind unix:/home/centos/myproject_app/django.sock app.wsgi:application
[Install]
WantedBy=multi-user.target
When I run sudo systemctl restart myproject.service
and sudo systemctl enable myproject.service
, the django.sock
file is correctly generated into /home/centos/myproject_app/
. 当我运行sudo systemctl restart myproject.service
和sudo systemctl enable myproject.service
, django.sock
文件正确生成到/home/centos/myproject_app/
。
I have created my nginx
conf flie in the folder /etc/nginx/sites-available/ with the following content: 我已经在/ etc / nginx / sites-available /文件夹中创建了我的nginx
conf flie,其中包含以下内容:
server {
listen 80;
server_name my_ip;
charset utf-8;
client_max_body_size 10m;
client_body_buffer_size 128k;
# serve static files
location /static/ {
alias /home/centos/myproject_app/app/static/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/centos/myproject_app/django.sock;
}
}
After, I restart nginx
with the following command: 之后,我使用以下命令重新启动nginx
:
sudo systemctl restart nginx
If I run the command sudo nginx -t
, the reponse is: 如果我运行命令sudo nginx -t
,响应是:
nginx: configuration file /etc/nginx/nginx.conf test is successful
When I visit my_ip in a web browser, I'm getting a 502 bad gateway response. 当我在Web浏览器中访问my_ip时,我收到了502错误的网关响应。
If I check the nginx error log, I see the following message: 如果我检查nginx错误日志,我看到以下消息:
1 connect() to unix:/home/centos/myproject_app/django.sock failed (13: Permission denied) while connecting to upstream
I really have tried a lot of solutions changing the sock file permissions. 我真的尝试了很多改变sock文件权限的解决方案。 But I cant understand how to fix it. 但我不明白如何解决它。 How can I fix this permissions bug?... Thank you so much 我该如何修复此权限错误?...非常感谢你
If all the permissions under the myproject_app
folder are correct, and centos
user or nginx
group have access to the files, I would say it looks like a Security Enhanced Linux (SELinux) issue. 如果myproject_app
文件夹下的所有权限都是正确的,并且centos
用户或nginx
组可以访问这些文件,我会说它看起来像是安全增强型Linux(SELinux)问题。
I had a similar problem, but with RHEL 7. I managed to solve it by executing the following command: 我遇到了类似的问题,但是使用RHEL 7.我设法通过执行以下命令来解决它:
sudo semanage permissive -a httpd_t
It's related to the security policies of SELinux, you have to add the httpd_t
to the list of permissive domains. 它与SELinux的安全策略有关,您必须将httpd_t
添加到许可域列表中。
This post from the NGINX blog may be helpful: NGINX: SELinux Changes when Upgrading to RHEL 6.6 / CentOS 6.6 来自NGINX博客的这篇文章可能会有所帮助: NGINX:升级到RHEL 6.6 / CentOS 6.6时SELinux会发生变化
Motivated by a similar issue, I wrote a tutorial a while ago on How to Deploy a Django Application on RHEL 7 . 受类似问题的影响,我刚刚写了一篇关于如何在RHEL 7上部署Django应用程序的教程。 It should be very similar for CentOS 7. 它应该与CentOS 7非常相似。
Most probably one of two 最有可能是两个中的一个
1- the directory is not accessible to nginx /home/centos/myproject_app/
1- nginx /home/centos/myproject_app/
无法访问该目录
$ ls -la /home/centos/myproject_app/
if it is not accessible try to change the path to /etc/nginx
if not then try the command 如果它不可访问,尝试将路径更改为/etc/nginx
如果没有,请尝试该命令
$ /home/centos/myproject_app/django_env/bin/gunicorn --workers 3 --bind unix:/home/centos/myproject_app/django.sock app.wsgi:application
if still not working then activate the environment and python manage.py runserver 0.0.0.0:8000
go to the browser and go to http://ip:8000 the problem may be here, but it the command of gunicorn worked well, then the problem in directory access for nginx user 如果仍然没有工作然后激活环境和python manage.py runserver 0.0.0.0:8000
去浏览器并转到http:// ip:8000问题可能在这里,但它的gunicorn命令运作良好,然后nginx用户的目录访问问题
Exact same problem here. 这里完全相同的问题。
Removing Group=www-data
fixed the issue for me 删除Group=www-data
为我解决了这个问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.