Nginx：CentOS 7上的Gunicorn套接字被拒绝

Question

I'm working in a Django project deployment. I'm working in a CentOS 7 server provided ma EC2 (AWS). I have tried to fix this bug by many ways but I cant understand what am I missing.

I'm using ningx and gunicorn to deploy my project. I have created my /etc/systemd/system/myproject.service file with the following content:

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=centos
Group=nginx
WorkingDirectory=/home/centos/myproject_app
ExecStart=/home/centos/myproject_app/django_env/bin/gunicorn --workers 3 --bind unix:/home/centos/myproject_app/django.sock app.wsgi:application
[Install]
WantedBy=multi-user.target

When I run sudo systemctl restart myproject.service and sudo systemctl enable myproject.service , the django.sock file is correctly generated into /home/centos/myproject_app/ .

I have created my nginx conf flie in the folder /etc/nginx/sites-available/ with the following content:

server {
    listen       80;
    server_name  my_ip;
    charset      utf-8;

    client_max_body_size       10m;
    client_body_buffer_size    128k;

    # serve static files
    location /static/ {
        alias /home/centos/myproject_app/app/static/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/centos/myproject_app/django.sock;
    }
}

After, I restart nginx with the following command:

sudo systemctl restart nginx

If I run the command sudo nginx -t , the reponse is:

nginx: configuration file /etc/nginx/nginx.conf test is successful

When I visit my_ip in a web browser, I'm getting a 502 bad gateway response.

If I check the nginx error log, I see the following message:

1 connect() to unix:/home/centos/myproject_app/django.sock failed (13: Permission denied) while connecting to upstream

I really have tried a lot of solutions changing the sock file permissions. But I cant understand how to fix it. How can I fix this permissions bug?... Thank you so much

Answer 1

If all the permissions under the myproject_app folder are correct, and centos user or nginx group have access to the files, I would say it looks like a Security Enhanced Linux (SELinux) issue.

I had a similar problem, but with RHEL 7. I managed to solve it by executing the following command:

sudo semanage permissive -a httpd_t

It's related to the security policies of SELinux, you have to add the httpd_t to the list of permissive domains.

This post from the NGINX blog may be helpful: NGINX: SELinux Changes when Upgrading to RHEL 6.6 / CentOS 6.6

Motivated by a similar issue, I wrote a tutorial a while ago on How to Deploy a Django Application on RHEL 7 . It should be very similar for CentOS 7.

Answer 2

Most probably one of two

1- the directory is not accessible to nginx /home/centos/myproject_app/

$ ls -la /home/centos/myproject_app/

if it is not accessible try to change the path to /etc/nginx if not then try the command

$ /home/centos/myproject_app/django_env/bin/gunicorn --workers 3 --bind unix:/home/centos/myproject_app/django.sock app.wsgi:application

if still not working then activate the environment and python manage.py runserver 0.0.0.0:8000 go to the browser and go to http://ip:8000 the problem may be here, but it the command of gunicorn worked well, then the problem in directory access for nginx user

Answer 3

Exact same problem here.

Removing Group=www-data fixed the issue for me