stackoom
  简体   繁体   中英

nginx connet to .sock failed (13:Permission denied) - 502 bad gateway

 原文  2020-12-29 09:28:24       django/ nginx/ uwsgi

Question

I am using nginx + uwsgi + django to deploy my very first site on centos7. They worked fine separately in test but I got a 502 bad gateway trying to connet them all together. The /var/log/nginx/error.log file says

2020/12/29 15:52:05 [crit] 1150#0: *1 connect() to unix:/run/uwsgi/site.sock failed (13: Permission denied) while connecting to upstream, client: IPaddress, server: mysite.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/site.sock:", host: "IPaddress"

I have tried these but none of them managed to fix the problem:

1.moving the site.sock file from my project base directory to /tmp/site.sock, or according to this tutorial , to /run/uwsgi/site.sock.

2.changing the site.sock file permission from 664 to 666.

3.chown socket file to myuser:nginx, and add myuser to nginx group.

4.running nginx and uwsgi with a www-data user by setting user = www-data in nginx.conf and uid = www-data , pid = www-data in site_uwsgi.ini.

5.turning off selinux by setenforce 0 , or doing setsebool -P httpd_can_network_connect 1 .

ps aux | grep nginx ps aux | grep nginx : 

root      1148  0.0  0.0  39296  1972 ?        Ss   15:41   0:00 nginx: master process /usr/sbin/nginx
nginx     1150  0.0  0.1  39640  2056 ?        S    15:41   0:00 nginx: worker process

ps aux | grep uwsgi ps aux | grep uwsgi : 

root      1322  0.0  0.1  54680  3068 ?        Ss   15:49   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --emperor /etc/uwsgi/sites
hanys     1390  0.0  1.6 261668 34324 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1392  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1393  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1394  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1395  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1396  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1397  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1398  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1399  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1400  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1401  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini

and ls -l site.sock :

srw-rw-rw-. 1 hanys nginx 0 12月 29 16:40 /run/uwsgi/oligoweb.sock

That (13: Permission denied) really drives me mad these days. Thank you in advance for any help.

1 answers

solution1
 2 ACCPTED  2020-12-29 10:20:23

It seems like this problem is quite common. I'd suggest you try the following steps and see if it solves the problem:

  1. In the nginx.conf file, by default the user as nginx is defined at the very top section of the nginx.conf file as seen below;

user nginx; # Default Nginx user

Change nginx to the name of your current user - here, David is my current username.

user David; # Run Nginx as David's permissions (as username of the current logged in user)

  1. Toggle the SELinux boolean value for httpd network connect to on, with the persistant flag: setsebool httpd_can_network_connect on -P

  2. Also, I found some of these commands which might come handy in fixing SELinux:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx sudo semodule -i mynginx.pp

References:

http://blog.frag-gustav.de/2013/07/21/nginx-selinux-me-mad/

https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details

http://wiki.gentoo.org/wiki/SELinux/Tutorials/Managing_network_port_labels

http://www.linuxproblems.org/wiki/Selinux

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question 502 Bad Gateway - django + nginx + gunicorn - sock failed (13: Permission denied) nginx - unicorn - django 502 bad gateway. Connection to project.sock failed Gunicorn 502 gateway linked to sock file's permission denied error NginX permission denied 13 nginx + gunicorn 502 bad gateway 502 Bad Gateway:[nginx/1.4.7] Nginx 502 Bad gateway - gcp Django nginx 502 bad gateway nginx django 502 bad gateway open() “/root/project/static/*.css” failed (13: Permission denied) nginx
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM