权限被拒绝- nginx和uwsgi套接字
目前,我正在尝试使用nginx和uwsgi为django应用程序提供服务。我目前正在使用安装uwsgi的虚拟环境。然而,我目前收到一个502坏网关错误时,试图访问该页。
我正在经历的错误。
2014/02/27 14:20:48 [crit] 29947#0: *20 connect() to unix:///tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: 144.136.65.176, server: domainname.com.au, request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:///tmp/uwsgi.sock:", host: "www.domainname.com.au"这是我的nginx.conf
# mysite_nginx.conf
# the upstream component nginx needs to connect to
upstream django {
server unix:///tmp/uwsgi.sock; # for a file socket
#server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name .domainname.com.au; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/deepc/media; # your Django project's media files - amend as required
}
location /static {
alias /home/deepc/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/deepc/.virtualenvs/dcwebproj/dcweb/uwsgi_params; # the uwsgi_params file you installed
}
}这是我的uwsgi.ini文件
[uwsgi]
socket=/tmp/uwsgi.sock
chmod-socket=644
uid = www-data
gid = www-data
chdir=/home/deepc/.virtualenvs/dcwebproj/dcweb
module=dcweb.wsgi:application
pidfile=/home/deepc/.virtualenvs/dcwebproj/dcweb.pid
vacuum=true据我在google上看到的,这是www-data组和/tmp/目录的权限问题。不过,我对此并不熟悉,并试图更改文件夹的权限级别,但没有效果。有人能给我指明正确的方向吗?这是权限问题吗。
另外,可以将sock文件放在tmp目录中吗?
谢谢
回答 10
Stack Overflow用户
发布于 2014-08-12 08:24:38
我认为您只需要将您的套接字文件更改为666(664对www-data是可以的),或者删除它,然后再次运行uwsgi服务器。
在我的uwsgi.ini:
chmod-socket = 664
uid = www-data
gid = www-dataStack Overflow用户
发布于 2016-10-14 10:42:18
哇,这个问题几乎花了我一整天的时间!
我使用uwsgi 2.0.14, nginx 1.10.1, django 1.10
总之,最重要的是确保以下的两个用户都拥有对socket文件的rwx权限:
nginx用户;uWSGI用户;
所以,你可以一个一个地检查。
首先,您可以通过刷新url (比如nginx )来检查web服务器http://192.168.201.210:8024/morning/是否具有权限,而无需运行uwsgi。如果您看到/var/log/nginx/error.log 没有这样的文件或目录,如下所示:
2016/10/14 16:53:49 [crit] 17099#0: *19 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"只需创建一个名为helloworld.sock的文件,然后刷新url并再次检查日志文件,如果在日志文件中看到权限被拒绝,如下所示:
2016/10/14 17:00:45 [crit] 17099#0: *22 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"这意味着web服务器nginx不具备读取、写入和执行的所有权限。因此,您可以授予此文件的权限:
sudo chmod 0777 helloworld.sock
然后,刷新url并再次检查日志文件,如果在日志文件中看到连接拒绝,如下所示:
2016/10/14 17:09:28 [error] 17099#0: *25 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"这是一个好兆头,它意味着您的web服务器nginx从现在开始就有使用helloworld.sock文件的权限。
接下来运行uwsgi并检查uwsgi的用户是否拥有使用helloworld.sock的权限。首先,删除我们之前创建的文件helloworld.sock。
运行uwsgi:uwsgi --socket /usr/share/nginx/html/test/helloworld.sock --wsgi-file wsgi.py
如果您看到 bind ():拒绝核心/Socket.c第230行,这意味着uwsgi没有绑定helloworld.sock的权限。这是test目录的问题,它是helloworld.sock的父目录。
sudo chmod 0777 test/现在,您可以成功地运行uwsgi。
但是也许你还能看到502坏网关,这太可怕了,我已经看了一整天了。如果您再次检查error.log文件,您将再次看到以下内容:
2016/10/14 17:33:00 [crit] 17099#0: *28 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024",怎么了?
查看helloworld.sock文件的详细信息,您可以看到:
srwxr-xr-x. 1 belter mslab 0 Oct 14 17:32 helloworld.sockuWSGI自动授予此文件755权限。
您可以通过添加--chmod-socket来更改它
uwsgi --socket /usr/share/nginx/html/test/helloworld.sock --wsgi-file wsgi.py --chmod-socket=777好的!最后,你可以看到:
带走消息
uwsgi_params文件的位置不重要;- 因为我的
nginx用户和uwsgi用户不一样,甚至不在同一组,所以我需要给helloworld.sock和它的父dirtest/授予777权限; - 如果将
helloworld.sock文件放在主目录中,则始终会拒绝的权限。 - 您需要设置
socket文件路径的两个位置,一个在nginx文件中,对我来说是helloworld_nginx.conf;一个在运行uwsgi时。 - 检查SELinux
这是我的helloworld_nginx.conf文件:
# helloworld_nginx.conf
upstream django {
server unix:///usr/share/nginx/html/test/helloworld.sock; # for a file socket
# server 127.0.0.1:5902; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 8024;
# the domain name it will serve for
server_name .belter-tuesday.com; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Finally, send all non-media requests to the Django server.
location /morning {
include uwsgi_params;
uwsgi_pass django;
}
}Stack Overflow用户
发布于 2015-10-05 01:51:50
在CentOS上,我尝试了所有这些东西,但仍然没有起作用。最后,我发现这篇文章:
https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
对于开发机器,我们只需运行:
semanage permissive -a httpd_t但是对于一个真正的生产服务器,我还没有搞清楚。您可能需要尝试上述文章中描述的其他内容。
https://stackoverflow.com/questions/22071681
复制相似问题
腾讯云开发者
