nginx错误:(13:连接到上游时权限被拒绝) [英] nginx error: (13: Permission denied) while connecting to upstream)
问题描述
我正在使用ubuntu 14.04 LTS在Google计算引擎VM上使用puma,capistrano和nginx运行Rails应用程序.
I am running rails app with puma, capistrano, and nginx on a google compute engine VM with ubuntu 14.04 LTS.
我在外部IP上运行了nginx.当我访问它时,在日志中出现两个nginx错误:
I have the nginx running on the external IP. And when I visit it I get two nginx errors in the log:
2016/02/03 11:58:07 [info] 19754#0: *73 client closed connection while waiting for request, client: ###.##.##.###, server: 0.0.0.0:443
2016/02/03 11:58:07 [crit] 19754#0: *74 connect() to unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock failed (13: Permission denied) while connecting to upstream, client: ###.##.##.###, server: ,
request: "GET / HTTP/1.1", upstream: "http://unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock:/", host: "###.###.###.###"
注意:最后一个###.###.###.###是运行该代码的谷歌计算VM的外部IP.我相信前两个IP是我的家庭IP.
Note: the last ###.###.###.### is the external IP of the google compute VM that the code is running on. I believe the 1st two IP's are my home IP.
我尝试过:setsebool httpd_can_network_connect on,如此处建议的那样:
在连接到上游时,(13:权限被拒绝)
它返回:setsebool: SELinux is disabled.但是问题仍然存在.
I have tried: setsebool httpd_can_network_connect on as suggested here:
(13: Permission denied) while connecting to upstream:[nginx]
And it returned: setsebool: SELinux is disabled. But the problem persists.
在连接到上游时,我查看了(13:权限被拒绝): [nginx] ,但它似乎是uwsgi
I have looked at (13: Permission denied) while connecting to upstream:[nginx] as well, but it seems to be particular to uwsgi
这是我的nginx.conf
Here is my nginx.conf
upstream puma {
server unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock;
}
server {
listen 80 default_server deferred;
listen 443 ssl;
# server_name example.com;
ssl_certificate /etc/ssl/my-web-app/my-web-app.com.chained.crt;
ssl_certificate_key /etc/ssl/my-web-app/my-web-app.key;
root /home/my-web-app/apps/my-web-app/current/public;
access_log /home/my-user-name/apps/my-web-app/current/log/nginx.access.log;
error_log /home/my-user-name/apps/my-web-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
我用sudo service nginx restart运行nginx
然后,我使用以下命令运行puma:RACK_ENV=production bundle exec puma -p 3000,它返回:
I run nginx with sudo service nginx restart
Then I run puma with: RACK_ENV=production bundle exec puma -p 3000 and it returns:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:3000
Use Ctrl-C to stop
编辑1
建议我在unix而不是tcp 3000上运行puma,以使其与nginx匹配
It was suggested that I run puma on unix not tcp 3000 so that it'd match nginx
我尝试通过以下命令在UNIX上运行puma:
I have tried running puma on unix via the command:
RACK_ENV=production bundle exec puma -d -b unix:///tmp/my-web-app.sock --pidfile /tmp/puma.pid
给了:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Daemonizing...
它读取了上面的文本,但没有停留,尽管最后出现了"...",命令提示符仍会立即再次出现.
It reads the above text, but it does not linger, the command prompt occurs again immediately despite the '...' at the end.
该命令似乎无效,因此,如果有人可以建议如何在unix而不是tcp 3000上运行puma,那么我可以完成建议. (尽管我怀疑在配置puma之前,可能会出现nginx配置问题)
This command seemingly does not work, so if anyone can suggest how to run puma on unix and not tcp 3000, then I could complete the suggestion. (Though I suspect there is a configuring nginx issue that may be occuring before anything that has to do with puma)
编辑2 附加puma.rb
EDIT 2 Attaching puma.rb
#!/usr/bin/env puma
directory '/home/my-user-name/apps/my-web-app/current'
rackup "/home/my-user-name/apps/my-web-app/current/config.ru"
environment 'production'
pidfile "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.pid"
state_path "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.state"
stdout_redirect '/home/my-user-name/apps/my-web-app/current/log/puma.error.log', '/home/my-user-name/apps/my-web-app/current/log/puma.access.log', true
threads 2,8
bind 'unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock'
workers 1
preload_app!
on_restart do
puts 'Refreshing Gemfile'
ENV["BUNDLE_GEMFILE"] = "/home/my-user-name/apps/my-web-app/current/Gemfile"
end
on_worker_boot do
ActiveSupport.on_load(:active_record) do
ActiveRecord::Base.establish_connection
end
end
编辑3
我现在尝试直接在端口80上运行Rails服务器.我输入:
rvmsudo rails server -p 80并返回:
I now tried just running the rails server on port 80 directly. I typed:
rvmsudo rails server -p 80 and it returned:
=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
Exiting
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Address already in use - bind(2) for "localhost" port 80 (Errno::EADDRINUSE)
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
from (eval):2:in `add_tcp_listener'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/rack/handler/puma.rb:33:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/rack-1.6.4/lib/rack/server.rb:286:in `start'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/server.rb:80:in `start'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:80:in `block in server'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `tap'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `server'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands.rb:17:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
编辑4
如果我运行sudo服务nginx stop,然后再次运行rvmsudo rails server -p 80,它将返回:
If I run sudo service nginx stop then run rvmsudo rails server -p 80 again it returns:
=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
这意味着该方法是不正确的,因为当没有nginx时,当我访问外部IP时,没有任何东西现在返回The server refused the connection.,而不是原始的:
That means that approach was incorrect since without nginx when I visit the external IP nothing its now returns The server refused the connection. as opposed to the original:
We're sorry, but something went wrong.
If you are the application owner check the logs for more information.
如果有人知道如何防止原始错误,将不胜感激任何建议.
If anyone knows how to prevent the original error, any suggestions would be much appreciated.
编辑5 最初的问题仍然存在,但是谁能告诉我这是https问题还是ssl问题?
EDIT 5 The original question remains, but can anyone tell me if this is an https problem or an ssl problem?
编辑6
我尝试直接在80上运行puma,并且在80上遇到权限错误.
I have tried running puma directly on 80 and am getting a permission error on 80.
我尝试:RACK_ENV=production bundle exec puma -p 80并获得:
Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Permission denied - bind(2) for "0.0.0.0" port 80 (Errno::EACCES)
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:98:in `block in parse'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `each'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `parse'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/runner.rb:119:in `load_and_bind'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/single.rb:79:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/cli.rb:215:in `run'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/bin/puma:10:in `<top (required)>'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `load'
from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `<main>'
我认为这是由于端口80具有比其他端口更高的权限而引起的.因此,我运行了sudo RACK_ENV=production bundle exec puma -p 80,但它刚刚返回:Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7
I believe that this is caused because port 80 has higher permissions than others. So, I ran sudo RACK_ENV=production bundle exec puma -p 80 but that just returned: Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7
推荐答案
我也遇到了同样的错误,但也有解决方案,但不知道是否正确.
更改文件/etc/nginx/nginx.conf
I got the same error with you, I got a solution but don't know should it be right.
Change the first line of file /etc/nginx/nginx.conf
user www-data;
到
user root;
user www-data;
to
user root;
然后使用以下命令重新启动Nginx:
Then restart the nginx using:
service nginx restart或systemctl restart nginx
警告:这将以root用户身份运行Web服务器.绝对不要在生产环境中执行此操作,因为它允许Web服务器处理对系统的完全访问权限.如果Web服务器进程受到威胁,攻击者将可以不受限制地访问您的整个服务器.
WARNING: This runs your web server as the root user. This should never be done in a production environment as it allows the web server processes full access to your system. If the web server process is compromised, the attacker will have unrestricted access to your whole server.
这篇关于nginx错误:(13:连接到上游时权限被拒绝)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
