用独角兽启动rails时，Nginx失败(13:权限被拒绝) [英] Nginx failed (13: Permission denied) when start rails with unicorn

问题描述

我的rails应用程序在Unicorn和Nginx的服务器上运行，但是在配置Nginx并启动它之后，出现了错误:

My rails app runs on server with Unicorn and Nginx , but after configure Nginx and start it, i got the error:

2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public//index.html" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"
2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public/.html" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"
2015/08/03 15:43:44 [crit] 13951#0: *1 stat() "/home/ec2-user/apps/mybest/current/public/" failed (13: Permission denied), client: 123.185.144.80, server: 52.74.148.194, request: "GET / HTTP/1.1", host: "52.74.148.194"

这是nginx_myapp.conf

here is nginx_myapp.conf

upstream unicorn {
  server unix:/tmp/unicorn.myapp.sock fail_timeout=0;
}

server {
  listen 80 default deferred;
  server_name 52.74.148.194;

 root /home/ec2-user/apps/mybest/current/public;
 location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
try_files $uri/index.html $uri.html $uri @unicorn;
  location @unicorn {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn;
  }

  error_page 500 502 503 504 /500.html;
  keepalive_timeout 10;
}

我用Google搜索了几个小时，但仍然无法解决该问题.我正在猜测是否有任何路径输入错误，并且不确定为什么错误消息带有"public//index.html"而不是"public/index.html"的任何提示?谢谢！

I googled hours but still can't solve this. I am guessing if any path typos, and not sure why the error message with "public//index.html", not "public/index.html" Any hint? thanks!

Nginx与用户"nginx"一起运行，如下所示:

Nginx runs with user 'nginx' like below:

$ groups nginx
nginx : nginx ec2-user
groups ec2-user
ec2-user : ec2-user wheel

路径权限:(当前)

current]$ ls -l
total 76
drwxrwxr-x 8 ec2-user ec2-user 4096 Aug  3 14:06 app
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug  3 14:08 assets_manifest_backup
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug  3 14:26 bin
-rw-rw-r-- 1 ec2-user ec2-user  830 Aug  3 14:06 Capfile
drwxrwxr-x 6 ec2-user ec2-user 4096 Aug  3 14:08 config
-rw-rw-r-- 1 ec2-user ec2-user  153 Aug  3 14:06 config.ru
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug  3 14:08 db
-rw-rw-r-- 1 ec2-user ec2-user 1720 Aug  3 14:06 Gemfile
-rw-rw-r-- 1 ec2-user ec2-user 5262 Aug  3 14:06 Gemfile.lock
drwxrwxr-x 4 ec2-user ec2-user 4096 Aug  3 14:06 lib
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug  3 14:35 log
drwxrwxr-x 2 ec2-user ec2-user 4096 Aug  3 14:08 public
-rw-rw-r-- 1 ec2-user ec2-user  249 Aug  3 14:06 Rakefile
-rw-rw-r-- 1 ec2-user ec2-user  478 Aug  3 14:06 README.rdoc
-rw-rw-r-- 1 ec2-user ec2-user    8 Aug  3 14:07 REVISION
drwxrwxr-x 8 ec2-user ec2-user 4096 Aug  3 14:06 test
drwxrwxr-x 4 ec2-user ec2-user 4096 Aug  3 14:35 tmp
drwxrwxr-x 3 ec2-user ec2-user 4096 Aug  3 14:06 vendor

公开:(我甚至改为777)

public: (I changed to 777 even)

ls -l
total 16
-rwxrwxrwx 1 ec2-user ec2-user 1564 Aug  3 14:06 404.html
-rwxrwxrwx 1 ec2-user ec2-user 1547 Aug  3 14:06 422.html
-rwxrwxrwx 1 ec2-user ec2-user 1477 Aug  3 14:06 500.html
lrwxrwxrwx 1 ec2-user ec2-user   47 Aug  3 14:08 assets -> /home/ec2-user/apps/mybest/shared/public/assets
-rwxrwxrwx 1 ec2-user ec2-user    0 Aug  3 14:06 favicon.ico
-rwxrwxrwx 1 ec2-user ec2-user  202 Aug  3 14:06 robots.txt

将nginx.conf中的nginx用户从"nginx"更改为"ec2-user"即可解决.

Change nginx user in nginx.conf from 'nginx' to 'ec2-user' solve it.

推荐答案

确保nginx在适当的用户下运行(主nginx配置文件中的user ...指令)，然后确保可以访问以下文件的/home/ec2-user/apps/mybest/current/public/*文件:该用户(即，该用户与该用户属于同一组，并且对其具有读取权限).

Make sure that nginx is run under proper user (user ... directive in main nginx config file), and then make sure that /home/ec2-user/apps/mybest/current/public/* files are accessible for that user (i.e. they belong to the same group as the user, and have read permission on them).

您还需要对路径中的每个目录都具有+ x权限.您可以在终端中看到ls -l的权限，然后在缺少权限的情况下执行类似的操作:

You also need to have +x permission on every directory down your path. You could see permissions with ls -l in your terminal, and then just do something like that if they lack:

chmod g+x apps
cd apps
chmod g+x mybest
cd mybest
chmod g+x current
cd current
chmod g+x public
cd public
chmod g+r *

UPD .正如在注释中发现的那样，nginx在ec2-user用户名(配置中的user ec2-user)下运行良好. /home和/或/home/ec2-user最有可能具有限制性权限(目录上的组没有"+ x"/"+ r").就个人而言，让nginx在ec2-user用户名下运行没什么错.或者，您可以将Rails应用程序移至/var/www/my_app，为nginx用户设置权限，然后从那里运行它.

UPD. As found out down in comments, nginx runs fine under ec2-user username (user ec2-user in config). Most likely there are restrictive permissions (no "+x"/"+r" for group on directories) for /home and/or /home/ec2-user. Personally, I see nothing wrong having nginx run under ec2-user username. Or you could move your Rails application for example to /var/www/my_app, setup permissions for nginx user, and have it run from there.

这篇关于用独角兽启动rails时，Nginx失败(13:权限被拒绝)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！