Nginx 错误:(13:权限被拒绝)连接到上游时 [英] Nginx error: (13: Permission denied) while connecting to upstream

查看:37
本文介绍了Nginx 错误:(13:权限被拒绝)连接到上游时的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在 nginx-error.log 文件中收到此错误:

I am getting this error in my nginx-error.log file:

2014/02/17 03:42:20 [crit] 5455#0: *1 connect() to unix:/tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: xx.xx.x.xxx, server: localhost, request: "GET /users HTTP/1.1", upstream: "uwsgi://unix:/tmp/uwsgi.sock:", host: "EC2.amazonaws.com"

浏览器还显示 502 Bad Gateway 错误.curl 的输出是一样的,Bad Gateway html

The browser also shows a 502 Bad Gateway Error. The output of a curl is the same, Bad Gateway html

我已经尝试通过将 /tmp/uwsgi.sock 的权限更改为 777 来修复它.那没有用.我还将自己添加到 www-data 组(几个看起来相似的问题表明了这一点).此外,没有骰子.

I've tried to fix it by changing permissions for /tmp/uwsgi.sock to 777. That didn't work. I also added myself to the www-data group (a couple questions that looked similar suggested that). Also, no dice.

这是我的 nginx.conf 文件:

nginx.conf

worker_processes 1;
worker_rlimit_nofile 8192;

events {
  worker_connections  3000; 
}

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on; 
    #tcp_nopush     on; 

    keepalive_timeout  65; 

    #gzip  on; 

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

我正在使用 Nginsx 和 Uwsgi 运行 Flask 应用程序,只是为了详细说明我的解释.如果有人有任何想法,我将不胜感激.

I am running a Flask application with Nginsx and Uwsgi, just to be thorough in my explanation. If anyone has any ideas, I would really appreciate them.

编辑

我被要求提供我的 uwsgi 配置文件.所以,我从来没有亲自写过我的 nginx 或我的 uwsgi 文件.我按照指南 here 使用 ansible-playbook 设置所有内容.nginx.conf 文件是自动生成的,但 /etc/uwsgi 中除了 apps- 中的 README 文件之外什么都没有enabledapps-available 文件夹.我需要为 uwsgi 创建自己的配置文件吗?我的印象是 ansible 处理了所有这些事情.

I have been asked to provide my uwsgi config file. So, I never personally wrote my nginx or my uwsgi file. I followed the guide here which sets everything up using ansible-playbook. The nginx.conf file was generated automatically, but there was nothing in /etc/uwsgi except a README file in both apps-enabled and apps-available folders. Do I need to create my own config file for uwsgi? I was under the impression that ansible took care of all of those things.

我相信 ansible-playbook 从我运行这个命令开始就找出了我的 uwsgi 配置

I believe that ansible-playbook figured out my uwsgi configuration since when I run this command

uwsgi -s /tmp/uwsgi.sock -w my_app:app

它启动并输出:

*** Starting uWSGI 2.0.1 (64bit) on [Mon Feb 17 20:03:08 2014] ***
compiled with version: 4.7.3 on 10 February 2014 18:26:16
os: Linux-3.11.0-15-generic #25-Ubuntu SMP Thu Jan 30 17:22:01 UTC 2014
nodename: ip-10-9-xxx-xxx
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /home/username/Project
detected binary path: /usr/local/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
*** WARNING: you are running uWSGI without its master process manager ***
your processes number limit is 4548
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /tmp/uwsgi.sock fd 3
Python version: 2.7.5+ (default, Sep 19 2013, 13:52:09)  [GCC 4.8.1]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x1f60260
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 72760 bytes (71 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x1f60260 pid: 26790 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 26790, cores: 1)

推荐答案

出现权限问题是因为uwsgi将/tmp/uwsgi.sock的所有权和权限重置为755,并且每次uwsgi启动时用户都在运行uwsgi.

The permission issue occurs because uwsgi resets the ownership and permissions of /tmp/uwsgi.sock to 755 and the user running uwsgi every time uwsgi starts.

解决问题的正确方法是让uwsgi改变/tmp/uwsgi.sock的所有权和/或权限,这样nginx才能写入这个socket.因此,存在三种可能的解决方案.

The correct way to solve the problem is to make uwsgi change the ownership and/or permission of /tmp/uwsgi.sock such that nginx can write to this socket. Therefore, there are three possible solutions.

  1. 以 www-data 用户身份运行 uwsgi,以便该用户拥有它创建的套接字文件.

  1. Run uwsgi as the www-data user so that this user owns the socket file created by it.

uwsgi -s /tmp/uwsgi.sock -w my_app:app --uid www-data --gid www-data

  • 更改套接字文件的所有权,以便 www-data 拥有它.

  • Change the ownership of the socket file so that www-data owns it.

    uwsgi -s /tmp/uwsgi.sock -w my_app:app --chown-socket=www-data:www-data
    

  • 更改套接字文件的权限,以便 www-data 可以写入.

  • Change the permissions of the socket file, so that www-data can write to it.

    uwsgi -s /tmp/uwsgi.sock -w my_app:app --chmod-socket=666
    

  • 我更喜欢第一种方法,因为它不会让 uwsgi 以 root 身份运行.

    I prefer the first approach because it does not leave uwsgi running as root.

    前两个命令需要以 root 用户身份运行.第三条命令不需要以root用户运行.

    The first two commands need to be run as root user. The third command does not need to be run as root user.

    第一个命令让 uwsgi 以 www-data 用户身份运行.第二个和第三个命令让 uwsgi 作为运行命令的实际用户运行.

    The first command leaves uwsgi running as www-data user. The second and third commands leave uwsgi running as the actual user that ran the command.

    第一条和第二条命令只允许 www-data 用户写入套接字.第三个命令允许任何用户写入套接字.

    The first and second command allow only www-data user to write to the socket. The third command allows any user to write to the socket.

    我更喜欢第一种方法,因为它不会让 uwsgi 以 root 用户身份运行,并且不会使套接字文件成为全球可写的.

    I prefer the first approach because it does not leave uwsgi running as root user and it does not make the socket file world-writeable .

    这篇关于Nginx 错误:(13:权限被拒绝)连接到上游时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆