Nginx错误:(13:权限被拒绝),当连接到上游 [英] Nginx error: (13: Permission denied) while connecting to upstream
问题描述
2014/02/17 03:42:20 [crit] 5455#0:* 1连接()到unix:/tmp/uwsgi.sock失败(13:权限被拒绝)连接到上游时,客户端:xx .xx.x.xxx,server:localhost,请求:GET / users HTTP / 1.1,上游:uwsgi:// unix:/tmp/uwsgi.sock:,主机:EC2.amazonaws.com
浏览器还显示502错误的网关错误。 curl
的输出是一样的,坏的网关html
我试图通过修改权限为 /tmp/uwsgi.sock
改为777.这是行不通的。我也将自己添加到 www-data
组(几个看起来类似的问题表明了这一点)。另外,没有骰子。
以下是我的 nginx.conf
档:
nginx.conf
worker_processes 1;
文件。我需要为uwsgi创建自己的配置文件吗?我有一种印象,就是可靠的照顾所有这些东西。
worker_rlimit_nofile 8192;
事件{
worker_connections 3000;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
include /etc/nginx/mime.types;
default_type application / octet-stream;
log_format main'$ remote_addr - $ remote_user [$ time_local]$ request'
'$ status $ body_bytes_sent$ http_referer'
'$ http_user_agent$ HTTP_X_FORWARDED_FOR;
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
包含/etc/nginx/conf.d/*.conf;
包含/ etc / nginx / sites-enabled / *;
$ b我运行一个Flask应用程序,使用Nginsx和Uwsgi,我的解释。如果有人有任何想法,我会很感激他们。
编辑
我被要求提供我的uwsgi配置文件。所以,我从来没有亲自写过我的nginx或我的uwsgi文件。我遵循指南这里使用ansible-playbook设置一切。
nginx.conf
文件是自动生成的,但是/ etc / uwsgi
中除了<$ c $在应用程序启用
和应用程序可用
文件夹中的README
我相信
ansible-playbook
从我运行这个命令的时候算出了我的uwsgi配置uwsgi -s /tmp/uwsgi.sock -w my_app:app
启动并输出:
***启动uWSGI 2.0。 1(64bit)[2014年2月17日20:03:08] ***
编译版本:4.7.3 2014年2月10日18:26:16
os:Linux-3.11.0 -15-generic#25 -Ubuntu SMP Thu Jan 30 17:22:01 UTC 2014
nodename:ip-10-9-xxx-xxx
machine:x86_64
clock source:unix
检测到CPU核心数目:1
当前工作目录:/ home / username / Project
检测到二进制文件路径:/ usr / local / bin / uwsgi
!!!没有内部路由支持,重建与pcre支持!
***警告:您正在运行uWSGI而没有其主进程管理器***
您的进程数限制为4548
您的内存页大小为4096字节
检测到最大文件描述符编号:1024
锁引擎:pthread强健的互斥锁
thunder锁:禁用(可以使用--thunder-lock启用它)
uwsgi套接字0绑定到UNIX地址/tmp/uwsgi.sock fd 3
Python版本:2.7.5+(默认,2013年9月19日,13:52:09)[GCC 4.8.1]
***禁用Python线程支持。您可以使用--enable-threads启用它***
Python主解释器初始化为0x1f60260
您的服务器套接字监听积压被限制为100个连接
您对工作者优美操作的仁慈是60秒
映射72760字节(71 KB)for 1 cores
***操作模式:单进程***
WSGI应用程序0(安装点='')在解释器0x1f60260上准备3秒pid:26790(默认应用程序)
*** uWSGI以多种解释器模式运行***
衍生的uWSGI工作者1(且唯一的)(pid:26790,核心:1)
解决方案权限问题是由于uwsgi重置/ tmp / uwsgi.sock设置为755,每当uwsgi启动时用户运行uwsgi。
解决这个问题的正确方法是使uwsgi更改uwsgi的所有权和/ tmp / uwsgi.sock这样nginx可以写入这个套接字。因此,有三种可能的解决方案。
$ b
运行uwsgi作为www-data用户,以便该用户拥有创建的套接字文件
uwsgi -s /tmp/uwsgi.sock -w my_app:app --uid www-data --gid www-data
更改套接字文件的所有权,以便www-data拥有它。
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chown-socket = www-data:www-数据
更改套接字文件的权限,以便www-data可以写入。
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chmod-socket = 666
我更喜欢第一种方法,因为它不会使uwsgi以根。
前两个命令需要以root用户身份运行。第三个命令不需要以root用户身份运行。
第一个命令使uwsgi以www-data用户的身份运行。第二个和第三个命令使uwsgi以运行该命令的实际用户身份运行。
第一个和第二个命令只允许www-data用户写入套接字。第三个命令允许任何用户写入套接字。
我更喜欢第一种方法,因为它不会使uwsgi以root用户身份运行,并且不会使套接字文件世界可写。
I am getting this error in my
nginx-error.log
file:2014/02/17 03:42:20 [crit] 5455#0: *1 connect() to unix:/tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: xx.xx.x.xxx, server: localhost, request: "GET /users HTTP/1.1", upstream: "uwsgi://unix:/tmp/uwsgi.sock:", host: "EC2.amazonaws.com"
The browser also shows a 502 Bad Gateway Error. The output of a
curl
is the same, Bad Gateway htmlI've tried to fix it by changing permissions for
/tmp/uwsgi.sock
to 777. That didn't work. I also added myself to thewww-data
group (a couple questions that looked similar suggested that). Also, no dice.Here is my
nginx.conf
file:nginx.conf
worker_processes 1; worker_rlimit_nofile 8192; events { worker_connections 3000; } error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
I am running a Flask application with Nginsx and Uwsgi, just to be thorough in my explanation. If anyone has any ideas, I would really appreciate them.
EDIT
I have been asked to provide my uwsgi config file. So, I never personally wrote my nginx or my uwsgi file. I followed the guide here which sets everything up using ansible-playbook. The
nginx.conf
file was generated automatically, but there was nothing in/etc/uwsgi
except aREADME
file in bothapps-enabled
andapps-available
folders. Do I need to create my own config file for uwsgi? I was under the impression that ansible took care of all of those things.I believe that
ansible-playbook
figured out my uwsgi configuration since when I run this commanduwsgi -s /tmp/uwsgi.sock -w my_app:app
it starts up and outputs this:
*** Starting uWSGI 2.0.1 (64bit) on [Mon Feb 17 20:03:08 2014] *** compiled with version: 4.7.3 on 10 February 2014 18:26:16 os: Linux-3.11.0-15-generic #25-Ubuntu SMP Thu Jan 30 17:22:01 UTC 2014 nodename: ip-10-9-xxx-xxx machine: x86_64 clock source: unix detected number of CPU cores: 1 current working directory: /home/username/Project detected binary path: /usr/local/bin/uwsgi !!! no internal routing support, rebuild with pcre support !!! *** WARNING: you are running uWSGI without its master process manager *** your processes number limit is 4548 your memory page size is 4096 bytes detected max file descriptor number: 1024 lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) uwsgi socket 0 bound to UNIX address /tmp/uwsgi.sock fd 3 Python version: 2.7.5+ (default, Sep 19 2013, 13:52:09) [GCC 4.8.1] *** Python threads support is disabled. You can enable it with --enable-threads *** Python main interpreter initialized at 0x1f60260 your server socket listen backlog is limited to 100 connections your mercy for graceful operations on workers is 60 seconds mapped 72760 bytes (71 KB) for 1 cores *** Operational MODE: single process *** WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x1f60260 pid: 26790 (default app) *** uWSGI is running in multiple interpreter mode *** spawned uWSGI worker 1 (and the only) (pid: 26790, cores: 1)
解决方案The permission issue occurs because uwsgi resets the ownership and permissions of /tmp/uwsgi.sock to 755 and the user running uwsgi every time uwsgi starts.
The correct way to solve the problem is to make uwsgi change the ownership and/or permission of /tmp/uwsgi.sock such that nginx can write to this socket. Therefore, there are three possible solutions.
Run uwsgi as the www-data user so that this user owns the socket file created by it.
uwsgi -s /tmp/uwsgi.sock -w my_app:app --uid www-data --gid www-data
Change the ownership of the socket file so that www-data owns it.
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chown-socket=www-data:www-data
Change the permissions of the socket file, so that www-data can write to it.
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chmod-socket=666
I prefer the first approach because it does not leave uwsgi running as root.
The first two commands need to be run as root user. The third command does not need to be run as root user.
The first command leaves uwsgi running as www-data user. The second and third commands leave uwsgi running as the actual user that ran the command.
The first and second command allow only www-data user to write to the socket. The third command allows any user to write to the socket.
I prefer the first approach because it does not leave uwsgi running as root user and it does not make the socket file world-writeable .
这篇关于Nginx错误:(13:权限被拒绝),当连接到上游的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!