0
votes

I am using nginx + uwsgi + django to deploy my very first site on centos7. They worked fine separately in test but I got a 502 bad gateway trying to connet them all together. The /var/log/nginx/error.log file says

2020/12/29 15:52:05 [crit] 1150#0: *1 connect() to unix:/run/uwsgi/site.sock failed (13: Permission denied) while connecting to upstream, client: IPaddress, server: mysite.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/site.sock:", host: "IPaddress"

I have tried these but none of them managed to fix the problem:

1.moving the site.sock file from my project base directory to /tmp/site.sock, or according to this tutorial, to /run/uwsgi/site.sock.

2.changing the site.sock file permission from 664 to 666.

3.chown socket file to myuser:nginx, and add myuser to nginx group.

4.running nginx and uwsgi with a www-data user by setting user = www-data in nginx.conf and uid = www-data,pid = www-data in site_uwsgi.ini.

5.turning off selinux by setenforce 0, or doing setsebool -P httpd_can_network_connect 1.

ps aux | grep nginx:

root      1148  0.0  0.0  39296  1972 ?        Ss   15:41   0:00 nginx: master process /usr/sbin/nginx
nginx     1150  0.0  0.1  39640  2056 ?        S    15:41   0:00 nginx: worker process

ps aux | grep uwsgi:

root      1322  0.0  0.1  54680  3068 ?        Ss   15:49   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --emperor /etc/uwsgi/sites
hanys     1390  0.0  1.6 261668 34324 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1392  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1393  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1394  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1395  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1396  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1397  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1398  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1399  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1400  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys     1401  0.0  1.2 261668 26528 ?        S    16:40   0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini

and ls -l site.sock:

srw-rw-rw-. 1 hanys nginx 0 12月 29 16:40 /run/uwsgi/oligoweb.sock

That (13: Permission denied) really drives me mad these days. Thank you in advance for any help.

1

1 Answers

2
votes

It seems like this problem is quite common. I'd suggest you try the following steps and see if it solves the problem:

  1. In the nginx.conf file, by default the user as nginx is defined at the very top section of the nginx.conf file as seen below;

user nginx; # Default Nginx user

Change nginx to the name of your current user - here, David is my current username.

user David; # Run Nginx as David's permissions (as username of the current logged in user)

  1. Toggle the SELinux boolean value for httpd network connect to on, with the persistant flag: setsebool httpd_can_network_connect on -P

  2. Also, I found some of these commands which might come handy in fixing SELinux:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx sudo semodule -i mynginx.pp

References:

http://blog.frag-gustav.de/2013/07/21/nginx-selinux-me-mad/

https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details

http://wiki.gentoo.org/wiki/SELinux/Tutorials/Managing_network_port_labels

http://www.linuxproblems.org/wiki/Selinux