Nginx + uWsgi + Django "Allowed when connecting to upstream" (socket)

Question

Nginx + uWsgi + Django "Allowed when connecting to upstream" (socket)

I saw many questions about SO on this topic, and I tried as many methods as I could, but it still does not solve the problem for me, so I hope this post can be useful.

I follow the guide of this site to configure Django on Nginx with uWSGI: http://www.oliverelliott.org/article/computing/tut_setup_nginx_django/

Uwsgi.ini file

[uwsgi] chdir=/home/ec2-user/project/awssite module=awssite.wsgi home=/home/ec2-user/project master=true processes=2 socket=/home/ec2-user/project/awssite/awssite.socket chmod-socket=666 vacuum=true

etc. / Nginx / sites with support / awssite _nginx.conf

 upstream django { server unix:///home/ec2-user/project/awssite/awssite.socket; } server { listen 8080; server_name localhost; charset utf-8; #max upload size client_max_body_size 75M; #Django media location /media { alias /home/ec2-user/project/awssite/awssite/media; } location /static { alias /home/ec2-user/project/awssite/awssite/static; } location /favicon.ico { log_not_found off; } location / { uwsgi_pass django; include /home/ec2-user/project/awssite/uwsgi_params; } }

This is the error code in /var/log/nginx/error.log

 2016/02/15 01:21:22 [crit] 22159#0: *3 connect() to unix:///home/ec2-user/project/awssite/awssite.socket failed (13: Permission denied) while connecting to upstream, client: CLIENT_IP, server: localhost, request: "GET /menu/ HTTP/1.1", upstream: "uwsgi://unix:///home/ec2-user/project/awssite/awssite.socket:", host: "HOST_IP:8080"

Note. CLIENT_IP and HOST_IP are IP address values.

This is what I tried and did not work :
chmod 755 home directory and working uwsgi --socket awssite.socket --module awssite.wsgi --chmod-socket=666

2. Adding the nginx user to my user group and starting uwsgi --socket awssite.socket --module awssite.wsgi --chmod-socket=664

3. modify the ini file by adding these new lines
chown-socket=ec2-user:nginx uid=nginx gid=nginx , and then run uwsgi --ini uwsgi.ini . This returns with "Permission denied for chown", but when I run the command with sudo , I get sudo: uwsgi: command not found (uWSGI is set to system-wide)

4. Put all the files in a different directory (outside the ec2-user ), but this does not allow me to access them if I did not run it as root , and even then it does not work.

5. launch uwsgi --socket awssite.socket --module awssite.wsgi --chmod-socket=664/666 --uid nginx with options --uid nginx --gid nginx --chown-socket=nginx:nginx Note: 664/666 means that I tried both permissions

6. Renamed the nginx.conf.default and nginx.conf.rpmnew files (so the only conf file for reading nginx is nginx.conf )

Can anyone shed some light on how I can solve this problem? I will continue to add the methods that I tried and did not work on this issue while I work on it. Thanks:)

EDIT: Thanks to @GwynBleidD's answer, I finally got it working. This is what works:

saved my socket file to /tmp
etc. / Nginx / sites with support / awssite _nginx.conf

 upstream django { server unix:///tmp/djangosocket/awssite.socket; } ....

Uwsgi.ini file

 [uwsgi] chdir=/home/ec2-user/project/awssite module=awssite.wsgi home=/home/ec2-user/project master=true processes=2 socket=/tmp/djangosocket/awssite.socket chmod-socket=666 vacuum=true

I added my ec2-user (registered user) to the nginx group.
I changed the file permissions accordingly chown -R ec2-user:nginx djangosocket
chmod g+rwx djangosocket

+5

django nginx sockets uwsgi

carol Alex Feb 15 '16 at 1:57

source share

1 answer

Gwynbleidd · Accepted Answer · 2016-02-15T09:35:46+0000

If your nginx server cannot access the uWSGI socket, try the following steps:

do not put your socks in the home directory of any user on your system, especially root! . Some of the unix operating systems block by default access to the home directory for everyone except the owner of this directory and root. Adding the nginx user to this user's private group (for most systems, each user has his own, main group) can help with this, but it will almost never work for root.
check which user and group is using your nginx server (or any other http server you are using). Sometimes it is www-data , sometimes nginx , sometimes something else. When creating a socket, make sure that the username matches the name of the user on which the uWSGI server is running and the group matching the group name when uWSGI starts (or you can change it).
Make sure your socket permissions are at least 660. There is no need to give permissions to anyone to it, so don't do this.
Make sure that your nginx and uWSGI have permission to access the directory in which the socket is placed, and all parent directories.

A good place for your socket file is the /var/run directory (for some systems this is /run or both). It is most often mounted as ramdisk (tmpfs), and it is recorded for anyone on the system, so each user can create sockets here (and access them). If for some reason it is not available on your system, you can also try the /tmp directory.

If you also put static files directly from nginx from your home directory, consider adding nginx to your personal group so that it has read access to your home directory and static files.

Nginx + uWsgi + Django "Allowed when connecting to upstream" (socket)

More articles: