I am using nginx + uwsgi + django to deploy my very first site on centos7. They worked fine separately in test but I got a 502 bad gateway trying to connet them all together. The /var/log/nginx/error.log file says
2020/12/29 15:52:05 [crit] 1150#0: *1 connect() to unix:/run/uwsgi/site.sock failed (13: Permission denied) while connecting to upstream, client: IPaddress, server: mysite.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/run/uwsgi/site.sock:", host: "IPaddress"
I have tried these but none of them managed to fix the problem:
1.moving the site.sock file from my project base directory to /tmp/site.sock, or according to this tutorial, to /run/uwsgi/site.sock.
2.changing the site.sock file permission from 664 to 666.
3.chown socket file to myuser:nginx, and add myuser to nginx group.
4.running nginx and uwsgi with a www-data user by setting user = www-data in nginx.conf and uid = www-data,pid = www-data in site_uwsgi.ini.
5.turning off selinux by setenforce 0, or doing setsebool -P httpd_can_network_connect 1.
ps aux | grep nginx:
root 1148 0.0 0.0 39296 1972 ? Ss 15:41 0:00 nginx: master process /usr/sbin/nginx
nginx 1150 0.0 0.1 39640 2056 ? S 15:41 0:00 nginx: worker process
ps aux | grep uwsgi:
root 1322 0.0 0.1 54680 3068 ? Ss 15:49 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --emperor /etc/uwsgi/sites
hanys 1390 0.0 1.6 261668 34324 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1392 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1393 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1394 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1395 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1396 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1397 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1398 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1399 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1400 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
hanys 1401 0.0 1.2 261668 26528 ? S 16:40 0:00 /home/hanys/.virtualenvs/oligoweb/bin/uwsgi --ini oligo_uwsgi.ini
and ls -l site.sock:
srw-rw-rw-. 1 hanys nginx 0 12月 29 16:40 /run/uwsgi/oligoweb.sock
That (13: Permission denied) really drives me mad these days. Thank you in advance for any help.
It seems like this problem is quite common. I'd suggest you try the following steps and see if it solves the problem:
user nginx; # Default Nginx user
Change nginx to the name of your current user - here, David is my current username.
user David; # Run Nginx as David's permissions (as username of the current logged in user)
Toggle the SELinux boolean value for httpd network connect to on, with the persistant flag:
setsebool httpd_can_network_connect on -P
Also, I found some of these commands which might come handy in fixing SELinux:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx sudo semodule -i mynginx.pp
References:
http://blog.frag-gustav.de/2013/07/21/nginx-selinux-me-mad/
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
http://wiki.gentoo.org/wiki/SELinux/Tutorials/Managing_network_port_labels