Django 权限被拒绝-nginx和uwsgi套接字
我目前正在尝试使用nginx和uwsgi为我的django应用程序提供服务。我目前正在使用安装了uwsgi的虚拟环境。但是,我当前在尝试访问页面时遇到502错误网关 我正在经历的错误Django 权限被拒绝-nginx和uwsgi套接字,django,ubuntu,nginx,uwsgi,Django,Ubuntu,Nginx,Uwsgi,我目前正在尝试使用nginx和uwsgi为我的django应用程序提供服务。我目前正在使用安装了uwsgi的虚拟环境。但是,我当前在尝试访问页面时遇到502错误网关 我正在经历的错误 2014/02/27 14:20:48 [crit] 29947#0: *20 connect() to unix:///tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: 144.136.65.17
2014/02/27 14:20:48 [crit] 29947#0: *20 connect() to unix:///tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: 144.136.65.176, server: domainname.com.au, request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:///tmp/uwsgi.sock:", host: "www.domainname.com.au"
这是我的nginx.conf
# mysite_nginx.conf
# the upstream component nginx needs to connect to
upstream django {
server unix:///tmp/uwsgi.sock; # for a file socket
#server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name .domainname.com.au; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/deepc/media; # your Django project's media files - amend as required
}
location /static {
alias /home/deepc/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/deepc/.virtualenvs/dcwebproj/dcweb/uwsgi_params; # the uwsgi_params file you installed
}
}
这是我的uwsgi.ini文件
[uwsgi]
socket=/tmp/uwsgi.sock
chmod-socket=644
uid = www-data
gid = www-data
chdir=/home/deepc/.virtualenvs/dcwebproj/dcweb
module=dcweb.wsgi:application
pidfile=/home/deepc/.virtualenvs/dcwebproj/dcweb.pid
vacuum=true
从我在谷歌上读到的内容来看,www数据组和/tmp/目录存在权限问题。不过,我是新手,尝试更改文件夹的权限级别,但没有效果。有人能给我指出正确的方向吗?这是权限问题吗
将sock文件放在tmp目录中也可以吗
谢谢我认为您只需要将套接字文件更改为666(664适合www数据),或者删除它并再次运行uwsgi服务器 在我的uwsgi.ini中:
chmod-socket = 664
uid = www-data
gid = www-data
您需要取消注释
#server 127.0.0.1:8001;
来自上游区块,类似地,uwsgi.ini中的变化如下
socket = 127.0.0.1:8001
在CentOS,我尝试了所有这些方法,但仍然不起作用。最后,我发现了这篇文章: 对于开发机器,我们只需运行:
semanage permissive -a httpd_t
但对于真正的生产服务器,我还没有弄明白。
您可能需要尝试上述文章中描述的其他方法。哇,这个问题几乎花了我一整天的时间 我使用了
uwsgi2.0.14、nginx1.10.1、django 1.10
总之,最重要的是确保以下两个用户都拥有rwx
对socket
文件的权限:
# helloworld_nginx.conf
upstream django {
server unix:///usr/share/nginx/html/test/helloworld.sock; # for a file socket
# server 127.0.0.1:5902; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 8024;
# the domain name it will serve for
server_name .belter-tuesday.com; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Finally, send all non-media requests to the Django server.
location /morning {
include uwsgi_params;
uwsgi_pass django;
}
}
nginx
的用户李>
uWSGI
的用户李>
所以,你可以逐一检查
首先,您可以通过刷新url来检查web服务器
nginx
是否具有权限,例如,不运行uwsgi。如果您看到/var/log/nginx/error.log
没有这样的文件或目录,如下所示:
2016/10/14 16:53:49 [crit] 17099#0: *19 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:00:45 [crit] 17099#0: *22 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:09:28 [error] 17099#0: *25 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
只要创建一个名为helloworld.sock
的文件,然后刷新url并再次检查日志文件,如果您在日志文件中看到权限被拒绝,如下所示:
2016/10/14 16:53:49 [crit] 17099#0: *19 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:00:45 [crit] 17099#0: *22 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:09:28 [error] 17099#0: *25 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
这意味着web服务器nginx
没有读取、写入和执行的所有权限。因此,您可以授予此文件的权限:
sudo chmod 0777 helloworld.sock
然后,如果您看到连接被拒绝,请刷新url并再次检查日志文件
在日志文件中,如下所示:
2016/10/14 16:53:49 [crit] 17099#0: *19 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:00:45 [crit] 17099#0: *22 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
2016/10/14 17:09:28 [error] 17099#0: *25 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
这是一个好迹象,这意味着从现在起,您的web服务器nginx
有权使用helloworld.sock
文件
接下来运行
uwsgi
,检查uwsgi
的用户是否有权使用helloworld.sock
。首先,删除我们以前创建的文件helloworld.sock
运行uwsgi:uwsgi--socket/usr/share/nginx/html/test/helloworld.sock--wsgi文件wsgi.py
如果看到bind():权限被拒绝[core/socket.c行230],则表示uwsgi
没有绑定helloworld.sock
的权限。这是目录test
的问题,它是helloworld.sock
的父目录
sudo chmod 0777 test/
现在,您可以成功运行uwsgi
但也许你仍然会看到502坏网关,太可怕了,我已经看了一整天了。如果再次检查error.log
文件,您将再次看到:
2016/10/14 17:33:00 [crit] 17099#0: *28 connect() to unix:///usr/share/nginx/html/test/helloworld.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.201.140, server: belter-tuesday.com, request: "GET /morning/ HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/html/test/helloworld.sock:", host: "192.168.201.210:8024"
怎么了???
查看helloworld.sock
文件的详细信息,您可以看到:
srwxr-xr-x. 1 belter mslab 0 Oct 14 17:32 helloworld.sock
uWSGI
自动授予此文件755
权限
您可以通过添加--chmod socket
来更改它:
uwsgi --socket /usr/share/nginx/html/test/helloworld.sock --wsgi-file wsgi.py --chmod-socket=777
好的!最后,您可以看到:
srwxr-xr-x. 1 belter mslab 0 Oct 14 17:32 helloworld.sock
外卖信息:
uwsgi_参数
文件的位置不重要李>
nginx
用户和uwsgi
用户不相同,甚至不在同一组,因此我需要向777
授予helloworld.sock
及其父目录test/
的权限李>
helloworld.sock
文件放在主目录中,您的权限将始终被拒绝socket
文件路径,一个在nginx conf文件中,对我来说是helloworld\u nginx.conf
;当你运行uwsgi的时候helloworld\u nginx.conf
文件:
# helloworld_nginx.conf
upstream django {
server unix:///usr/share/nginx/html/test/helloworld.sock; # for a file socket
# server 127.0.0.1:5902; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 8024;
# the domain name it will serve for
server_name .belter-tuesday.com; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Finally, send all non-media requests to the Django server.
location /morning {
include uwsgi_params;
uwsgi_pass django;
}
}
uwsgi.ini
[uwsgi]
uid = yourusername
gid = www-data
chmod-socket = 664
为什么??因为有时应用程序需要读取或写入文件系统,而web服务器无法访问这些文件系统。我不想为了适应每一种情况而改变一大堆所有权和权限。我宁愿让我的应用程序像我一样运行,并做它需要做的事情。将组设置为www数据并将套接字修改为664允许该组向其写入数据,从而提供web服务器和应用程序之间唯一必要的通信窗口。我暂时解决了这个问题,并发现my
uwsgi.ini
文件中的uid
和gid
标志未应用于.sock
文件
您可以通过运行uwsgi,然后使用linux命令ls-l
检查.sock
文件的权限来测试这一点
我的解决方案是使用sudo运行uwsgi
:
sudo uwsgi --ini mysite_uwsgi.ini
使用包含以下标志的.ini
文件:
chmod-socket = 664
uid = www-data
gid = www-data
然后,.sock
文件上的权限是正确的,502坏网关
错误终于消失了
希望这有帮助:)这个问题让我发疯了。我的环境是centos7+nginx+uwsgi,使用unix套接字连接。 被接受的答案是可怕的,只是在那里添加一些点 根用户,快速测试 首先,关闭selinux,然后将chmod socket更改为666,最后使用root启动uwsgi 像这样
setenforce 0 #turn off selinux
chmod-socket = 666
uwsgi --ini uwsgi.ini
其他用户